GB941 RA-Guide V1-0
GB941 RA-Guide V1-0
GB941 RA-Guide V1-0
Guidebook
GB941
Version 1.0
November 2006
TeleManagement Forum 2006
Notice
Page 2 of 70
Table of Contents
Notice ..................................................................................................................................................................2
Table of Contents ..............................................................................................................................................3
List of Figures ....................................................................................................................................................5
Executive Summary ..........................................................................................................................................6
Background ........................................................................................................................................................8
1.1 Dimensions to the RA problem ........................................................................................................9
1.2 Economical Perspective...................................................................................................................9
1.3 Different Approaches to RA .......................................................................................................... 10
1.3.1 Reactive, Active, and Proactive RA ...................................................................................... 10
1.3.2 Data Quality & Data Integrity vs. Process Improvement ..................................................... 11
1.4 Best Practices ................................................................................................................................ 11
1.5 RA Maturity Model ......................................................................................................................... 12
2 RA NGOSS, eTOM and SID .................................................................................................................... 16
2.1 NGOSS .......................................................................................................................................... 17
2.2 The eTOM...................................................................................................................................... 18
2.3 The SID .......................................................................................................................................... 18
2.4 The proposal .................................................................................................................................. 19
3 Revenue Assurance and Fraud ................................................................................................................ 22
3.1 Introduction .................................................................................................................................... 22
3.2 Revenue Leakage Differentiating Fraud and Revenue Assurance Issues ............................. 22
3.2.1 Case 1 .................................................................................................................................... 23
3.2.2 Case 2 .................................................................................................................................... 24
3.2.3 Case 3 .................................................................................................................................... 24
3.2.4 Case 4 .................................................................................................................................... 24
3.3 Relationship between Fraud and Revenue Assurance............................................................... 24
3.3.1 Collaboration for multi-dimensional leakage: ....................................................................... 25
3.4 Recommendations for a Collaborative Approach ........................................................................ 26
3.4.1 Collaboration Components ................................................................................................... 26
3.4.2 Key Benefits of a collaborative approach ............................................................................. 28
4 Revenue Assurance and Regulation ....................................................................................................... 29
4.1 Sarbanes Oxley ............................................................................................................................. 29
4.1.1 Relevant Sections of SOX .................................................................................................... 29
4.1.2 Interplay between SOX and Revenue Assurance ............................................................... 30
4.1.3 Linkage between SOX and eTOM processes ..................................................................... 32
4.1.4 Key Requirements for Revenue Assurance Activities to Enable SOX Compliance .......... 32
4.1.5 Illustrations of Interplay between SOX and Revenue Assurance ....................................... 34
4.1.6 Benefits for SOX Compliance Derived from Revenue Assurance ..................................... 34
4.2 Europe & UK specific linkages...................................................................................................... 34
4.2.1 Introduction: ........................................................................................................................... 34
4.2.2 Implementation of the new European regulatory framework .............................................. 35
4.2.3 Scope, Aims and Definitions ................................................................................................. 35
4.2.4 Structure - National Regulatory Authorities .......................................................................... 36
4.2.5 Obligations and Tasks of National Regulatory Authorities .................................................. 36
Page 3 of 70
4.2.6
4.2.7
Page 4 of 70
List of Figures
10
13
17
19
21
23
32
33
39
40
45
Page 5 of 70
Executive Summary
Revenue leakage is often considered a hidden and uncontrolled cost of doing
business in the telecom industry. In addition to fraud, reasons for revenue loss include
network provisioning, mediation and CDR errors, billing and interconnect
inconsistencies, loss of data and corrupted files, fragmented support systems,
incoherent databases, and manual or ill defined business processes. According to
various Revenue Assurance (RA) research reports, the degree of exposure lies in the
range of 3% to 15% of the Communications Service Providers (CSP) gross revenue
depending on factors such as networks and services type, geography, carrier type,
and Revenue Assurance maturity level.
In the context of Revenue Assurance - the main question for any business is how
much leakage is acceptable and how to improve the operations and systems that will
minimize those leakages. An effective RA process must ensure the integrity and
synchronization of both data and processes across all the disparate systems and the
network itself, in order to sustain operational and financial efficiency. RA provides
analysis of the relationship between network resources, services, customers, and
generated revenue, and enables the CSP not only to detect revenue leakage (e.g.
un-billed customers, mis-billed customers), stranded assets, and operational
inefficiencies, but also to understand the reasons for these undesired occurrences.
