slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Fraud Management and Operations Training PowerPoint Presentation
Download Presentation
Fraud Management and Operations Training

Loading in 2 Seconds...

play fullscreen
1 / 81
rich

Fraud Management and Operations Training - PowerPoint PPT Presentation

159 Views
Download Presentation
Fraud Management and Operations Training
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Fraud Management and Operations Training SAMPLE ONLY

  2. Topics Discussed: Day 1: • Executive Vision of a Fraud Prevention Unit • Mission/Vision of the Fraud Department • Threats, vulnerabilities, exploits, and schemes • Fraud Management Responsibilities • Key responsibilities: prevention; detection; analysis; reaction; measurement, and executive reporting • Facilitating cooperation from other departments • Facilitating cooperation from other companies SAMPLE ONLY

  3. Topics Discussed: Day 2: • Fraud Management Structure • Fraud Control Department – Where on the Company Org Chart does it belong? • Fraud Analysis Group – Structure and objectives of both Basic and Advanced Fraud Analysis group (working by product type, fraud type or access type) • Fraud IT Group – Advantages and Objectives of a dedicated IT group just for Fraud Control. • Fraud Engineering Group – Using dedicated network engineers to help detect and control frauds including Ghosting Fraud. • Fraud Legal Group – Ensuring legal and regulatory compliance, helping establish and enforce inter-carrier SLAs, and serving as interface for law enforcement issues. SAMPLE ONLY

  4. Topics Discussed: Day 3: • Fraud Management Internal Processes • Detection: An exploration of Information Sources that can used to detect fraud such as FraudView, CRM, Collections, and other internal and external sources. • Analysis: An in-depth discussion on different types of Analyses used to detect fraud along with their individual advantages. • Reaction: A lesson in the different options on how to react to fraud. • Prevention: A discussion in the importance of Prevention as part of the Fraud Control Internal Processes. • Measurement: A very detailed discussion on how to measure both fraud losses and losses prevented, and how to measure efficiency of the FMS, the analysts, and the department. SAMPLE ONLY

  5. Topics Discussed: Day 4: • Fraud Management External Processes • A discussion on how the Fraud Control department should interface with other Telecom departments such as Marketing, Collections, Credit, Engineering and Operations, IT, Physical Security, and Finance. • Fraud Risk Assessments (Products & Services) • An in-depth discussion on how to perform a Fraud Risk Assessment for an existing or a new product. SAMPLE ONLY

  6. Day 1 Executive Vision of a Fraud Prevention Unit • Mission/Vision of the Fraud Department • Threats, vulnerabilities, exploits, and schemes SAMPLE ONLY

  7. Mission of a Fraud Control Department From Executive Point of View: To Minimize Losses in Revenue from Products and Services Due to Fraud When Desired. Why “Minimize Losses”? Question: Is it not possible to STOP ALL FRAUD and LOSSES from Fraud? Answer: It is no more possible to stop ALL FRAUD than it is possible for a Politician or a Police Chief to stop ALL THEFT in a city. There will ALWAYS be Fraud! And therefore, there will ALWAYS be Fraud Losses. The best any person can do is MINIMIZE the losses. SAMPLE ONLY

  8. Mission of a Fraud Control Department From Executive Point of View: To Minimize Losses in Revenue from Products and Services Due to Fraud When Desired. Why “Revenue from Products and Services”? Question: Why not include Financial Fraud or other types of Fraud as well? Answer: Generally, the department(s) that audits employee’s actions and insures that there is no Internal Financial Fraud such as Embezzelment, Theft, and Robbery are separate from the Fraud department that oversees Fraud associated with the Products and Services. SAMPLE ONLY

  9. Mission of a Fraud Control Department From Executive Point of View: To Minimize Losses in Revenue from Products and Services Due to Fraud When Desired. Why “Due to Fraud”? Question: Why not include losses from other problems such as programming errors, faulty processes, incomplete customer data, network outages, etc? Answer: It is important to have a department dedicated to fraud primarily because of the focus on the customer. Losses due to these other factors are most often handled better by a Revenue Assurance department. (more on this later) SAMPLE ONLY

