Kapsch CarrierCom

EN

Fraud Management System.

always one step ahead

Fraud detection, analysis and decision
support application environment for mobile
telecommunications service providers.

With fraud perpetrators becoming more sophisticated both in their techniques and their tools, fraud is an
increasing problem. Telecommunications service providers are currently second only to banks in losing money
through fraud, and experience shows that if no effective anti-fraud control exists, sooner or later an operator will
be hit by a major fraud problem. So as the number of subscribers, distribution channels, and enhanced services
grow, and more complex tariff structures are put in place, an effective fraud management system is now essential
to minimize losses. Investments in an integrated fraud management system pay off quickly even for operators of
small networks.

Kapsch CarrierCom Fraud Management System has been on the market since 1999, and is successfully used in
several GSM operator installations in Croatia, Slovenia and Austria. It serves as an assistant to fraud
management personnel, can detect and analyze potential problems and recommends counteractions.

Main advantages of the Kapsch CarrierCom Fraud Management System:

The product consists of a simple core with a rich set of the most common detection methods
n
The flexible architecture allows new features to be custom made to perfectly suit operator needs
n
Rapid application development model guarantees any new features are marketed quickly
n
Real-time detection enables quick reaction minimizing revenue leakage leading to a rapid return on investment
n
The scalability of the product enables it to fit the size of any customer
n
Main Features of Kapsch CarrierCom Fraud Management System.

Data Collection and Rating

The basic source of data for Kapsch CarrierCom Fraud Management
System are raw CDR files collected by the mediation device and TAP
files received from roaming partners. The advantage of this is that
the number of participants is reduced, compared with using CDR-s
from gateways, converters and billing systems. Other relevant data
(tariff models, SDR exchange rate, number of contracts etc.) is
obtained from the billing system using an on-line interface or entered
manually through administration modules. Other sources of
information are also used if applicable, e.g. IN platform for prepaid
fraud detection etc.
Kapsch CarrierCom Fraud Management System uses its own
module for CDR pre-rating, taking into consideration all relevant
information from the billing system (tariff model, discounts etc.)

Work Lists and Scoring

Fraud Management System creates a set of cases of suspected
fraudulent activity that must be reviewed by fraud analysts. An
analyst has a personal work list, containing fraud events that become
invisible to other fraud analysts that they review.
Fraud cases are managed by a unique identifier of a person or
company, and not only by MSISDN (Contract ID) or Customer ID
from the billing system, as one person or company can have multiple
subscriptions.
Scoring parameters and other parameters relevant to the fraud
management system can be modified at the individual customer
level, a customer group level or for the whole system.

Reporting
The reporting subsystem of Kapsch CarrierCom Fraud Management
System generates many different reports that can be used by the
administrator or management. These include:
Working reports: reports about fraud analyst cases including
n
number of cases processed in a time interval, actions performed
by fraud analysts, time spent on cases by fraud analysts etc.
Error reports about the eventual anomalies or faults in the system
n
or interfaces.
Performance report about the system performance and
n
throughput: number of CDR records processed in a period of time,
average number of CDR records processed, resource monitor and
disk usage report.
Fraud alarms report includes: number of occurrences of each
n
alarm defined in the system, number of alarms assigned to each
fraud analyst etc.
Fraud cases report: number of cases in the system, number of
n
cases depending on their status in the system etc.
NRTRDE (Near Real Time Roaming Data Exchange) Extension
The NRTRDE extension to Kapsch CarrierCom Fraud Management System implements a
method for fast detection of possible usage fraud in a foreign GSM network and transfers that
information, together with call details information, to the home network as soon as it is
detected.
Kapsch CarrierCom Fraud Management System supports the exchange of relevant fraud
information with other fraud management systems using the NRTRDE standard protocol
specified by the GSM Association.

Fraud Alarms
The alarms generated by the system can be divided into five categories:

a) List driven alarms

Black lists
n
Suspicious IMEI or IMSI list
n
Premium rate service numbers
n Fraud Alarms
Suspicious A or B numbers
n
Suspicious countries list
n

List driven alarms

b) Threshold alarms
Usage threshold exceeded alarms
n Threshold alarms

Low usage alarms

n Customer profile
change alarms

c) Customer profile change alarms Pre-paid

fraud alarms

Other alarms
d) Pre-paid fraud alarms
Too high account balance
n
Too many uncharged calls
n
Too big negative balance
n
Too many refunded SMS-s
n
Recharge attempt, stolen voucher
n
Too many recharges
n
High amount recharged
n
High amount assigned
n
M-commerce incorrect charge
n
Customer using fraudster's IMEI
n
Call after expiration date
n
Free SMS
n
Calls to PRS numbers
n
Calls to risk destinations
n

e) Other alarms
Overlapping calls
n
Velocity alarms
n
Cloning alarms
n
Manual entry of a fax received from roaming partner
n
SS7 signaling (e.g. number of tokens)
n
Architecture in overview.