This Guidebook originates from TMF Revenue Assurance Technical Report 131, a
technical report on RA issued by TMF in 2004, and leads the reader through different
facets of RA, collecting the experiences of various professionals.
In its evolution from a technical report to a guidebook, the Guidebook aims at
broadening the target audience from the original group of RA technical practitioners to
a broader set of business stakeholders including other contributing, influencing or
benefiting organizations in a CSP. Additional topics have been investigated; others
that were only outlined in TR131 have been further expanded.
In particular, the Guidebook deals with the following topics, each one covered in a
separate chapter:
SID and eTOM models support for RA, according to the recent proposal of
TMF Modeling team to integrate RA into the SID and eTOM
View at Regulatory Compliance through the prism of RA, addressing
Sarbanes-Oxley (SOX) and regulation in general.
Linkages between Fraud Management and RA, a section in which several
options of how to effectively address RA issues are recommended to CSPs.
Page 6 of 70
Page 7 of 70
Background
In 2004 the TeleManagement Forum undertook an initiative to better define and
standardize the issue of revenue assurance for CSPs. The findings were published in
the technical report named TMF Revenue Assurance Technical Report 131
(TR131), publicly available on TeleManagement Forums web site since April 2005.
TR131 is based on the accumulated experience of many operators, vendors, and
system Integrators (SIs). TR131 report lays out the de facto standard by which CSPs
can benchmark their maturity in the RA process.
Revenue Assurance is a well-known challenge in the Telecommunications sector,
mainly rooted in the Telephony world as a set of techniques and methodologies to
identify and fix revenue leakages and/or prevent or detect errors resulting in unbilled
or uncollected revenues of the CSP. Todays accelerated growth in the data, IP and
real-time services market introduces additional complexity and exposure for RA due
to dynamically evolving technologies, continuous demand for new services, more
complex business processes, new value chains, additional external partnerships, new
business models and an every increasing and more complicated operational and
business systems infrastructure.
The above factors, coupled with the tumultuous economic climate that started with
the slowdown in 2001 and the revitalization in 2004-5 and the current regulatory
environment, provide evidence and compelling need for RA in more and more CSPs.
This need, in turn, together with the acknowledgement of the strategic significance of
RA for CSPs, resulted in the formation of organizational units to ensure the accuracy
of financial reporting and revenue recognition. Given increased regulatory and
competitive pressure and in order to remain competitive and profitable, CSPs are
continuingly restructuring their organizations according to new business targets and
priorities. These structural change and the response to market conditions suggest the
benefits of the acceptance of a holistic RA process to optimize the business process,
the usage of existing assets, the data integrity and as a result - maximizing revenues
and in parallel - reducing costs and increase profitability.
Up to 2004 no CSP emerged as credible industry leader, nor was a unique definition
available to comfortably align RA practitioners from different business domains. This
situation may be understood since RA evolved from several organizational units
(Finance Control, Network Operations, Fraud Management, Billing Operations, etc.)
each of which has a different perspective, approach to RA and own priorities.
Moreover, RA is an over-used buzzword. It often reflects the financial needs as well
as objectives related to a business problem. These needs and objectives tend to be
defined differently by different stakeholders, hence the confusion associated with the
term of RA.
Page 8 of 70
1.1
1.2
Economical Perspective
Assessing costs and benefits is a required first step prior to introducing new oftencomplex projects within a business. This is also the case for an RA initiative. To
address this issue, TR131 includes a detailed discussion of the outcomes of a real life
example of a cost-benefit analysis performed by an operator.
The analysis uses a drip tray model; a common metaphor used in describing the
affect of errors in processing charges, a term commonly referred to as leakage. The
metaphor is appropriate as the loss of water from a pipe exhibits similar properties to
the loss or corruption of data as it is processed from one system to the next.
The amount of water lost by the pipe could be measured by comparing the amount
that goes into one end of the pipe against the amount that comes out of the other end
Page 9 of 70
of it. Though simplistic, the comparison of ins and outs lies at the heart of activities
intended to monitor, diagnose, prevent and measure the extent of error.