  10. Mission of a Fraud Control Department From Executive Point of View: To Minimize Losses in Revenue from Products and Services Due to Fraud When Desired. Why “When Desired”? • In order to Preserve Customer Satisfaction Question: Are there times when it would NOT be desirable to minimize losses due to fraud? Answer: Yes. Here are some examples: • In order to Preserve Customer Satisfaction • In order to Improve the Company Revenue Statistics • In order to Give Priority to Other Higher Priority Losses SAMPLE ONLY

  11. Mission of a Fraud Control Department From Executive Point of View: To Minimize Losses in Revenue from Products and Services Due to Fraud When Desired. Why “When Desired”? • In order to Preserve Customer Satisfaction In order to Prevent and Detect Fraud, processes must be put in place that will inherently... • Difficult the subscription process for the customer. • Bother him during the usage of the products and services. • Example: Validation process. Most all customers detest having their identity questioned. Therefore, it is important to balance Customer Satisfaction with Fraud Control. (This will be discussed at greater length later in the course) SAMPLE ONLY

  12. Mission of a Fraud Control Department From Executive Point of View: To Minimize Losses in Revenue from Products and Services Due to Fraud When Desired. Why “When Desired”? • In order to Improve the Company Revenue Statistics Question: Are there times when it would NOT be desirable to minimize losses due to fraud? Answer: Yes. Here are some examples: • In order to Preserve Customer Satisfaction • In order to Improve the Company Revenue Statistics • In order to Give Priority to Other Higher Priority Losses SAMPLE ONLY

  13. Mission of a Fraud Control Department From Executive Point of View: To Minimize Losses in Revenue from Products and Services Due to Fraud When Desired. Why “When Desired”? • In order to Improve the Company Revenue Statistics By reducing Fraud Controls, it is possible to: • Grow the customer base more quickly. • Artificially grow the revenue numbers. • Examples: Increase Share-holder confidence or perhaps to Prepare for the Sale of the Company. Fraud CONTROL means to be able to reduce or increase the indicidence of fraud to serve the purposes of the company. However, please note that allowing fraud to increase by not monitoring it is NOT considered Fraud CONTROL! This would be Fraud “OUT OF CONTROL”! SAMPLE ONLY

  14. Mission of a Fraud Control Department From Executive Point of View: To Minimize Losses in Revenue from Products and Services Due to Fraud When Desired. Why “When Desired”? • In order to Give Priority to Other Higher Priority Losses Question: Are there times when it would NOT be desirable to minimize losses due to fraud? Answer: Yes. Here are some examples: • In order to Preserve Customer Satisfaction • In order to Improve the Company Revenue Statistics • In order to Give Priority to Other Higher Priority Losses SAMPLE ONLY

  15. Mission of a Fraud Control Department From Executive Point of View: To Minimize Losses in Revenue from Products and Services Due to Fraud When Desired. Why “When Desired”? • In order to Give Priority to Other Higher Priority Losses In some countries, a Telecom company may not be able or allowed by regulation to implement certain Fraud Controls such as: • Credit Checks. • Sharing of information on Fraudsters between companies • Blocking Completion of Calls Going against Telecom Regulations can incur large fines that could outweigh the losses due to the fraud. In these cases, it makes financial sense to not implement the controls. SAMPLE ONLY

  16. Mission of a Fraud Control Department From Executive Point of View: To Minimize Losses in Revenue from Products and Services Due to Fraud When Desired. Question: If we cannot prevent or stop ALL fraud, what then is an “acceptable” amount of fraud for a Telecom to have? Answer: An “acceptable” amount of fraud losses are those that are less than or equal to the cost of controlling them. The costs involved in controlling fraud are real monies spent on an FMS, validation processes, etc. But those costs also include the cost (or loss) of good customer churn due to excessive validations or lack of subscriptions because of the excessive amount of documentation required at subscription time. These negative factors resulting from Fraud Control must be put in the balance as well. SAMPLE ONLY

  17. Day 2 Fraud Management Structure • Fraud Control Department – Where on the Company Org Chart does it belong? • Fraud Control Department Structure – Structure and objectives of each of the subgroups of a Fraud Control Department. SAMPLE ONLY