The number of interfaces to other systems

in each operator implementation depends
NR
TR
D
on the availability of these interfaces, but E
Fraud Management System Administrator

in general the following interfaces are CDR

Data Feeds
Decoder
Pre-rating Rating Tables
Preprocessor

always present in the Fraud Management

Mediation Database Billing System
System: Network
Loader
Elements
Different sources of CDR data (CDR,
n
Rated Records Subscriber Data
TAP, GPRS, UMTS, MMS …)
CRM System

Billing system interface

n Counter
Variables
Aggregated Billing System
Variables
Variables

IN system interface
n
Threshold List Events Overnight Rule Based
Processing Generation Processing Alarms
Other systems (cell info, pre-paid
n IN Platform

recharges, …) Suspensions Auto Autosolving

Barrings Pending Alarms Solved Alarms
Reactivations

Provisionning
Server Man
ual

Fraud Agents

Detection Methods used by Kapsch CarrierCom today. Success Story

1999 - First Fraud Management

n
Threshold analysis – a simple yet very effective way to process large amounts of data
n
System installed at Croatia's biggest
and achieve very good results through a careful fine-tuning of the system parameters. alternative mobile operator, VIPnet
Credit limit analysis – each subscriber is assigned a credit limit for contracts. This limit
n

can be taken periodically from the billing system or recalculated dynamically based on 2001 - Si.Mobil Slovenia followed
n

the subscriber's payment behavior. The system must perform on-line pre-rating which
imposes very strong requirements on server processing power. 2002 – Successful completion of
n
complex installation at Austrian tier
Black / hot list processing – while hot lists raise immediate alarms, black lists only raise
n
1 operator mobilkom austria.
alarms when a set threshold is exceeded. The lists can be based on called or caller
numbers, IMSIs, EMEIs or cells.
2005 - Mobiltel Bulgaria installation
n
Profiling – a profile of a known fraudster can be used to detect others using
n began operating
sophisticated pattern recognition. Also the changes in subscriber usage behavior (call
duration, time between calls, time zone, etc.). 2007 - Vip mobile, Serbia as well as
n

General rule engine – detects fraudulent call patterns, and is very effective at picking up
n VIP operator, Macedonia go on-air
practically any type of fraud.
2009 - Most recent installation at
n
Belarus' largest operator Velcom

2010 - Most important installation

n
outside the Telekom Austria Group
completed in Saudi Arabia.
Main benefits when using Kapsch CarrierCom Fraud Management System.

Multi-lingual user interface – enables operation of the product in any language.

n

Person (company) oriented – enables efficient detection of fraudster and organized

n

fraudster networks.

Complex event scoring – sophisticated algorithms with numerous parameters can be

n

fine-tuned to meet the operators business policies and fraud prevention strategies.

Automated processing – easy configuration using integrated provisioning system interface

n

allows the fraud agent to concentrate on complicated cases because the system
processes most cases without human intervention.

Pre-rating with real subscriber tariffs and other billing relevant parameters computes
n

amounts for each call in near-real-time enabling detection of potential financial losses at
the earliest possible stage.

About Kapsch CarrierCom About Kapsch TIS d.o.o.

Kapsch CarrierCom is the leading Kapsch TIS is the result of Kapsch

supplier and independent system
integrator of telecommunication solutions
for public operators of core, access and
transmission networks.
In addition to services and applications
for next-generation networks and
innovative OSS/BSS solutions,
Kapsch CarrierCom covers the entire
value chain – from consulting, design,
development, deployment and integration,
to maintenance and operation of
complete networks.
www.kapschcarrier.com
CarrierCom's successful expansion
strategy in southern and eastern Europe.
It grew out of the merger of Kapsch
Croatia with TIS.KIS and RING Datacom.
It is a strong competence center in
transmission technologies as well as a
specialist in the development of software
solutions with the focus on messaging,
content download, CRM and fraud
management within the Kapsch
CarrierCom Group.

Kapsch CarrierCom Kapsch Group.

Am Europlatz 5, 1120 Vienna, Austria Kapsch is one of Austria's most successful technology corporations,
Phone +43 50 811 0 specialized in the future-oriented market segments of Intelligent
Fax +43 50 811 3201 Transportation Systems (ITS), Railway and Public Operator
E-mail kcc.office@kapsch.net Telecommunications as well as Information and Communications
Technology (ICT). Kapsch, headquartered in Vienna, is organized
www.kapschcarrier.com
as a group company with the entities Kapsch TrafficCom, Kapsch
CarrierCom and Kapsch BusinessCom. The companies of the
Kapsch Group employ about 5,000 people around the world.
Kapsch. Always one step ahead.
 www.kapsch.net
www.kapschcarrier.com
KCC 7412-02 EN 1202 © Kapsch CarrierCom AG. All rights reserved. Subject to change without notice.