In
Out
error not
captured
error captured
not resolved
error captured
and resolved
1.3
1.3.1
Different Approaches to RA
Reactive, Active, and Proactive RA
Using the following definitions for different styles of revenue assurance initiatives
Reactive doing something as a response to existing leakages, for example a project to
identify and resolve the causes of actual revenue loss;
Active doing something to address problems as they occur, for example by monitoring
of problems in real-time. This approach is designed to initiate corrective responses
prior to any revenue loss takes place;
Proactive - acting in anticipation, by implementing controls and other measures to prevent
problems from occurring
In general, the reduction in time required to respond to a problem is the basis for the
shift from reactive to active RA. The goal is to anticipate what can go wrong and
prevent it. This pre-emptive approach is the basis for proactive RA.
The Reactive, Active and Proactive approaches to RA are complementary
approaches. A good RA practice must always include Reactive controls, to identify
leakages and create the case for the Active and Proactive controls. Active controls
are required to discover problems in near-real time, and to correct their outcomes
before they cause a real damage. Proactive controls are the ultimate goal. These
Page 10 of 70
controls help preventing the problems from occurring in advance and normally do so
by being addressed in the design and deployment phases. That said, it is a bad
practice to rely only on Proactive controls since, as a result of the significant
complexity of the operations and business systems and processes of a CSP, some
problems may not be able to be detected proactively
1.3.2
1.4
Best Practices
Best practices have been constituted to ensure that comprehensive strategies include
network element configuration data, OSS service activation data, usage data,
mediation rules, and customer account data from order entry, billing and CRM.
Best practice in RA represents a dynamic striving for optimization rather than the
static delivery of a particular series of methods, controls and tools. RA best practice
itself shall be subject to perpetual review and shall not be considered as a static
process.
For an RA strategy to be considered effective it is mandatory to include all of the
following components: technology, people and processes.
Technology component includes identifying data discrepancies and prioritizing the
correction efforts, which is a daunting task, and needs the support of software to be
Page 11 of 70
carried out. eTOM and SID, to some degree inherently provide for improved benefits
of technology integration that reduce some, but not all of the potential fallout
associated with technology components that do not interface without a global
standards adoption.
People component includes the necessary quick investigation of suspicious data by
RA analysts and subject matter experts, intended to determine the validity of
threshold violations when abnormalities occur.
Process component refers to the solid understanding of the complex
interdependencies among network infrastructure, B/OSS environment and business
processes in CSPs operations that the expert should have. eTOM Layer 0 2
processes establish some of the interdependencies and cooperation across business
units, departmental approaches and various company objectives.
RA systems should be designed to support data acquisition from network elements,
provisioning systems, mediation platforms, billing systems, order management
systems, asset management systems, intercarrier exchanges, partner relationship
management, etc., according to the specific business scenario. Beyond data access
capabilities, RA systems should also implement key functional features to perform
appropriate detection techniques (monitoring, reconciling, correlation and so on) and
include reporting tools such as dashboards, tracking and correction panels, case
management tools and enterprise controls visibility across all business functions,
especially given the new financial regulatory environment such as Sarbanes-Oxley.
1.5
RA Maturity Model
TMF Revenue Assurance Technical Report 131 (TR131) also sets forth five
successive stages that characterize the RA level of maturity within a CSP. Not only
does this scale give CSPs a benchmark to measure their progress against other
CSPs, but it also lays out a road map for other RA operations.
Five steps of maturity have been identified, with the fifth step an ideal to be reached.
Initial, when no RA process has been established and only arbitrary ad hoc reactions to
circumstances;
Repeatable, when RA processes are developed at the level of individual projects,
products and implementations. Flaws are identified and remedial action is taken.
Defined, when RA processes are developed for the whole organization. Organizational
priorities for revenue assurance are understood and guide proactive deployment of
resources.
Managed, when RA processes provide consistent quantitative measures. Measures
drive planning and control.
Optimized, when the measures, planning and controls implemented in order to improve
the business themselves become the subject of continual improvement.
Page 12 of 70
5.
4.
3.
2.
1.
Page 13 of 70
must go through these stages to build the required level of trust that will allow it to
maximize the benefits of a full and effective revenue assurance process.