  18. Fraud Control Department Structure Finance Directory Revenue Assurance Fraud Control Manager Fraud Analysis Group Fraud Support Group Level 1 Fraud Analysis Group Level 2 Fraud Analysis Group Fraud IT Group Fraud Engineering Group Fraud Legal Group Prevent Fraud Detect Fraud Analyze Fraud React to Fraud Measure Fraud Report to Executives Fraud Control Manager Assumes all Responsibilities! SAMPLE ONLY

  19. Fraud Control Department Structure Finance Directory Revenue Assurance Fraud Control Manager Fraud Analysis Group Fraud Support Group Level 1 Fraud Analysis Group Level 2 Fraud Analysis Group Fraud IT Group Fraud Engineering Group Fraud Legal Group Prevent Fraud Detect Fraud Analyze Fraud React to Fraud Measure Fraud Report to Executives • Level 2 Fraud Analysis Group Responsibilities (continued): • More Datamining and Trend Analysis used for: • Configuring the FMS and other systems to Detect frauds earlier • Detecting frauds not caught by fraud group found in the Bad Debt • Working with Marketing to determine the best Fraud Prevention Procedures • Determining the best way to React to Frauds SAMPLE ONLY

  20. Fraud Control Department Structure Level 2 Fraud Analysis Group Discussion on Model Internal Structures of Level 2 Fraud Analysis Group • There are 3 basic Models that can be used for the internal structure of the Level 2 Fraud Analysis Group: • Product Type Focus – each individual member of the group is responsible for the fraud related to a product type. • Fraud Type Focus – each individual member of the group is responsibile for a type of fraud independent of the product type. • Network Access Type Focus – each individual member of the group is responsible for all fraud resulting from a network access type. SAMPLE ONLY

  21. Fraud Control Department Structure Level 2 Fraud Analysis Group Discussion on Model Internal Structures of Level 2 Fraud Analysis Group Product Type Focus (example): • Advantages: • Marketing Product Manager deals with only ONE representative from Fraud Control Department. • Makes for easier implementation of prevention processes when the vulnerability is a Process Vulnerability because Marketing is actively involved. • Makes it easy for product profitability evaluations. The fraud analyst has the fraud data specifically for the product. • Disadvantages: • More difficult when implementing preventive measures against technical vulnerabilities. Network Engineering and Ops have to deal with multiple fraud analysts. • Requires product identification at time of fraud detection, which can be difficult at times. Analyst B: Analyst A: Responsible for all Corp Long Distance Fraud Responsible for all Prepaid Card Fraud Analyst C: Analyst D: Responsible for all Local Access Fraud Responsible for all Internet Product Fraud SAMPLE ONLY

  22. Fraud Control Department Structure Level 2 Fraud Analysis Group Discussion on Model Internal Structures of Level 2 Fraud Analysis Group Fraud Type Focus (example): • Advantages: • Easier for Analyst to become an expert in a fraud type than a product type. • Allows for an analyst to dig deeper into the vulnerabilities and the exploits thus creating better prevention and reaction processes. • Disadvantages: • Each new fraud type discovered requires a new analyst. Therefore growth of department is controlled by fraudsters. • Marketing Product Manager must deal with several fraud analysts depending on the number of fraud vulnerabilities that exist for the product. Analyst B: Analyst A: Responsible for all PABX Fraud Responsible for all Subscription Fraud Analyst C: Analyst D: Responsible for all Internet Hacking Fraud Responsible for all Clip-on Fraud SAMPLE ONLY

  23. Fraud Control Department Structure Level 2 Fraud Analysis Group Discussion on Model Internal Structures of Level 2 Fraud Analysis Group Network Access Type Focus (example): • Advantages: • For vulnerabilities that are technical in nature, it is easier to deal with Network Engineering and Operations people because each Network Access type only has one Fraud Analyst responsible. • Easier for Analyst to become an expert in a Network Access type than a product type. • Allows for an analyst to dig deeper into the technical vulnerabilities and the exploits thus creating better prevention and reaction processes. • Disadvantages: • Each new Network Access type created requires a new analyst. • Marketing Product Manager must deal with several fraud analysts depending on the number of different accesses a product may have. Analyst B: Analyst A: Responsible for all PABX Fraud Responsible for all 8xx TollFree Access Fraud Analyst C: Analyst D: Responsible for all Public Telephone Access Fraud Responsible for all Internet Access Fraud SAMPLE ONLY

