Transcript Document

GSMAP Doc 27/xx
NRTRDE
Project update
James Cheong, Asia-Pacific Fraud Forum Chair
Risk Manager, StarHub Ltd
GSMAP#27; Bali, 5-8 Sep 2007
Restricted
For Information
© 2007
GSMEMC
Association
Restricted
Restricted – Members & Associate Members
Members & Associate Members
X
Notice: All GSM Association meetings are conducted in
full compliance with the GSM Association’s antitrust
policy
Agenda
• Asia-Pacific Fraud Forum
• Roaming Fraud – Problem reminder
• NRTRDE
– Why Implement It?
– How to Implement
– Reminder on Liability
• NRTRDE Project
– Current Status
– Communications
• Frequently Asked Questions
• NRTRDE Survey Results
• Break-out discussion - All
Restricted – Members & Associate Members
Asia-Pacific Fraud Forum (APFF)
• Established to provide a trusted regional forum on GSM
fraud issues
– Develop fraud awareness
– Exchange of intelligence & best practice
– Develop industry countermeasures
– Assess the fraud exposure of new services
• Consists of fraud managers of operator networks
• 2 meetings/year (avg. 40 delegates)
– Co-ordinates with international FF
– Next meeting at Mobile Asia Congress in Macau 14-15
Nov 2007
Restricted – Members & Associate Members
Roaming Fraud
The problem
Restricted – Members & Associate Members
Roaming Fraud – Case Studies
• Europe, June 2006 - Dealer colluded in the issue of subscriptions to fraudsters.
Subsequent high volume of roaming calls between Greece and Tuvalu. 18
accounts identified with 24 hours and immediately suspended. Further analysis
led to a further 43 accounts being identified and suspended.
• Asia, June 2006 - Fraudsters applied to Asian operator for post paid SIM
cards (business & personal use). There were no restrictions on international
calls when roaming for new customers. While roaming in a European
country, the SIMs called high-tariff and premium rate numbers using
multiparty calls
• North America, Aug to Oct 2006 – Subscription fraud. Fraudsters pass
customer service security checks and obtain roaming & international calling.
Massive calling to high-tariff numbers Niger (+227) begins within hours.
Incidents in Austria, Greece, Laos, Netherlands, Pakistan, Thailand, UK
Restricted – Members & Associate Members
Roaming Fraud Risk Analysis
Scenario
Single
Medium
Large
1 SIM
10 SIMs
50 SIMs
€1,560
€15,600
€78,000
€10,080
€100,800
€504,000
€57,600
€576,000
€2,880,000
Limited
Type: 2 €/min single call
Transmission of HUR within: 12 h
Reaction of HPMN within: 1 h
Typical
Type: 3 €/min double call (call hold + call forward)
Transmission of HUR within: 24 h
Reaction of HPMN within: 4 h
Severe
Type: 4 €/min (e.g. satellite) conference call:
6 calls / SIM
Transmission of HUR within: 36 h
Reaction of HPMN within: 4 h
Restricted – Members & Associate Members
NRTRDE
Why implement it?
Restricted – Members & Associate Members
Why Implement NRTRDE?
NRTRDE implementation is valuable for operators, even those
who do not suffer from significant roaming fraud at present:
1. NRTRDE will prevent significant roaming fraud from
occurring in the first place – proactive risk reduction
2. Fraudsters are likely to move and target operators who
do not implement NRTRDE
3. Operators who implement NRTRDE are likely to be more
commercially attractive to roaming partners, and may
carry more traffic
4. NRTRDE provides operators with the ability to manage
bad debt/credit monitoring in addition to fraud.
5. Roaming partners will be pushing fraud loss liability onto
VPMN. NRTRDE protects against the associated risks.
Restricted – Members & Associate Members
Why Implement NRTRDE? (2)
6. Operators who implement NRTRDE can offer higher-value
services to new and roaming customers.
7. VPMNs that host inbound fraudulent roamers are making
money from fraud. This is bad for the industry. NRTRDE
would prevent this.
