Frugal Fraud Fighting

As a small carrier, you are used to operating on a shoestring. It is natural to panic when the industry says you must have the latest fraud-fighting technology to keep cloning and subscription fraud at bay.

Small carriers' fraud departments wear many different hats, said Billy Osborne, GTE-TSI fraud solutions manager. They do not have money to buy expensive technology. The truth is, there are some low-budget solutions to fraud. Many of them require implementing simple business practices or using what you already have.

Carriers such as Bluegrass Cellular, Brazos Cellular, First Cellular of Southern Illinois and Illinois Valley Cellular are used to battling on a budget. No matter how big or how established you are, a view of what works for these conservative carriers is instructive.

WHERE THE FRAUDSTERS ROAMThe news at every recent conference has been the same: Cloning and roaming fraud is down, subscription fraud is up. Industrywide, that may be true. But don't dismiss small rural carriers. As their urban neighbors shut out cloning with sophisticated fraud-prevention systems, technical fraud has migrated to the hinterland, where local providers often are less prepared.

"I think wireless conferences focus more toward large carriers than they do us, but we are still having cloning problems," said Pam Craig, Illinois Valley Cellular roaming fraud coordinator. "The problem is not over; it has just moved to a different spot."

Larger markets surround First Cellular of Southern Illinois in Mount Vernon. Chicago is five hours north, St. Louis an hour west and Evansville, IN, an hour east. The company has experienced cloning fraud coming from all three directions.

"We do not have the money, capital or budget to deploy authentication, RF fingerprinting or some of the more extravagant types of fraud detection," said Jeanne Manis, manager of customer services.

Instead, Manis uses a "buffet" of less expensive roaming fraud deterrents. Through Illuminet's roamer on-line support service (ROSS), First Cellular can see traffic as it roams in SS7 markets. Illuminet captures First Cellular's call records, including registrations, cancellations and call requests. Any time a customer registers in another market, it sends a registration to First Cellular, which decides if the user is legitimate.

"When we see particularly high usage, we call the customer, which is a nice marketing tool for us because we can do a customer touch," she said. If the real customer is not out roaming, she suspends the line, gives the customer a new number and reprograms his phone.

ROSS allows First Cellular to view messages for troubleshooting. It includes network-reporting options to allow the company to extract statistical reports from the system, added Patrick Wilcox, Illuminet product manager of wireless services. Reports could include how many roamers were in a particular market, what types of calls were made, and line range problems that might crop up.

First Cellular uses GTE TSI's FMR Plus, an automatic call-delivery process, to supplement markets that are not SS7-capable. It also uses Systems/Link's FraudTec, a real-time profiler, and RoamEx, a call-detail-record delivery mechanism. If First Cellular sees increased activity in ROSS, it will check FraudTec to see who the customer is calling. If he is calling his home market or has called the number before, it lets him go. But if he is calling large cities, the company reacts immediately. First Cellular's "buffet" has worked well so far, but Manis said it is not for everyone.

"If you are larger, don't want to hire the support staff and want automated systems, then this is not a workable solution. But for smaller carriers with limited resources, this is a very workable solution." The cost, she added, has been "very manageable."

Brazos Cellular recently celebrated a year with zero cloning fraud. Two years ago, the company was hit with 30 clones in one day, all in the same market.

"For us, that is a lot," said Curtis Knobloch, Brazos operations manager and the Rural Cellular Association technical and roaming committee chairperson. "We shut it down very effectively and quickly, and since that time we have had certain tools we use in restricted markets."

One tool is GTE TSI's Fraud-Force roamer verification and reinstatement (RVR) service. Knobloch said the product forces roamers to identify themselves verbally to a customer-service center when initiating the first call in certain markets. Brazos does not tell customers which markets it monitors. The system has been effective in stamping out fraud, he said. In fact, after months of no cloning, Brazos lifted some restrictions in one market last year. Phones were cloned again within three weeks.

