 |
|||||||
 |
 |
|
|||||
Cellular Integration
September 1995
POLICY
The Business of Fraud ManagementBy Roseanna DeMaria
Corporate Vice President, Revenue Security
AT&T Wireless Inc.
Fraud is an industry problem that demands a business as well as a technology solution.
Have you ever tried to identify the person who develops a telecommunications company’s fraud management plan? A logical place to start would be in the company’s phone directory under “fraud.” Search as you might, however, you will not find a “Fraud Department” or a “Fraud Management Unit.” You will find that the department or person charged with this responsibility has a title with the following ilk: Director of Revenue Assurance, Director of Revenue Security, Security Director. These titles suggest that fraud is an antiseptic, balance sheet issue that can be dealt with through purely business acumen. Herein lies the problem! Fraud is anything but an antiseptic business issue. First and foremost, fraud is a crime. It is performed and proliferated by criminals. To deal with it effectively, you must understand the criminal. To deter fraud, to misdirect it or to manage it, you must think like a criminal. That is a reality. If your fraud management plan is to succeed, this ability must be integrated with business, legal, and technological skills. To manage fraud you must be able to answer one question effectively: “What is it?” Does it sound simple? Consider the three blind men who are each touching a different part of an elephant. The man holding the trunk believes he is holding a snake. Alarmed, he jumps away and causes the elephant to stampede. The man holding the elephant’s leg believes it is a tree trunk and is stepped on. The man holding the tail believes it is a rope and is dragged away when the elephant stampedes forward. Each, however, fully believed that he knew the answer to the question, “What is it?” Accordingly, be cautious when you answer the question. What is Fraud?So, what is fraud? Well, when your customer receives a bill containing charges for services that a customer did not use, your customer care department will hear about it. When this happens to a number of customers, the answer to the question will appear to be, “Fraud is a customer care issue.” Naturally, you will arm your customer care representatives with the necessary information to educate your customers and assuage their concerns. Customer care scripts will be drafted to explain the problems and your position. Additionally, you will launch a comprehensive customer care program complete with marketing tools, such as brochures and customer newsletters, to explain the fraud and your relentless efforts to solve it. This approach demystifies the fraud and empowers the customer with the necessary knowledge to understand your attempts to address it.Once the customer care program is in place, the issue of the erroneous charges on the customer’s bill will remain. The answer to the question will then appear to be, “Fraud is a finance issue.” Ideally you will want to remove the erroneous charges from your customer’s bill before the bill is issued. Should you fail to do so you will have to strip the erroneous charges after the bill is received. In both instances, you will need to be able to quantify the amount of taxes that were affected by the stripped costs. Having done all this you will want to sue these stripped amounts to measure your losses. When doing those measurements you will need to decide whether to measure your losses from an anticipated profits loss perspective or from an actual out-of-pocket loss perspective. Each type of measurement will provide you with insights into the size of the problem. These insights will determine how much money and resources you will allocate to fix your fraud problem. All these efforts are unquestionably necessary to address the fraud issue, but none of them will solve the problem. So, what is it? Well clearly fraud is a crime, and crime is a law enforcement issue. The natural reaction in this context is to call “911.” When you call, however, you will find that your technology is esoteric, and your criminal is unique. You will need to train law enforcement on your technology in order for them to understand the crime. Once they understand it, you will need to support their efforts with the necessary technological tools for their investigations to go forward. To succeed, however, law enforcement will need an applicable criminal statute to arrest and convict your criminal. If your technology is new and unaddressed by the existing statutory scheme you will need to lobby for new legislation, without which your newly educated and technologically-supported law enforcement agencies will be unable to arrest your criminal predator. Technology SolutionsClearly, and fraud will involve a law enforcement component, but the question still remains, “What is it?” Technology invariably created the fraud problem due to its vulnerability to the technobandit. Technology, therefore, is the natural source of the solution. First, you will want to pursue detection technologies that enable you to isolate, identify, and track the fraud in your system. This type of technology will enable you to know about it before the customer and avoid a post-bill experience for that customer. Detection technologies also enhance your other customer care initiatives that address fraud. Prevention technologies, however, stop that fraud from occurring. This type of solution will cause three things to occur. First, the fraud will be eliminated from your system. Second, the fraud will begin to seek a new point of technological vulnerability, a path of less resistance. Third, the fraud will migrate to your competitor.Initially, these three results