Current RA Trends
The process of RA maturation within an individual service provider is a response not only to the
growth of internal RA experience and expertise, but also reflects the influence of a number of
external macro- and micro-development factors on the perceived RA needs of the business
and the prioritization of RA activities. These external drivers also evolve over time. The primary
categories are as follows:
Macro-economic: the overall state of local and global economies and their impact on
business confidence.
Commercial: the need to increase revenues/margins and lower costs; competitive
pressures.
Industry Regulation: the development of industry-specific regulatory initiatives, ranging
from the general, such as liberalization and privatization in developing markets, to the
specific, such as OFCOMs OTR003 in the UK which requires service providers to
demonstrate metering and billing accuracy with potentially stringent penalties for noncompliance.
Corporate Governance & Fiscal Legislation: most notably the Sarbanes- Oxley Act in the
US and the EUs 8th Directive, introduced to restore public faith and transparency in
the governance, internal controls and audited financial statements of public
companies. (See section 5 ff)
The initial surge of interest in RA coincided with the worsening economic conditions in
developed markets experienced by the high technology sector including the
telecoms industry at the start of the century. Cyclical economic factors are now
improving and causing a concomitant change in the corporate mindset from
accountancy-led back to entrepreneurial-led. There is now some evidence that the
role of mature RA is being asked to change in response, and the Maturity Model
(see section 1.7) may need to be amended to accommodate this.
Some of the noted responses are as follows:
Responsibility for and ownership of the maintenance of primary quality assurance
replacing revenue assurance and being returned to business and operational units. In
mature RA environments where RA culture has become embedded across the
business this trend is not unexpected, and it potentially allows for cost reductions
through personnel reductions and may encourage immediacy at the point of origin for
some but not all - revenue leakage scenarios. However, there is as yet no clear
trend in the relationship between the core RA team and the departmental QA owners.
As above, RA core teams are being downsized as the more immediate firefighting
aspects of RA have been taken in hand and the opportunities for obvious and quick
wins have lessened.
Core RA teams are being refocused with priority give to compliance and governance
related activities. RA has provided much of the knowledge and operational enactment
of SOC programs in conjunction with Internal Audit. As some recent surveys have
Page 14 of 70
highlighted the fact that compliance is now a bigger driver for IT initiatives than ROI,
this reprioritization is, again, not unexpected. However, there are some key
differences between RA and Internal Audit drivers. Whilst demonstrating the accuracy
and completeness of financial reporting is of high relevance to RA, the primary goal
has historically been to satisfy commercial imperatives increasing revenues and
margins whilst reducing costs and these are not key compliance targets.
RA is maintaining input into planning processes, but primarily with a focus on cost
management slant. Typically in such cases, RA expertise in being targeted at tactical
than strategic objectives.
These changes are not necessarily in the best interests of either the evolution of
effective RA or for the broader benefit of service providers looking to ensure cost
effective operations for new generation services.
As RA has increased its influence, and through the necessary efforts of groups such
as the TM Forums RA Working Group and Catalyst projects, the knowledge and
expertise of the RA practitioners is beginning to be standardized into a core RA
process methodology that can be applied across all business units to uncover,
recover and inhibit revenue leakages from a wide variety of different systems,
processes and circumstances. This is critical for the benefit of the entire telecoms
industry, and can provide a critical bridging of operational and business (financial)
processes. However, the business value of RA is engendered in people whether in
an internal RA team or external consultants and not solely in formularized process.
Service Providers in newly competitive, high growth/low penetration markets where
RA is typically less mature are largely unaffected by this trend at present, and may
even benefit from the inbound relocation of experienced RA practitioners. However,
as the technological and legislative drivers they face become increasingly similar to
those in developed markets, it may only be a matter of time before the commercial
drivers fall into line as well.
The global RA community is now facing up to the challenges of new generation
infrastructure and services those based primarily on IP and designed to exploit
convergent service opportunities. In parallel, complex 3rd party commercial
relationships are evolving. A balance between the maintenance of strong processdriven RA derived from the traditional PSTN world and the evolution of a new
generation of RA skills evolved from an IP mindset will be required to guide the
transition and ensure that we learn from past mistakes rather than repeat them.