  24. Fraud Control Department Structure Level 2 Fraud Analysis Group Discussion on Model Internal Structures of Level 2 Fraud Analysis Group NOTE: Fraud in Bad Debt Analysis could be divided up among the individual fraud analysts however, this can lead to a conflict of interest. The fraud analyst is responsible for early detection of all fraud for his focus (Product, Fraud Type, or Network Access). But having him report on fraud not found through early detection is like allowing the fox to guard the chickens. An Alternative Approach: YING-YANG APPROACH... SAMPLE ONLY

  25. Fraud Control Department Structure Level 2 Fraud Analysis Group Discussion on Model Internal Structures of Level 2 Fraud Analysis Group YING-YANG APPROACH... Analyst A: Analyst B: This analyst’s performance is measured by the amount of fraud detected in the bad debt that the other analyst’s missed. Analyst E: Each analyst’s performance is measured by the overall decrrease in fraud for their area of responsibility. Analyst C: Analyst D: SAMPLE ONLY

  26. Day 3 Fraud Management Internal Processes • Detection: An exploration of Information Sources that can used to detect fraud. • Analysis: An in-depth discussion on different types of Analyses used to detect fraud along with their individual advantages. • Reaction: A lesson in the different options on how to react to fraud. • Prevention: A discussion in the importance of Prevention as part of the Fraud Control Internal Processes. • Measurement: A very detailed discussion on how to measure both fraud losses and losses prevented, and how to measure efficiency of the FMS, the analysts, and the department. SAMPLE ONLY

  27. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Detection Datasources: Generally, fraudsters do their best to hide the fraud they are committing. By hiding it, they can prolong the fraud and they can protect themselves from the legal consequences. If the Telecom operator only looks for the fraud in the obvious places, the fraudster will hide in the not-so-obvious places. The secret of keeping ahead of the fraud is to make available as many sources of relevant data as possible to the analysts and search it all looking for inconsistencies. In the case, where the data is so great and the resources for performing the investigations is small, then the data needs to be prioritized to the likelihood of actually finding fraud. SAMPLE ONLY

  28. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Detection Datasources: • Here is a listing of some datasources in a general order of priority: • FraudView System (FMS) • HLR System • CRM System • Collections System – Bad Debt • Revenue Assurance System • Billing System • Network Management System • Inter-Company Fraud Reports • Fraud Association Reports (CFCA, FIINA, TUFFS, etc.) • Anti-Fraud Hotlines • Marketing Trending Systems SAMPLE ONLY

  29. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Detection Datasources: Using FraudView FMS as a Primary Source: • Unlike all the other Telecom corporate systems in use, FraudView FMS is a system built specifically to detect fraud. • The many different engines it has were all developed to look for fraud in each in a different way. • Whenever possible, it is best to let the FMS perform the detection work feeding it data from as many relevant sources as possible. This is because of: • The combination of data items from different sources can be a stronger indicator of fraud than any item alone. • The other systems were not designed for fraud detection and using them for detection can have negative impacts. • Prior to feeding more data to FraudView it will be important to perform an impact study to determine the performance impact the data will have. SAMPLE ONLY

  30. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Detection Datasources: FraudView FMS FraudView Case Manager FraudView Engines Probe CDRs Data Consolidation Rule- Based Engine Alerts “The more sand that you put in your sandbox, the more bugs you will find hiding in the sand.” Case 1 Switch CDRs Case 2 Profiler HLR Data CRM Data Sub Fraud Package Case 3 FraudView Interface Manager FraudView Data Management Collections Data Rev Assurance Data Other Engine SAMPLE ONLY Case n Other Data

  31. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Detection Datasources: Using of EXTERNAL Datasources: Examples of Fraud Forums: http://www.fraud.org/ http://www.cfca.org/ http://www.trmanet.org/ http://www.atis.org/tfpc/ http://www.tuff.co.uk/ SAMPLE ONLY http://www.fiina.org/ http://www.gsmworld.com http://www.travel-net.com/~andrews/cinaa/findex.html