8. All operators using NRTRDE report reductions in fraud
losses and business cases that significantly outperform
expectation. Have you done the business case?
9. When roaming fraud occurs, the VPMN incurs huge
interconnect costs with no guarantee that the HPMN will
settle the bill.
10. Newer operators may find it harder to launch roaming
unless they offer NRTRDE since the more roaming partners
a network has the higher fraud risk exposure
Restricted – Members & Associate Members
NRTRDE
How to Implement
Restricted – Members & Associate Members
NRTRDE Project – Document Overview
Key NRTRDE Documents
Fraud Forum
FF.18: NRTRDE business requirements
FF.19: Commercial Implentation Handbook
TADIG
TD 35: Technical format specification
TD.39: Technical Implementation Handbook
TD.63: NRTRDE General Scenarios
TD.64: Example NRTRDE file
BARG
BA.20: Fraud prevention procedures
BA.08: Timescales for data transfer
Also: BA.50 Annex 11: template for amending roaming agreements
Restricted – Members & Associate Members
NRTRDE Newsletter – August 2007
•
•
•
Newsletter contains
Infocentre links to
all key NRTRDE
documentation.
Sent to AP Chair for
distribution, also to
all APFF members
(Aug 07)
Contact me or
[email protected] for a
copy
Restricted – Members & Associate Members
Project Planning – Latest Recommended Timescales
Duration
(weeks)
Recommended
latest completion
date
Project kick-off / Project Manager appointed
Begin signing updated roaming agreements
-
Week 1, 2008
Review PRDs and generate internal business
requirements
3
Week 3
Project detailed design development
4
Week 7
RFP Developed, issued & response evaluation
8
Week 16
Secure capital cost approval for preferred solution
2
Week 18
NRTRDE solution implemented / go live
8
Week 26
(end Jun 08)
Task
Period of stabilization prior to roaming agreement NRTRDE provisions coming
into effect
Project complete.
Roaming agreement NRTRDE provisions effective
Restricted – Members & Associate Members
Week 40
(1 Oct 08)
Implementation Recommendations
Lessons learned – Vodafone Group (implementing in 17 networks)
• Start the project early!
• Ensure that a project manager is appointed. Difficult to handle this
under “business as usual”.
• Respond to vendor information requests in a timely manner
• Run internal NRTRDE workshops to discuss implementation
issues and ensure there is a common understanding of
requirements from different functions
• Agree how to manage incoming NRTRDE CDR’s and error
notifications outside normal business hours
• Maintain a watch on NRTRDE support documentation updates
• Plan a strategy for updating roaming agreements
• Agree how to deal with any GSM operators not NRTRDE compliant
by October 2008.
Restricted – Members & Associate Members
Liability Summary
Normal Case (vast majority)
Liability
VPMN sends correctly formatted
NRTRDE records to HPMN on time
HPMN has information necessary to
detect fraud and is liable for any
fraud losses
In exceptional cases:
• Liability rests with the party that was at fault (i.e. not compliant
with BA.20, BA.08 and TD.35), e.g.
