Posted: 11/2000

Fraud Busting the ASP Way
By James R. Dukart

Fraud management is rarely, if ever, the top priority of a new or emerging
carrier.

While industry analysts estimate fraud costs U.S. carriers somewhere between
$6 billion and $18 billion per year, new carriers are more likely to concentrate
on network buildouts or customer acquisition than on catching the bad guys.
Effective fraud management often is seen as too costly for small carriers.

Risk management practice leader for The Management Network Group (TMNG, www.tmng.com)
Jim Marsh says carriers can be looking at half a million dollars or more for an
effective fraud prevention and tracking system.

Such a cost turns away at least some of the smaller or emerging carriers, he
adds.

"Initially they don’t even think about it," says Marsh, who is
based in Overland Park, Kan. "It is the farthest thing from their mind.
There is no way they are going to invest that kind of money to prevent fraud. As
a result, many carriers don’t have the staff or expertise to recognize fraud,
and they only recognize it after they have been hit and it is too late."

The ASP Way

The director of fraud management solutions for the telecommunications
division of HNC Software Inc. (www.hnc.com) in
San Diego, Tony Zarella, says recently he has released HNC’s ATACS fraud
detection system as a web-enabled, online solution being sold as an ASP model.

ATACS Online helps carriers deploy advanced, scalable fraud detection without
incurring large upfront capital costs for hardware, software and implementation,
Zarella says.

"If the customer has a web browser, they can have effective fraud
detection. We can set it up for them with very minimal impact, and they get all
of our technical expertise. What the ASP allows them to do is focus on the core
part of their business and let us deal with fraud," he explains.

Zarella says ATACS Online uses its own, external servers to watch all traffic
that passes through network or switches, and matches that traffic with
prescribed customer traffic patterns.

Anytime traffic significantly deviates from what is expected, fraud alerts
are sent directly to carriers, who can then choose how to deal with the
deviation.

Charges are calculated on a call volume basis based on the number of call
detail records the system watches, Zarella says.

Customers can update prescribed customer traffic patterns and fraud detection
parameters, a necessity since most networks constantly add new customers and new
services, he adds.

Fraud detection via ASP is well suited to small or newer carriers, Zarella
continues.

"What we keep seeing time and time again is that carriers have so many
projects on their plate that they cannot bring all the manpower to do all
projects at once," Zarella says. "They often don’t have the technical
expertise or IT resources. One of the things that can easily fall to the back
burner is fraud protection."

Zarella says wholesalers can use ATACS Online to provide ASP-based fraud
management services to their resellers. Wholesalers can host their own fraud
detection ASP for all resellers, can pass all traffic (resellers included) back
to HNC or can simply work their own cases and send all resellers directly to HNC
for service.

Either way, offering fraud detection to resellers makes good business sense
for wholesalers, he says.

"They [wholesalers] do not want their own system cluttered with fraud
that is not their responsibility. And if they are working cases on behalf of
their resellers, they are consuming their own resources," Zarella says.

"On the other hand, you want to be able to offer something. We’ve seen
cases where fraud could put resellers out of business or make them not able to
pay their bill. If your resellers start to go down, what kind of a distribution
channel is that?"

A further advantage to outsourcing fraud detection is that it improves the
overall effectiveness of fraud prevention across multiple carriers, Zarella
says.

"We have patented technology for profiling and for our neural networks.
If we get data and results of fraud cases from a host of different carriers from
different markets, it makes our information processing that much more
intelligent."

He says HNC offers carrier customers a "consortium model" of
information pooling and sharing that has proven effective in the company’s
credit card fraud detection systems. Any consortium member that contribute fraud
data to the pool gets access to fraud data–stripped of any customer
informationfrom other carriers.

Catching Crooks in Real Time

TMNG’s Marsh says the ASP model of fraud detection "could be very
appealing," but that he has not seen many companies embrace it.

The major barrier is that effective fraud detection depends on real-time or
near real-time data, he insists.

"I am not talking about near real-time data of one or two days,
either," Marsh says. "I have seen a calling card being abused through
a hole in the network and it caused more than $300,000 damage in a single day. I
saw a case with a very small reseller that was hit with $10,000 fraud over the
weekend when his monthly revenue was only $15,000. For fraud to work, the
information has to be available immediately."

Response time between fraud management providers and carriers must also be
immediate, Marsh adds.