  32. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Detection Datasources: Using of EXTERNAL Datasources: • Using Fraud Hotlines as a Source of Data: • One option to help detect fraud is through the use of a Fraud Hotline. There should be at least one for company employees and another for outside customers. • A hotline for outside customers will most often have a high percentage of false positives or will be used as a way to complain instead of reporting fraud. To solve this problem, an Fraud Forum can be used as an intermediary. For example, AT&T uses the National Fraud Information Center (www.fraud.org) as a fraud hotline. • A hotline for internal employees should be communicated internally and made visible and available to all employees. The number of false positives from an internal hotline are much less. SAMPLE ONLY

  33. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: Speed of Case Analysis: One of the primary goals of the Fraud Control Manager is to provide the means for his analysts to do their case analyses as accurately as possible and as quick as possible. To help reach this goal, the fraud manager should try to automate as much of the analysis as possible via rules and thresholds. As much of this should be performed within the FMS (FraudView) as was discussed before. If there are datasources that cannot be integrated with the FMS (FraudView) then an easy to use and fast interface should be created for quick access to those other datasources in order to speed up the analysis process as much as possible. SAMPLE ONLY

  34. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: Types of Analyses: • In-depth Case Analysis: • CDR (Event) Analysis – analyze information in the CDRs • Client Data Analysis – analyze the HLR or Billing Data • Profile/Behavioural Analysis – analyze the profile or changes in the profile • Visualization Tool Analysis • Link Analysis – find “Friends of the Fraudster” • Pattern Analysis – find patterns that are indicative of fraud • Fraud Scheme Analysis – Determine the Fraud Threat, the Scheme Used, and the Vulnerability Exploited. • Historical Analysis: • Past Payment Analysis – payment behaviors can indicate fraud or NOT fraud. • Past Calling Behavior Analysis – past calling behavior helps confirm fraud and helps determine type of fraud. SAMPLE ONLY

  35. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: Types of Analyses (continued) • Analysis through Interaction with Client • Batch Analysis and Scoring • Automated Analyses via Datamining Engines • Trend Analysis SAMPLE ONLY

  36. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: In-depth Case Analysis: • CDR (Event) Analysis • CDRs (or Event Records) should be a primary source for Fraud Analysis. The following types of analyses can be performed with CDRs (or Event Records): • Type of Calls (or Events) • What are the types of calls made? (eg. Local, Cellular to Fixed Line, Long Distance, SMS messaging, Internet usage, Purchases, etc.) • Are these types typical for this type of customer? • Destinations Called: • What are the destinations called? • Are the destinations the same as other fraud cases? • Are the destinations called typical for this type of customer? • Call Durations: • What are the durations of the calls? • Are these durations typical for this type of customer? SAMPLE ONLY

  37. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: In-depth Case Analysis: • CDR (Event) Analysis (continued) • Time of Day of Calls: • What are the times of the calls? • Are these times typical for this type of customer? • Call Overlap: • Does there exist any overlap in the calls? • Is overlap typical for this type of customer? • Call Frequency: • What is the frequency of the calls? • Is the frequency typical for this type of customer? • Velocity Check: • In the case of cellular calls or other cellular events, was there any violation of velocity? SAMPLE ONLY

  38. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: In-depth Case Analysis: • 2. Client Data Analysis • The HLR, Billing System, or CRM is often the source of all Client Registry. Part of the fraud analysis should include an indepth analysis of the Client information such as: • Client Name Analysis: • Is the name typical or non-sensical? (eg. Mickey Mouse, John Wayne, etc.) • Does the name belong to a known fraudster? Or is it similar to a known fraudster? • Client Address Analysis: • Is the address appear complete? • Does the address belong to a known fraudster? Or is it similar to an address of a known fraudster? • Does the amount of usage correspond to the address? • Client Type Analysis: • Does the calling behavior coorespond to the type of client? SAMPLE ONLY

  39. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: In-depth Case Analysis: • 2. Client Data Analysis (continued) • Products/Services Ordered Analysis: • Are the combination of the products and services ordered commonly ordered by fraudsters? • Is the client using the products and services that were ordered? • Are there better product and service options for the client? (this can come in handy when talking with client on phone) • Multiple Line Analysis: • Are the number of phone lines owned by customer typical of this type of customer? • Are they in the same location? • Are they in radically different locations? • Any known fraudulent locations or addresses? SAMPLE ONLY