– VPMN sends NRTRDE records late or format incorrect
– HPMN doesn’t send error reports or daily delivery reports
– File delivery failure due to problem at HPMN
Restricted – Members & Associate Members
NRTRDE Project
Current Status
Restricted – Members & Associate Members
NRTRDE Project – Remaining actions
Remaining actions
Status / date
Fraud Forum
Communications and Implementation monitoring
Organise NRTRDE workshops
Ongoing to end 2008
TADIG
Manage NRTRDE Vendor Interworking Group
Most active in Aug 2007 –
inter-vendor testing
taking place
BARG
Organise Roamfests to facilitate bilateral roaming
agreement updates
Co-locate with BARG
meetings & GSMA events;
BARG Sep ’07 (New Delhi)
Mobile Asia Congress
Nov ’07 (Macau)
NRTRDE Steering Committee & GSMA Comms Dept
Support operator awareness
Maintain list of NRTRDE-ready networks
Continuous action during
the project lifecycle
All GSMA members latest implementation deadline
1 Oct 2008
Restricted – Members & Associate Members
NRTRDE – Communications
Channels already in use:
• Working groups &
Regional Interest Group
meetings
• Roamfests
• Speakers at external
commercial conferences
• 3GSM Congress
Barcelona & Asia
• Newsletters, brochure
Difficult to reach operators that aren’t engaged with GSMA
• Leverage existing data clearing house relationships
• Roaming managers are ultimate channel to their partners
Restricted – Members & Associate Members
APFF NRTRDE Vendor Session
• NRTRDE vendor session held at GSM North America
meeting in August 2007
– Opportunity for vendors to present their product
offering
– Positive feedback from operators present
• APFF plans to hold similar session in Macau 14-15 Nov
– How vendor complies with NRTRDE
– Discussion of architectural options, benefits and
drawbacks
– Evaluation of incoming NRTRDE data
– Recommended implementation timeline
– Solution differentiators
Restricted – Members & Associate Members
FAQ
NRTRDE - Frequently Asked Questions
Restricted – Members & Associate Members
NRTRDE - Frequently Asked Questions
1. Is NRTRDE implementation mandatory for all
GSMA members?
2. Will NRTRDE provide me with roaming data
usage records?
3. How can I update my roaming agreements?
4. How is fraud loss liablity split between my
network and our NRTRDE provider?
5. How can we manage fraud without rated
records?
Restricted – Members & Associate Members
1. Clarification - “Mandatory“ NRTRDE
•
GSMA NRTRDE project aims to facilitate and strongly encourage
NRTRDE implementation by Oct 2008.
– Target is entire GSM industry adoption, however
– GSMA cannot mandate NRTRDE implementation by
members
– Ultimately roaming market forces will drive industry
adoption
• Requests from roaming partners
Restricted – Members & Associate Members
2. Roaming Data Usage
• No requirement for NRTRDE to support exchange of data
usage records
– Fraud risk is currently low
– Additional burden on operators to implement & operate
– May affect takeup of NRTRDE
– Most data traffic routed via HPMN GGSN, so HPMN
already has visibility
• Anticipate possible future need for NRTRDE data usage
support
– Included in TD.35 & available for use if bilaterally agreed
• Support for HURs will disappear from Oct ’08
– Operators will need to take responsibility for monitoring
own subscribers’ roaming data usage
Restricted – Members & Associate Members
3. NRTRDE - Impact on Roaming Agreements
• Fraud prevention procedures specified in AA.13 Annex C.7
– NRTRDE requires update from AA.13 template version
3.13 (or earlier) to 3.14
• Remove detailed fraud prevention procedures from
roaming agreements
• Fraud prevention procedures specified in BA.20 instead
– Reference to BA.20 added to AA.13
Restricted – Members & Associate Members
NRTRDE - Impact on Roaming Agreements (2)
• BA.20 – Roaming fraud prevention procedures
• Describes both HUR and NRTRDE procedures
– HUR procedures are stated as valid to 1 Oct 2008 only
– Agreements updated now have no immediate effect, but
will automatically require NRTRDE from 1 Oct 2008
– HUR procedures will be removed from BA.20 in a
change request after 1 Oct 2008.
• BA.20 also references BA.08 – required timescales for data
transfer
Restricted – Members & Associate Members
NRTRDE - Impact on Roaming Agreements (3)
• Need to amend agreements from old AA.13s to latest version?
• Sign new AA.13 OR use Annex 11 of BA.50 to amend existing
AA.13
“…the following amendments are made to the International
Roaming Agreement signed by the Parties on DD/MM/YYYY
…Annex X is replaced with the following Annex:
[Insert new text/pages]
…All other terms and conditions of the Agreement remain
unchanged and in full force and effect…”
Restricted – Members & Associate Members
4. SLA with NRTRDE agents
• Roaming agreements specify that liability for noncompliance with the agreed fraud prevention procedures
lies with either the HPMN or the VPMN.
