Whenever people ask me about fraud in telecoms, I try to get one thing straight at the beginning. Do they want to know about the kinds of fraud committed by employees, committed by the "customer" (often in collusion with employees) or committed by other telcos? In reality, "Fraud" divisions within telcos often deal with just one or two of the three, and leave the rest for somebody else to cover. In some ways it makes sense to split up responsibility for fraud. The skills needed to analyse call patterns for indicators of fraud are not very similar to the skills needed to monitor employees which are dissimilar to the skills needed to understand the weaknesses that might be exploited by another telco. But splitting up responsibility, or focusing attention on one kind of fraud at the expense of others, can leave gaps in a telco's defences. One of the biggest current gaps is protection against the use of GSM gateways, also known as "simboxes".

GSM gateways are devices that allow a call on a fixed-line network plugged in one side to be connected to a mobile network on the other side. By bridging the world of fixed and mobile, they offer a clever way to exploit price differentials of a mobile network provider. The fraud requires the use a GSM gateway stuffed full of SIMs charged at standard retail rates. These get sited within range of a radio antenna and are used to connect calls to the victim network instead of using a normal fixed interconnection between networks. Instead of paying the full price to terminate an interconnect call legitimately, the offender instead pays the retail cost of a local call. This means the mobile network is cheated out of some of its revenues. In addition, concentrating traffic in one cell may lead to disruption of service for legitimate mobile customers. To counter poor service, the unwary mobile network operator may even find itself making an otherwise unnecessary investment in extra base station capacity. But this kind of fraud gets little attention. Why is that?

• The fraud can fall into a grey area legally. Contracts may not be tightly enough worded in stipulating that retail SIMs are not to be used by non-retail customers. In addition, legislators and regulators may not be keen to intervene. GSM gateways may lead to discounted services for the public, and are a back-handed way of eroding mobile termination charges without needing direct intervention.
• Telcos using GSM gateways may be completely legitimate in most other respects. Few vendors or consultancies specialising in fraud and revenue assurance want to alienate potential customers, so often prefer to keep quiet rather than highlight this topic.
• GSM gateway fraud challenges most preconceptions about fraud and how to detect it. For example, there is no link between this kind of fraud and bad debt. On the contrary, exploiters of GSM gateways may be mistaken for excellent customers, because they have very large bills but pay them promptly.

Like any kind of fraud, it is impossible to accurately estimate the impact of GSM gateway fraud. What we can say for certain is that vigilant mobile operators will suffer a lot less than those who do nothing to counter GSM gateway fraud. A two-step approach is needed: tight wording of contracts to clarify that retail contracts are not available for businesses using GSM gateways as an alternate means of interconnection, coupled with constant monitoring and prompt termination of contracts. To find out more, you can check out the site of Revector, a new company focusing on this area, or read this article which promotes Revector but also lists some of its competitors specialising in GSM gateway detection.

Posted by Eric on April 30, 2007 03:24 PM | Permalink

All companies are under pressure to save money. British Gas have recently given everyone a salutary lesson on how not to do it. It may sound simplistic, but chances are that British Gas employed insufficient resources on performing a billing migration. In particular, they skimped on testing and validation. And what was the result? Lots of complaints, lots spent on extra staff to handle those complaints, lots of negative publicity. The cost to British Gas will be far greater than the amounts saved during migration.

Here are a few links to stories that describe the mess made by British Gas. They also give a sense of how much reputation damage has been done.

Apologies from the British Gas Managing Director on BBC TV

The BBC's story on the British Gas billing fiasco

How The Sun newspaper reported the rise in complaints from British Gas customers

A Guardian newspaper story on how British Gas intended to take a deceased customer to court

And, in what must have been the worst error of all, here is the story of one customer receiving a bill for £2,320,333,681,613. Yes, UK£2.3 trillion (US$4.6 trillion). At least you cannot argue that British Gas do not have scalable billing. But unless there is a burst of hyper-inflation it will be a long time before they really need to send out such a big bill. In 2006 the group that owns British Gas had total annual revenues of a mere UK£16.5bn (US$33bn). It is a shame they did not reinvest more of it in billing...