  40. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: In-depth Case Analysis: • 3. Profile/Behavioral Analysis • Fraud is often detected by identifying a known fraud profile or behavior as in the case of subscription fraud. Fraud is also detected by identifying a change in the profile or behavior as in the case of account take-over and clip-on. The following are profiles and behaviors that should be monitored: • Ratio of Types of Calls - eg. % Local vs % DDD vs %IDD vs Opr Assist, etc. • Roaming Behavior - where and how often is the phone in roaming? • Data Usage – how often and how much is this service used? • Messaging Usage – how many messages are received and sent on average? Any messages to PRS services? • Types of Online Purchases made – risky purchases (eg. PRS) should be closely monitored. • * Note: with the FraudView FMS risky profiles can be configured to be recognized. Also, FraudView has the ability to automatically determine the profile of a good customer by looking at the long term behavior of that customer and then if there are any short term changes in that behavior, this will alarm. SAMPLE ONLY

  41. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: In-depth Case Analysis: • 4. Visualization Tool Analysis • Professional fraud is often conducted by more than one person or telephone line. In fact many times it is committed by a very organized and well structed group. In such cases, it is possible to find other fraudsters in the same organization by the use of visualization tools. Examples of Visualization tools are: I2 (ChoicePoint), Visualinks (Visual Analytics), GTAD (ID Analytics), Crimelink (PCI), Intelligence Analyst (Memex), OrionMagic (SRA). Through the use of a visualization tool the following types of analysis can be performed: • Link Analysis - Link Analysis allows an analyst quickly identify patterns in the links between one fraudster and another. For example, oftentimes two or more fraudsters will communicate with each other through the phones that they are frauding. With the help of Link Analysis, the other fraudsters in the same organization or calling the same destinations can easily be identified. • Pattern Analysis – through the use of visualization tools, calling patterns can be visually detected. For example, if cellphone fraudsters always call a certain phone numbers at certain times or for certain reasons, the patterns of these calls will be visible. When patterns are thus detected, filters to detect those patterns in realtime can be created. SAMPLE ONLY • * Note: FraudView FMS uses I2 software.

  42. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: In-depth Case Analysis: • Visualization Tool Analysis: Eample of I2 screenshot of a PABX Intrusion SAMPLE ONLY • * Note: FraudView FMS uses I2 software.

  43. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: In-depth Case Analysis: • 5. Fraud Scheme Analysis • A very important part of the fraud case analysis is determining who the fraudster is (the fraud threat), which fraud scheme he used, and which vulnerability was exploited. It is through this analysis, the fraud manager will be able to convince his executives of the prevention/detection/reaction options he feels he needs to implement to stop the fraud losses. • Not all fraud threats and fraud schemes can be accurately determined. However, vulnerabilities generally are easy to determine and must be determined for each fraud case that is analyzed. • Generally, filters that feed cases are fraud scheme specific, thus facilitating the fraud scheme determination. • Once the Fraud Threat, Fraud Scheme, and Vulnerability has been determined for each case, this needs to be recorded in the case database. By recording this information, we can do trend and fraud impact analysis on vulnerabilities, schemes, or even fraud threats. This is important when trying to justify a Prevention/Detection/Reaction option. SAMPLE ONLY

  44. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: In-depth Case Analysis: Our Fraud – Intl Call Sell Scheme 5. Fraud Scheme Analysis (example) Fraudsters of Gang XYZ use Subscription Fraud to obtain new phone lines that they will never pay for. They will sell international usage of the phone lines. Filters Schemes associated with Filters Case created by alerts from filters No ID Validation Performed False IDs Used Professional Fraudster Hot Destination Filter • Intl Call Sell Scheme • Arbitragem Scheme • Call Back Scheme Intl Call Sell Scheme! • PRS Scheme • Intl Call Sell Scheme • Arbitragem Scheme Long Duration IDD Calls Case 1 High Volume ResidentialIDD • PRS Scheme • Intl Call Sell Scheme SAMPLE ONLY