may appear to be successful to you. The criminal’s search for a path of less resistance can result in an even larger fraud problem if the criminal has evolved into a stronger attacker. This evolution is akin to the emergence of a hardier genetic strain of roaches when a stronger insecticide is used to exterminate them. When you deploy your prevention technology it is critical that you plan and prepare for the fraud’s inevitable evolution. Similarly, the migration of the fraud to a competitor solves nothing. It is a transitory situation that will invariably result in your competitor upscaling their prevention technology to ultimately return the fraud back to you. An Industry SolutionThis scenario illustrates the fact that fraud is an industry issue. It should not be part of the competitive marketplace. The need for a fraud task force within the industry trade association is present in every technology. New products and services, from the standards perspective, should be scrutinized from a fraud vulnerability standpoint for the creation of meaningful industry standards. Similarly, fraud prevention technologies should be evaluated for their ability to be networked. Without such ability, fraud would simply migrate from one carrier to another. Fraud is an industry problem that demands an industry solution.The criminal fraud attack is a unified one. The criminal is focused on his objective. Crime provides him with a naturally unified front. The telecommunications industry is also focused on its efforts to provide its customers with anytime/anywhere communications and all the efficiencies inherent in the remote paradigm. However, the telecommunications industry is comprised of many technologies. This technological mosaic necessarily includes devices that have dual operability on two different systems and devices that roam between systems. The emergence of PCS proposes to introduce a GSM standard to operate beside the existing North American standard. This ongoing diversity demands a unified, business approach to the fraud problem. The seamlessness of technologies are at risk if the fraud problem succeeds in segmenting the use of a particular communications device. For example, in the cellular fraud context, a proliferation of roaming fraud can cause a carrier to pull its exchanges from a market. This type of fraud management erodes the seamlessness of the product, and effectively segments the technology. Ultimately, the deployment of a networked fraud prevention technology, such as authentication, will address this problem. Deployment across the entire network cannot occur overnight. Accordingly, in the interim transition period the fraud will migrate to the non-authentication markets and roaming fraud will increase. The power of this technological tool cannot be overstated. Its full deployment across the network will profoundly affect the fraud. Until that time, however, business solutions must be sought to manage this issue. Larger carriers with greater detection tools should assist the smaller carriers with their increased fraud visibility. Industry roaming agreements should be scrutinized to address this issue. And, yes, fraud is most definitely a business issue. So, what is it? Well, quite simply, fraud in 1995 is a complex, entrenched, migratory adversary that is “technology fluent.” As such, the effective fraud management plan must “out-think” the criminal by addressing his present position of attack while simultaneously planning for the future migration that will result from the execution of the fraud management plan. This strategy involves a long-term plan that acknowledges the flexibility of the fraud adversary in the present while preparing for the future. As technological solutions progress criminals will seek paths of lesser resistance to ply their “techno-thievery.” The most obvious areas of vulnerability are our physical facilities and employees, along with our information systems. Risk assessments in these areas to identify the locations in need of firewalls are required. The viability of the results of these assessments must be evaluated in the context of the size of the risk posed in conjunction with the business costs and benefits. This analysis can only be done once you have a working understanding of the fraud adversary. Any fraud management plan requires the use of a coordinated, multifaceted attack. Fraud permeates every aspect of the targeted technology’s business – customer care, finance, engineering, information services, public relations, legal, external affairs, and marketing. Every department, therefore, must contribute to the development and execution of an effective fraud management plan. This type of plan ensures the advantages of an interdisciplinary attack that capitalizes on all of the strengths of each department and meets the challenges of the 1990s criminal attack. The business’ commitment to this type of strategic fraud management plan must be complete and closely coordinated between departments. Clear and unequivocal management support is vital to the success of the plan. Finally, fraud is an omnipresent challenge to present and future technologies. It must be addressed on every business front with a strategy for the present that looks to the future in order to abort the fraud’s evolution and development. A coordinated, multifaceted attack must be a priority in the business plan for the successful 1990s telecommunications business. The criminal challenge must be met.
Roseanna DeMaria is the corporate vice president of revenue security for AT&T Wireless Inc. She is AT&T’s spokesperson on fraud, and is responsible for formulating AT&T’s fraud management plan. DeMaria is also a member of Cellular Integration’s editorial advisory board.
|
|||||||