Posted by Eric on April 20, 2007 11:14 PM | Permalink

I promised myself I would be presenting at fewer conferences this year. It takes a long time to write good new material and I do not believe in accepting an invitation to speak unless I have something new to say. However, I will be in London on 9th May to talk at IIR's Global Forum on Telecoms Internal Audit, Risk Management and IT Controls. For those of you who cannot wait, you can now see see a sneak preview of my slides on the downloads page.

The reason why I accepted this particular invite was the same as it usually is: I wanted to say something that I felt should be said but rarely does. If you ever go to a conference with a title involving audit, risk and controls, and listen to a speaker from the revenue assurance community, you may enjoy what they say, but you may not notice what they do not say. The average revenue assurance speaker usually fails to talk about audit, or risk, and often fails to talk about controls. So I got it in my head after reading a risk management study from Deloitte to discuss the link between revenue assurance and risk. My particular motivation came from observing that most people who do revenue assurance see it as a special and stand-alone discipline, whilst good risk management is about avoid a silo mentality. So what gets described as revenue assurance best practice often conflicts with risk management best practice. This can easily happen where you find people working in each silo with no overall boss that forces them to integrate what they do. Fortunately, going to the conference I am lucky enough to be able to talk first-hand about one example of revenue assurance best practice that highlights the limits of putting revenue assurance into a silo. The revenue assurance maturity assessment, due to be published soon, identifies silo-based revenue assurance as an intermediary stage in its development. To reach the highest levels of maturity the activity of revenue assurance has to grow beyond the confines of a silo and be fully integrated into the business. In turn, the nature of revenue assurance changes to become an element of enterprise-wide risk management. I know that will not be a popular or welcome message for some, especially those interested in building empires or fighting turf wars. But it needs to be said. If integrated risk management is not the destiny of revenue assurance, it can only be because businesses fail to take a holistic approach to risk. The operational risks within the scope of revenue assurance are not a special case. They need to be assessed and measured alongside all the risks the business faces.

Posted by Eric on April 20, 2007 07:46 PM | Permalink

It stands to reason that anything that has a value like cash, and which can be bought and sold, needs to be guarded as securely as cash. Examples are postage stamps, gift tokens and prepaid telecoms vouchers. At least in telecommunications the vouchers can be canceled when the theft is discovered, but if security is too weak to stop the theft, it may not be tough enough to discover it promptly either. Better to stop the initial theft than rely on blocking the cards later. Fortunately, Ghana Telecommunications were able to respond quickly enough to a recent robbery; read here about the theft of US$250,000 of prepaid vouchers from Ghana Telecommunications stores in Accra.

Posted by Eric on April 18, 2007 08:31 AM | Permalink

Revenue share should be pretty simple, really. You sell something, you take a percentage of the money made, and you give that percentage to somebody else. Problems occur if you cannot keep a track of what you sold. A few weeks ago I blogged about how Vodafone UK had failed to process SMS text message votes for an interactive tv show on a timely basis, and how that would also have an impact on revenue sharing partners. This weekend there was a news story that Vodafone UK has admitted to problems with reporting of revenue share. Stories like that tend should cause concern for any business in a revenue share relationship with Vodafone. The resources Vodafone employs to assure revenue share will be stretched even further by the challenges involved in assuring the new advertising and search deals that Vodafone has with both Yahoo and Google. They say good relationships are based on trust, and bad ones on vigilance. If Vodafone are unable to keep track of what they owe, their business partners would be well advised to stop trusting and start auditing.

Posted by Eric on April 16, 2007 12:03 PM | Permalink

This comedy video sums up what lots of people think about being served by call centres situated overseas. It may not be big or clever, but it is quite funny. There is no moral to the story, but it does raise the question of where to draw the line in off-shoring services...

To balance things up a little here is a promotional video for call centres hosted by the Philippine Long Distance Telephone Company.