  45. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: In-depth Case Analysis: • 6. Historical Analysis • Many times some of the best customers will have calling patterns and profiles very similar to fraudsters. To avoid blocking these good customers, the case analysis should include an Historical Analysis. There are two major items that should analyzed: • Past Payments – If payments of equal or approximate amount of usage were made by the customer in the past, then it is reasonable to conclude that the customer can afford to pay for current usage and will do so. • Past Calling Behavior or Usage Behavior: • If the customer has had similar or equal usage behavior (same destinations, same amount, etc) in the past AND has paid for it, then it is reasonable to assume that he is not a fraudster. Be careful of fraudsters that try to fool this analysis by making low volumes of similar calls and paying for those, but then later increase the volume dramitically. • If the customer has a different usage behavior, then this can indicate account take-over or can indicate clip-on fraud. SAMPLE ONLY

  46. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: Analysis through Interaction with Client: There are many times when the case data is insufficient to make a decision as to whether the case is fraudulent or not. In such cases, one option is to converse with the customer and through the results of that conversation make a final decision. • Fraud Department Objectives of Interaction with the Customer: • Validate that the customer is who is registered on the HLR and that the data is correct. • Determine if the suspicious activity on the account, phone calls, address change, SMS messages, purchases, etc., originated from the customer. SAMPLE ONLY

  47. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: Analysis through Interaction with Client: • Take IMPORTANT NOTE: • It is important NOT to offend GOOD customers • It is important NOT to pester GOOD customers • It is important NOT to panic GOOD customers • It is important to make the experience as pleasurable for the GOOD customer as possible. • It is important that in the process of making a contact with the customer NOT be perceived as a marketing ploy. • It is important that the process of making direct contact with the customer for the purpose of investigating a fraud case is within legal and regulatory guidelines. • The policy regarding contacting Corporate or other Special Customers should either be through the Corporate Account Rep or according to an agreed upon plan of action with Customer. (ie. Let the customer decide how he wants to be contacted in case of validating suspicious calls) SAMPLE ONLY

  48. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: Analysis through Interaction with Client: • Methods of Connecting with Customer: • Outbound call to either phoneline in analysis or other contact phone. • The difficulty in this approach is that the customer may not be available to talk at the time of the call. • Re-direction of next phone call made by customer to the fraud. The difficulties of this approach are: • The customer maybe in a hurry to complete the call and may not want to cooperate at that time. • If many customers are re-directed at the same time, this could cause a queue which will INFURIATE a good customer. • This approach needs to have 24x7 support. • Send SMS or Email to Customer asking to call Customer Service. • If many customers are call at the same time, this could cause a queue which will INFURIATE a good customer. SAMPLE ONLY

  49. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: Analysis through Interaction with Client: • Guidelines on How to Approach the Customer: • Explain to the customer that this interruption has been made in order to protect the customer from unauthorized usage of his phone line. The GOOD customer has to feel that the Telecom has an interest in protecting the customer. • Another approach is to tell the customer that the Telecom is validating the usage and/or Billing Information of the customer to insure the accuracy of his next invoice. • It is best to avoid the words “Fraud” or “Crime” during the conversation. • Make the conversation as quick as possible. • In the case of re-directed calls, offer the customer to complete his next call for free. • In the case of confirmed NON-FRAUD, send the customer a thank you note or offer the customer some free usage in exchange for his time. • In the case of NON-FRAUD, be sure that you do NOT call or interrupt the customer again at least for a period of 6 months or more. Anyless time than this would be interpreted as pestering a GOOD customer. SAMPLE ONLY

  50. Fraud Control Operational Processes Prevention Detection Analysis Reaction Measurement Executive Reporting Analysis Tools and Options: Analysis through Interaction with Client: • How to Validate the Customer: • When confirming the customer name and information, make it a partnership validation. The customer may be in doubt as to whether the operator is really from the Telecom. So he may want to validate the operator as much as he is being validated. To accomplish this two-way validation here are some options: • Only ask for part of the information (like the last 4 digits of the SSN) • The Operator can give part of the information and ask the customer to give the rest. • If a PIN number is associated with the service: • On Inbound calls, have the IVR prompt the customer for the PIN for a partial validation. Note: It is also important to communicate via a message in the IVR that the customer should NEVER give the operator PIN number. • On re-directed calls, prompting for the PIN number is perceived as rude and should NOT be done. SAMPLE ONLY