Bill shock and roaming frauds can be tackled
Author: Luke Taylor CCO & Deputy CEO
Date: 2nd June 2016
It has been a few weeks since I returned from the GSMA World Congress in Barcelona. My experience of visiting, what is regarded as one of the great cities in Europe, was unfortunately, tarnished when my company phone was stolen. This is rather ironic, as I am a Director of a company that provides fraud management software to the telecom industry…
I have been in the fraud and risk business for over 18 years am and am fully aware of the crimes and modus operandi of these criminals and fraudsters. However, even after all the years of travelling on business to many different countries and cities and ensuring my possessions such as phone, passport and money were always secure on my person, on my recent trip to Barcelona, the phone was extracted from my front trouser pocket without me noticing immediately.
So what does one do in such a situation? Call your telecom service provider? Call home? Alert the police? Kick yourself? Well you should certainly kick yourself and then attempt all of the others, maybe not in the order I suggested but, what seems a simple set of tasks to undertake, is actually extremely challenging. When the crime I was involved in was perpetrated, it was late at night. The only means of communication has just disappeared in the greasy hands of some low-life down a side street… Once I was over the initial shock, you suddenly realise you have relied on the contacts facility on your phone to simply press a button or speak and get the right contact details for years… now with no phone you now realise you cannot recall any numbers, not even your home.
You also face more challenges. For instance, trying to find some money to make a call from one of those public phones on the street, if you can find one. You may be lucky, like myself, that they have not also taken your wallet, so you can get a taxi back to your hotel or, of course, the requisite visit to police station… The tribulations of trying to get a crime number for this offence, so one could look to get some legal recourse and also be able claim on travel insurance, is not easy by any means and actually seems impossible. It appears the Cuerpo Nacional de Policía find theft of high value handsets a minor misdemeanour and that, if I want to register this as a crime and file the relevant paperwork, I would need to know the serial number of my phone… (a piece of information always on the tip of my tongue… and a great way to stop policeman sitting at desks filing paperwork…) I could comment further, but for my sanity, and not to bore you further, I am going to move on in my tale.
After trying to understand the fables of the Spanish Law Enforcement, several hours have gone by and the sun will be shortly rising on a new day. So, with despondency, you then need to look at options to try and communicate home to cancel the SIM/phone and inform people that calling you over the next few days will be futile. At this point, it is now hours after the crime has been perpetrated. You send emails to work colleagues to assist in barring the SIM, you Skype family and colleagues to tell them that you will be offline for a while. You then get some much needed sleep and look forward to a new day in a foreign country with no phone.
Premium rate service...
As you would gather, the entire episode is one you would wish to forget… it’s rather embarrassing, tiring, frustrating, you feel rather foolish and just a little abused. Sadly a few weeks later all these feelings are reinitiated. I receive my company phone bill from my Service Provider. This month, there is an additional £1,800 ($2,600) of calls on the bill – they are Premium Rate Service calls to Burundi. After years of discussing International Revenue Share Frauds (IRSF) with our clients, I now have my own real-life personal experience. Reviewing the bill, it seems that, immediately after the phone was taken from the warm security of my pocket by the degenerate thief, the SIM was placed in an automated Simbox and went on to make repeated consecutive calls until the SIM was eventually barred later in the morning. So, what if I could have cancelled my phone quicker, well possibly, what if I was a person who could remember phone numbers and had access to another phone quickly? Then I think, wait a minute, at worst there should only be a maximum of three/four hours of financial exposure as there would be an NRTRDE report sent to my home network showing this unusual behaviour of calling Burundi non-stop…
So I should ask, where is this NRTRDE report? If the report had been sent by the roaming partner in the agreed timescales there would only be a maximum of three hours of calling/activity – in my case there was nearly 8 hours. Where were the processes or systems to identify this unusual behaviour on my phone? Have I ever called Burundi before? No. Do the volume of calls match my profile? No. Are such repeated calls humanly possible? No. All these questions seemed to have no positive response… I now have a large bill and am a very dissatisfied customer. I will not name the Service Provider involved, purely out of professionalism for the industry but the above documented experience must reflect the average unfortunate tourist who has been affected by such criminal activity whilst abroad. All of these simple questions could be undertaken by the Service Provider on each and every subscriber whist roaming (it is feasible, our own Minotaur product is undertaking it for many Service Providers around the world). The rate of financial losses, the number of disgruntled customers, will only increase and wealthy fraudsters will proliferate if not tackled. There is no excuse for my own stupidity and naivety, I hold my hands up but there is also no excuse for Telecommunication Service Providers to turn a blind eye to this issue. Service Providers should have the duty of care to be able to protect their customers from such threats. It is not a cost either the subscriber or the Service Provider want to incur and, with some very simple analytics, this issue could be stopped dead. Alternatively, you put some of the onus in the hands of the phone owner, providing self-care portals where they set their own risk profiles whilst roaming. Whichever model, both are practical and achievable. In the meantime, while I try and remonstrate with the Service Provider, I have informed my own technical team to configure a specific IRSF module that all Service Providers can simply plug in and use to mitigate this ongoing issue at a very minimal cost. I implore Service Providers to contact me to discuss how we can resolve this manageable issue or at least look at their own systems and processes to ensure that what is simple analytics can resolve a growing problematic issue that needs all parties to work together to eradicate.