Prejudice against overseas outsourcing can often be irrational. There is no doubt that some of the resistance stems from more base aspects of the human psyche: racism, xenophobia, and nationalism. On the political level, protectionism is also a factor, though I am of the opinion that cutting costs and investing in jobs in developing economies is a win-win in the long run. I can sympathise that creating the global village of people talking to each other from opposite sides of the planet challenges our instinctive understanding of community. The risks are significant: the reduced operational costs have to be balanced against both the transformation costs and the potential adverse reaction of customers. The wise business will proactively manage these risks during any offshoring exercise. Which means they need to maintain excellent communication between the people who understand the customers and expectations and the people who will be supporting them overseas. Which, rather ironically, means flying those people backwards and forwards so they can work together in person. That it in itself tells us something about the difficulty of creating a community of people who are geographically distributed.

Posted by Eric on April 11, 2007 04:58 PM | Permalink

For network operators, there is a tunnel at the end of the lights. The tunnel looks just like the inside of a bitpipe, and it is surprisingly dark in there. Turning all products into bits eventually means selling bits to retail customers at a fraction above wholesale rates. For a sense of how the competition is going to get more and more intense, take a look at this article, plus comments, about Mobile IM. Once you sell cheap bits, clever customers, and the businesses looking to sell to them, will find ways to turn everything else sold over a network into cheap bits.

An alternative future for network operators may be possible. But it partly depends on how arguments about net neutrality are resolved. For those not familiar, it comes down to the idea whether certain kinds of traffic should be prioritised over other kinds. Read here for a great summary of the net neutrality debate. So far, the major obstacle to prioritising traffic is that no two networks have joined-up thinking on how to prioritise, thus completely defeating the point of the exercise for all traffic passed between them. But some operators like AT&T and BellSouth are getting restless and looking to set a precedent. Opponents of neutrality argue that you need to be able to prioritise certain kinds of traffic - like IPTV - if they are to be worthwhile. They also argue that the growth in popularity in P2P file sharing, on-line gaming, video streaming and the rest threatens to create more demand than supply. Because of dotcom mania, most of the western world has so far been in the lucky position of having more capacity than needed, but that cannot be taken for granted. Proponents of net neutrality suspect that something far more sinister is going on. In their minds, prioritisation has nothing to do with the type of traffic, and everything to do with who is paying for it and how much. So prioritisation will be a means for networks to get more money from ISPs, advertisers, customers and the rest. The argument goes on that a network which supplies content may even deliberately slow down content from anyone else.

I guess there will be businesses who will optimistically be looking for enhanced revenue opportunities. And to some extent they are right. Prioritisation does offer prospects for making more money. But they had better beware how they go about it. For a start, prioritisation is fairly meaningless unless the network is fairly near to full capacity. If there is plenty of slack, prioritisation is largely irrelevant as everything gets processed pretty much as quickly as it can. If there is no slack at all, prioritisation breaks down because not everyone can be highest priority - meaning some supposedly high-priority traffic will be delayed. So making money from prioritisation could be either pointless or dangerous if the investment in capacity is not closely aligned to demand. The risk is that greedy network operators may destroy the major selling points of the internet - that is open to all, that it works, that it allows choice - and thus turn people away from it. After all, any of those clever bandwidth-intensive services they will be looking to profit from could just be supplied by the existing, tried and tested, old-fashioned technology. Which would not profit the network operators at all. Putting new users off the internet may earn a few extra cents at the cost of greatly undermining the future growth of the whole market. So prioritisation may be a small bright spot in a bleak outlook of ever more cannibalisation of revenues. But for the network operators, better to be a cannibal than to eat the goose that laid the golden egg...

Posted by Eric on April 10, 2007 04:43 PM | Permalink

When DVDs first came out, I was one of those people irritated by the idea that the world had been split into 5 regions solely for the purpose of differential pricing. Particularly as I live in the most expensive zone that seems to be charged more than any other: Europe. My response is like that of many others. I have a hacked DVD player that will play DVDs from any region. Any intelligent person can tell that the cost of making a film does not change no matter where it is seen, and that the cost of distributing it on DVD is going to be almost the same all over the world, so differential pricing is solely about maximising profits. In other words, the business philosophy is to charge most for content where the customers are prepared to pay most. But creating price differentials encourages sophisticated customers to find ways to buy at the cheapest prices.