"Response is the key. If you have a situation where it is five o’clock
on a Saturday afternoon and you see fraud happening, do you shoot and bring it
down?" He asks.

"What if you don’t have access to the network and have to find someone
there to take it down?"

Even when carriers do their own internal fraud management, turf battles often
erupt over who can block what traffic on the pipes or switches, Marsh points
out.

"One fraud manager I worked with was so frustrated he couldn’t see
straight," Marsh says. "He had to go to the provisioning office every
time he wanted something blocked, and he was always fighting to be heard. He’s
still fighting it."

Marsh says similar problems emerge within carriers between promotions
departments and fraud management staff.

"The records may look like fraud but it is really promotions going
on," Marsh says. "You have people in product marketing coming up with
all kinds of crazy ways to use the network, and they’re not always telling the
fraud and collections department what they are doing. You end up with fraud
alarms going off all over the place. It’s kind of ironic, but communications
companies often don’t really communicate."

That lack of communication might be exacerbated through outsourcing, Marsh
suggests.

"You are asking carriers to provide fraud vendors with customer master
files and have a very close working relationship," Marsh explains.
"Sometimes the carriers themselves don’t even clearly understand all the
new services and customers that are being put on the network."

Pre- and Post-Appliation

Kate Strong, product marketing manager of fraud products for Lightbridge Inc.
(www.lightbridge.com) says her
Massachusetts-based company has focused its service-model or ASP fraud solutions
on pre-application rather than postapplication fraud screening and fraud
busting.

The company has offered profiling and fraud screening products for new
customer acquisition via a subscription model since 1990. It only recently began
testing postapplication fraud detection and management via ASP, she says.

"Profiling on real-time call records is very new," Strong says.
"Almost everyone out there is on a license basis."

At the same time, small and large carriers should find something to like in
the service bureau model of fraud detection, Strong says.

"The small, emerging carriers just don’t have the expertise. The larger
carriers are merging a lot of different fraud detection systems and may be
getting fed up with buying more hardware licenses. It really depends on where
each carrier’s pain points are."

Historically, carriers guard their control of fraud detection systems,
something that may be waning as competition heats up and more new carriers enter
the market, she says.

For now, fraud vendors offer a variety of solutions–licensed products for
most carriers, with gradually more and more carriers moving to some type of
online, distributed services model.

Lightbridge has seen steady growth in its "Alias" system, a product
that tracks name and address changes within 90 days of new service sign-up,
Strong says. Alias is more like a pre-application fraud tool, in that it does
not rely on immediate real-time data and response.

"We offer a whole variety of these types of services through the ASP
model," she says.

Who Takes the Blame?

Another vendor testing the ASP model for fraud management is Equinox
Information Systems (www.equinoxis.com),
based in Madison, Tenn. David West, executive vice president for the company
says it is in discussion with an emerging ASP for the provision of its Protector
product via subscription.

"I see fraud detection moving more towards a service bureau model than a
pure ASP," West says. "It is more than just providing the application.
A good fraud management approach is multidisciplinary. You have to know how the
carrier does credit checks, how they add new customers, how they bill and
receive payment. You have to know a lot of things about how the carrier does
business."

That may be a tall order for ASPs, and it may be something carriers will not
share with outside agents.

Physical connections between the fraud management provider and customers are
critical, West says. "The results of investigations have to be sent back to
the carriers really quickly, and the folks at the service bureau side need to
know who do I contact if I want to shut the network down and cannot get someone
at the switch room to answer."

Another issue is liability, West says.

"There are some tricky issues here. Who is going to be ultimately
responsible for the fraud if you don’t shut down in time and [you] lose a lot of
money?" West asks.

Marsh says liability concerns loom large for any wholesaler who wants to
offer fraud protection to its resellers. Wholesalers often find themselves in
situations where they cannot really tell what is taking place with reseller
traffic.

"I have seen one situation where a reseller was marketing heavily to
Pakistanis and Indians, and the wholesaler saw all this sudden traffic to
Pakistan and India and wanted to shut them down," Marsh says. "The
wholesaler did not have a clue what was going on with that traffic."

Marsh calls liability concerns, "probably the biggest reason" why
carriers are reluctant to embrace the service bureau model for fraud management.

"Fraud is a very inexact science. It requires that you know all the
types of products that are on the network and all the new customers being added.
There is always the risk that you are going to miss something," Marsh says.

James R. Dukart is a free-lance writer based in Minneapolis. He can be
reached at [email protected].