"For cost, I don't think you can find a better value," he said. "You are talking about a nominal amount of money."

The downside is that customers find the product intrusive. Knobloch would like to offer something more transparent to customers.

"We have had no cloning, and that is great, but when you get a mad customer, it is not so great."

Brazos continues to review profiling systems, but will wait to buy one until it discovers uses for the system besides fraud prevention, to justify the cost.

Craig said Illinois Valley Cellular began noticing a spike in cloning fraud two years ago. The company is 75 miles south of Chicago, where Ameritech has deployed sophisticated fraud fighters. Cloners now come down to Marseilles, IL, to harvest Illinois Valley Cellular's numbers.

The company was receiving high-usage reports from GTE TSI's clearinghouse, but they came 7 to 10 days after use, so cloners would be free for a week before it could catch them. The company researched fraud-protection products and chose them based on price and what they could do. It compared how much it lost in cloning to the product costs and chose Authentix's RVR and Illuminet's ROSS. Messages go through Illinois Valley Cellular's MCAF call-completion analyst system through the SS7 link to Illuminet.

Illinois Valley Cellular has seen no fraud on the 1/4 of its line ranges to Chicago where Authentix is in place. However, like Knobloch, Craig noted that RVR is too customer-intrusive. When customers travel, an automated system asks them to verify they are legitimate customers. If they do so correctly, they can make calls for 24 hours. However, legitimate customers have been known to complain.

"It is hard to explain RVR unless someone has gotten cloned and received a $2,000-$3,000 bill," she said.Mark Freeman, Bluegrass Cellular CFO, said the company has used a profiler for three years since cloners infiltrated its Elizabethtown, KY, market. It has found profilers to be very reasonable on price.

"You can spend less, but I think you are going to get less," he said. "Profilers are a pretty good value for what you get."

So far, few small carriers have embraced authentication. Craig is looking into authentication-capable phones, but does not like the idea of having to replace phones and get A-keys for thousands of customers. Freeman also is exploring authentication, but pointed out that some areas are not authentication-capable now.

Although BellSouth Mobility DCS is hardly small anymore, it experienced the same fraud problems small companies deal with today during its start-up mode. Kimberly Eubank, BellSouth Cellular manager-fraud prevention, said you should have technological solutions to battle cloning, but they do not have to be expensive solutions such as RF fingerprinting or authentication. Eubank recommended a profiler and a real-time record feed if you are worried about cloning.

"Without a profiler, you must work off reports from roaming partners," she said. "In one weekend you could find yourself hurting because you didn't have that real-time record visibility."

Judith A. Dumont, Lightbridge vice president of product management, said profilers have become mission-critical. If you do not have the proper IT infrastructure in place to implement a profiler, you may consider outsourcing one.

Eubank said another way to save money is to have vendors price products on a per-subscriber or call-volume basis. A company with 70,000 subscribers that sends through 150,000 call records a day shouldn't pay the same price as a company with 3 million customers that sends 10 million call records a day.

"Most vendors are aware of that. It is not always their first pricing option, but if you ask for it, I don't think any of them would turn you down if they want your business," she said.

Tony Zarrella, GTE TSI director of fraud-management solutions, said you also could use products or services in selected markets to cut down on the cost.

WARDING OFF SUBSCRIBER FRAUDCloning is troubling to small cellular carriers, but small PCS carriers worry more about subscription fraud. Good business practices can substitute for subscription-fraud-prevention tools in a pinch. BellSouth's Eubank said profilers are necessary to fight cloning fraud, but you can live without one if subscription fraud is your main focus.

"If you have well-honed, timely billing-system reports, you can be just as effective with those reports as you can with your profiler, especially if you have fewer than 100,000 customers," she said. "If you have 3 million subscribers, you will never get through all your reports."

Other business practices start at the point of sale. Dennis Walters, Systems/Link director of industry relations, said checks and balances help make sure you are bringing on real people as customers. You must profile your customers carefully before bringing them on board, or else you open yourself up to fraud.