Thinking about Intellectual property is an exercise in philosophical juggling. On the one hand, it is abstract, so it is the same anywhere in the world. On another hand, it gets sold - by which I mean licensed - to people, so there is the potential to price according to where the person is. But people can move. Whilst we rush headlong towards a world where money, people, goods and services flow without interruption across borders, media companies want to hark back to the days when people did not have passports because they never left the country of their birth. At the same time, only people allowed to make copies can make copies, because it is theirs to control. Which might sound reasonable if it was not so very easy to make copies. With that attitude, you might as well pass laws to stop more than one person reading the same magazine. Piracy is a crime, of course, but media companies can hardly expect much sympathy in the fight against piracy if they are so blatant at exploiting markets. After all, pirates just exploit the ease of copying and undercutting the legitimate prices. Media companies thus can find it hard to take the moral high ground. Especially when they hype the consequences of piracy. For example, take the claim that piracy funds terrorism: does anyone really think that Al-Qaeda wants more people to watch shows like 24 and films like Airforce One?

So instead of just having 5 regions for DVD content, why do media companies divide the world even more precisely to better maximise profits? Why not, for example, divide the United States into rich states on the coasts, and poor states in the middle, and charge more for DVDs on the coasts? Well, the reasons are several: keeping the right side of public opinion, keeping the right side of governments, and not trying to enforce the unenforceable. So dividing the world into different price regions works, but dividing the US would not work because the public would complain, the government would intervene, and people would just cheat the system by transporting DVDs and players from the low-price states to the high-price states.

So if I am unhappy about DVDs being over-priced in Europe, you can imagine how happy I am about the cost of music downloads in the UK. Because if Europe is top continent for over-priced content, the UK is the top country in Europe. Today, 1 US dollar trades at 0.75 Euros and 0.51 UK pounds. Take a good look at that ratio, 1:0.75:0.51. But whilst US customers can buy a track for 99 US cents, most European customers have to pay 99 Euro cents, and British customers pay 79 British pence. That means according to Apple iTunes the exchange rate is 1:1:0.8. In other words, if you converted your Euros to Dollars and bought in the US, you would buy 5 tracks in the US for every 4 you would have got in Euro-land. And if you converted UK sterling, you would get 8 tracks in the US for every 5 you would have got in the UK. Yet this is digital media, exactly identical and transmitted electronically. All that stops me buying at the better US rate is that I do not have a US bank account. Presumably if I did have a US bank account, but downloaded the music with the intention of listening to it in the UK I would be breaking the law. However, US tourists who listen to the music on their iPods whilst on holiday in the UK are doing nothing wrong. This kind of nonsense makes it hard to have sympathy with media companies complaining about the revenues lost from piracy.

But the news is that Apple and the music majors are now going to be subject to an anti-trust probe from the European Commission. This may eliminate the potential for price differentials within Europe, which would be good for the UK, but it will not prevent higher prices in Europe relative to the US. The only people who can do something about that are the worldwide army of copyright abusers. And with download music set to be DRM-free I expect their influence is going to become stronger than ever.

How can the media companies fight back? Well one way that might hurt reduce their revenues in the short term, but increase them in the long term, would be to accept that content is the same the world over and to charge the same price everywhere. Too high a price may encourage copyright abuse in poor countries, but crucially the risk is worst in the richest countries. Casual copying will be strongest where customers can obtain and afford broadband, PCs and flash drives. Every person with the incentive to learn how to cheat the system has the potential to train and recruit many others through their informal, i.e. social, networks. Trying to stop this kind of abuse using the same tactics as applied to organised crime will be futile. So the best advice is to limit the incentive to act in a criminal fashion in the first place, by setting prices that are perceived to be fair.

Posted by Eric on April 4, 2007 02:14 PM | Permalink

It is one thing to make a law. Any fool can make a law, which is lucky for politicians. It is quite another thing to enforce a law. Enforcing laws can be expensive. Especially if lots of people are inclined to break the law. And when breaking a law is profitable, the dynamics of supply and demand make the job of enforcement even harder. Because if more money is spent on enforcement, some criminals may be stopped, but probably not all. So the remaining successful criminals then benefit from higher profit margins, enabling them to spend more on evading enforcement. Think of how mobsters thrived in prohibition-era USA, or of the rise of production cartels despite the war on drugs. Copyright infringement has been following this same pattern, except the internet means there is no need for a recognisably criminal organisation. Instead, mutual self-interest encourages millions with P2P software and broadband connections to work together at breaking the law.