– Intentionally no mention of agents (vendor/service
providers) or their liability in roaming agreements
• If an operator uses an agent for NRTRDE exchange, service
and liability provisions between the operator and its agent
are a matter for individual bilateral service level agreements
(SLA).
• Suggested SLA provisions are contained in
FF.19 – NRTRDE Commercial Implementation Handbook
Restricted – Members & Associate Members
5. Pseudo-Rating incoming NRTRDE records
• Charging information not mandatory within NRTRDE
records
– Should not be expected by HPMN
• Instead, base roaming fraud management on:
– Fraud profiling
• Compare usage against historical usage profile
– Pseudo “rough” rating
• By NRTRDE vendor or at HPMN fraud mgmt system
• HPMN needs to decide what level of pseudo rating is
required
– Achieve balance between accuracy and
complexity
Restricted – Members & Associate Members
Near Real-Time
Roaming Data Exchange
Implementation Survey Results
Restricted – Members & Associate Members
NRTRDE: Decision outcome
Overall
EMC only
Implement by end ‘07:
Implement by Oct ‘08:
No target date set:
Will not implement:
Decision not made
No response
Restricted – Members & Associate Members
#
8
6
3
0
2
3
%
36%
27%
14%
0%
9%
14%
NRTRDE Implementation Status Survey
Results show:
• Commitment to NRTRDE
• EMC leading by example: 74% of EMC respondents (63%
overall) plan to implement by Oct ’08
•
Many operators’ projects are beginning or already underway.
• 35% of EMC respondents (22% overall) have assigned budget
and resources to internal NRTRDE project
•
Risks:
• Communications to operators not engaged with GSMA.
• Need to amend roaming agreements to support NRTRDE
liability provisions.
• Only 30% of respondents’ Roaming Depts have committed
to updating roaming agreements
Restricted – Members & Associate Members
Summary & Operator Action Required
• NRTRDE has the potential to eliminate significant roaming
fraud from the GSM industry
• NRTRDE implementation project will affect all GSM
operators
• If you haven‘t already done so:
– Begin NRTRDE implementation project now.
Restricted – Members & Associate Members
Contacts
APFF Chairman
James Cheong
Risk Manager, Starhub Mobile Pte Ltd
[email protected]
APFF Deputy Chairman
Sam Wong
Manager - Corporate Security and Fraud Management, PCCW Mobile HK
[email protected]
NRTRDE Project Leader
Axel Rösner, T-Mobile Germany
[email protected]
NRTRDE Project Manager
David Maxwell
[email protected]
Restricted – Members & Associate Members
For Discussion:
1. Has an NRTRDE project started within
your company, and is it due to
complete by Oct ‘08?
2. Do you have a plan or schedule for
updating roaming agreements?
Restricted EMC
Restricted – Members & Associate Members
Appendix - NRTRDE Survey results
98 responses received
Main illustration - overall results
Red box - EMC results
Note: Overall results are based on responses received only. EMC statistics include “no
response”, so should not be directly compared with overall results without adjustment.
Restricted EMC
Restricted – Members & Associate Members
NRTRDE Project Start-up
Overall
EMC only
Complete:
Not complete:
No response:
Kickoff mtg held%
45%
32%
23%
Budget & Resources Assigned%
Complete:
27%
Not complete:
50%
No response:
23%
Project Plan Approved%
Complete:
18%
Not complete:
59%
No response:
23%
Restricted – Members & Associate Members
NRTRDE Solution Identification
Only overall results are
shown. EMC-specific
results are very similar
Restricted – Members & Associate Members
NRTRDE Technical Implementation
EMC only
Not started:
Underway (<50% done):
Underway (>50% done):
Complete
No response
Restricted – Members & Associate Members
%
64%
9%
5%
0%
23%
Commitment to amend Roaming Agreements
EMC only
Yes:
No:
No commitment yet:
Not sure:
No response:
Restricted – Members & Associate Members
%
23%
14%
36%
5%
23%