Dumont said outsourcing pre-screening systems can save you money because it is not a capital expense. Many companies will charge you a transaction fee based on the number of applications you send them.

First Cellular's Manis recommends CTIA's subscription-fraud video to teach your front-end employees tricks to pointing out and prosecuting identity thieves.

"You can determine if the ... numbers of a driver's license number do not match a birth year," she said. "Or learn to analyze gestures ... the way they are sitting, if they are nervous or in a hurry."

Knobloch said you should require staff to completely fill out customer-service requests. He has seen some without enough information to even send out a bill. Brazos has since put in strong controls to hold down subscription fraud.

Osborne suggested welcome calls and change-of-address monitoring as ways to validate subscribers' legitimacy. These programs also double as a fine marketing technique, he said.

Zarrella said you should make welcome calls and send out welcome letters quickly, even the day after someone signs up for service.

"You must act quickly so (fraudsters) do not have a chance to change addresses and phone numbers," he said. "You also should have controls to monitor changes within the first few months."

However, welcome calls can be ineffective if they are not done right. BellSouth's Eubank said some companies extend welcome calls from fraud departments, where verifying information is the main goal. Fraud analysts look for inconsistencies in the information, and when they find it, they take further action. Other companies make welcome calls from marketing, where the goal is to reduce churn by touching the customer. Fraud analysts only call the home and work numbers because they want to see if the customers gave them legitimate numbers. Marketers, however, might try calling customers on their mobile phones if the home and work numbers do not work.

"That is not going to help save me from fraud, because guess what? The fraudster is going to answer the phone," Eubank said. "If the numbers are fake, the subscriber should verify information in person. If welcome calls have a marketing focus, you must make sure the caller is thinking like a fraud analyst."

Dumont pointed out that welcome programs work best as part of a fraud-management solution that includes profilers, prescreening systems and procedures.

"Welcome letters should not be viewed as alternatives, but part of a comprehensive application," she said. "Fraudsters may know how to skirt the profilers, but if you receive returned mail, it is an early indication before the bill goes out that something is wrong."

FOLLOWING THROUGHWalters said welcome programs go awry when you do not follow up on returned welcome kits. Take immediate action if welcome letters come back undelivered. Suspend the customer if you can't contact him and prove he is legitimate. The next step, he continued, is to look for first-month defaults. Contact the customer if he does not pay the first month. Then, follow up on any address changes within the first 90 days.

Whether it is cloning or subscription fraud that you are fighting, don't be afraid to prosecute a criminal once you do catch him. Walters said once they identify a fraudster, few small carriers follow through.

"Some small carriers allow the impression that they are not going to do anything about it. That can be harmful," he said. "It is important to do an investigation. If you are not capable, bring someone in to help you."

Carla Marcinowski, Lightbridge vice president of consulting services, said consultants can help carriers avoid high fraud-prevention costs. Smaller upstarts may not have thoroughly thought out their staffs or infrastructure. Consultants provide resources and domain knowledge to help set up infrastructure, train people and implement policies and procedures. They can help carriers decide whether to outsource, use a service bureau or bring fraud systems in-house.

"(Consulting) really provides them with alternatives that match up with their financial plans," Marcinowski said.

When it comes to fraud analysts, proper training is key. Consultants can help carriers develop fraud policies and answer questions such as: How should we further investigate? Should we clear or confirm the fraud? How do we shut down a fraudster?

"It is one thing to identify that fraud is going on," said Judith Dumont, Lightbridge vice president of product management. "It is another thing for the analyst to know what to do."

Marcinowski said some consultants offer optimization services in which they review carriers' policies, practices, procedures and fraud-solution components. The consultant measures how the analysts fight fraud and suggests best practices and possible business or behavior changes.

"Sometimes the product needs to be tuned to adjust to a new environment," she said. "Fraud prevention involves all three components: people, processes and technologies. Consultants help review them, benchmark them and then make appropriate adjustments."