George Orwell wrote that the quickest way of ending a war is to lose it. EMI will start to sell DRM-free music via Apple's iTunes store from May. Selling DRM-free music is effectively showing the white flag of surrender in the war on copying music. You can see and hear EMI's press conference here and the BBC's write up of the story here. Not surprisingly there have been countless articles and blogs dedicated to the news - read a more cynical and thoughtful blog entry here. But most miss the point. The only reason why EMI - and the other major labels who are bound to follow - would stop fighting is because defeat was inevitable. As Steve Jobs pointed out during the announcement, DRM-free music is everywhere already: it just gets distributed as CDs. CDs are inconvenient. Electronic communications is far more convenient, but not if you muck everything up with lots of DRM software that obstructs reproducing the music on any device you please. So rather than wasting precious resources on two declining and doomed business models, one involving physical distribution of music and another involving artificially inconvenient electronic distribution, EMI have opted for first-mover advantage on a radically different model. The new model, as exemplified by the clever way of splitting music sales between cheaper/DRM/lower-quality and slightly more expensive/non-DRM/higher-quality, depends on trust. But the kind of trust on offer is intimately linked to convenience. In other words, EMI have rationalised that people will not go to the trouble of stealing if they can get a better deal without breaking the law. It all comes down to the value proposition: if the customer can get better value, whilst avoiding effort and saving time, they may well pay to download music instead of stealing it. Interoperability was a straightforward motive for stealing music, but EMI's move outflanks that motive.

Of course, EMI cannot afford to say they will never enforce their rights. But what they are signaling is that low-level and domestic infringements of copyright - equivalent to making a mix tape of music for a friend - will fall into a decriminalised gray zone. Only the abuse that most obviously costs them revenues, and which is easiest to enforce, will attract their attention. Instead of fighting the fanatical peer to peer anarchists, EMI is becoming more like them. They are trying to eliminate their competitive advantage in terms of convenience, in order to retain some opportunity to charge for the content. But there is also a subtle second side to the business model that may be ignored here. Cosying up to Apple is no longer just good business sense for a content business wanting a clever new way to shift product. For the majors like EMI, it is a matter of economic life or death. Content and distribution will inevitably become inter-dependent, as neither will be viable without the other. Because whilst charging for the content is under threat, charging for the devices that reproduce and store the content, and charging for the communication of the data is not under threat. Nothing the P2P phreaks can do will totally eliminate those costs to the consumer, so the game will change to using content as the reason for buying devices with more memory and for buying bitpipe capacity. In turn, the people selling those devices or bitpipes will need to ensure there is a worthwhile return to keep the content suppliers in business. More than one observer noted that the EMI/Apple offer of DRM-free music at twice the quality - hence twice the size - would encourage sales of devices with larger memory. It also means double the communications traffic.

What this means is that revenue assurance will need to shift focus. There will be some charging for content, but this is likely to be steadily eroded as part of ongoing competition. Competition will intensify as smaller content businesses, including the DIY music contingent, will find they can more effectively compete with the majors in the digital domain. As a result, a large proportion of retail revenues generated by the sale of content will be earned by the broadband providers and flash drive manufacturers. There will be competition between the various commodity suppliers of content, devices and bitpipes and also with the web anarchists. Many products that will be dressed up with different front ends and interfaces will be essentially the same underneath. So the potential for growth in retail revenues will effectively be capped. In contrast, business profitability will be increasingly determined by the deals made between owners and distributors of content. That is not an area where revenue assurance has traditionally been as strong. But understanding and assuring the profitability of such deals will take more than a marketing model and forecast; it will also need good business intelligence to calculate the real underlying profits created by content, and how this is shared between all the business partners. Managing that data across several businesses will be no small challenge.

Posted by Eric on April 2, 2007 11:20 AM | Permalink