Page 15 of 70
Page 16 of 70
2.1
NGOSS
Page 17 of 70
2.2
The eTOM
The Enhanced Telecom Operations Map (eTOM) is the ongoing TM Forum initiative
to deliver a business process model or framework for use by service providers and
others within the telecommunications industry. The TM Forum eTOM describes all
the enterprise processes required by a service provider and analyzes them to
different levels of detail according to their significance and priority for the business.
For companies adopting eTOM, it serves as the blueprint for process direction and
provides a neutral reference point for internal process reengineering needs,
partnerships, alliances, and general working agreements with other providers. For
suppliers, eTOM outlines potential boundaries of software components to align with
the customers' needs and highlights the required functions, inputs, and outputs that
must be supported by products.
2.3
The SID
The SID, as the NGOSS information model, provides an information/data reference
model and a common information/data vocabulary from a business as well as a
systems perspective. The SID uses UML to formalize the expression of the needs of
a particular view.
The SID provides the common language for communicating the concerns of the four
major groups of constituents represented by the four NGOSS Views: Business,
System, Implementation and Deployment, defined in the NGOSS Lifecycle. Used in
combination with the eTOM business process and activity descriptions, SID makes it
possible to create a bridge between the business and Information Technology groups
within an organization, providing definitions that are understandable by the business,
but are also rigorous enough to be used for software development.
In order to integrate Revenue Assurance into the NGOSS framework, and to gain all
the benefits of this framework, RA must be integrated at least into the Enhanced
Telecom Operations Map (eTOM), which defines the business processes in the
Page 18 of 70
telecommunications industry, and into the Shared Information/Data Model (SID). The
integration of RA into the eTOM permits telecommunications operators to have a
better understanding of the function of RA at the operational level and to comprehend
the interactions between RA and other processes. The integration into the SID allows
identifying the common data/information model that should be followed by RA
solutions, permitting structured and easy integration between RA solutions, and
between RA solutions and other entities in the telecommunications operational map
2.4
The proposal
The TMF RA modeling team made a detailed proposal of integration of RA into the
SID and eTOM. Below is a high-level description of this proposal. The reader should
keep in mind that this description is neither detailed nor exhaustive, and that
exactitude was sacrificed for simplicity.
We identified 7 RA Aggregate Business Entities (ABEs) that should be incorporated
into the SID
Revenue Assurance controls,
Revenue Assurance violations,
Revenue Assurance key performance indicators (KPIs),
Revenue Assurance objectives
Revenue Assurance rules that map revenue assurance KPIs and
threshold violations to revenue assurance trouble tickets.
Revenue Assurance actions/responses
Revenue Assurance assessments
Figure RA.4 depicts the Revenue Assurance Aggregate Business Entities (ABEs)
within the SID Framework.
Enterprise
(Under Construction)
Revenue Assurance
RA Control
RA Trouble Ticket
RA KPI
RA Action_Response
RA Violation
RA Assessment
RA Objective
Page 19 of 70
The Revenue Assurance Control ABE defines policy-based rules that represent the
logical definition of comparisons performed on entities to identify Revenue
Assurance Violations. For example a Revenue Assurance Control may compare
pre mediation and post mediation call details records (CDRs) to identify improperly
dropped CDRs, i.e. Revenue Assurance Violations
Revenue Assurance KPIs are defined on Revenue Assurance Violations and on
other revenue assurance related entities, such as bills and CDRs. For example a RA
KPI may count the number of Revenue Assurance Violations found by the
Revenue Assurance Control that compared the pre and post mediation CDRs.
Revenue Assurance Objectives are targets whose infringement may trigger the
creation of Revenue Assurance Trouble Tickets. Examples of Revenue
Assurance Objective are that the value of the Revenue Assurance KPI that
counted the number of dropped CDRs is lower than 50,000, or that the trend of this
value over a period of time is negative (the number of violations is dropping). When
one or several Revenue Assurance Objectives are violated, a Revenue
Assurance Trouble Tickets may be issued. For example if the number of dropped
CDRs is higher than 50,000 a Revenue Assurance Trouble Ticket may be issued
and assigned to someone, to check the cause of the problem, and to try to recycle
the dropped CDRs. Revenue Assurance Trouble Tickets may be created as a
result of the infringement of one or more Revenue Assurance Objectives, or as a
result of the finding one or more Revenue Assurance Violations.
Revenue Assurance actions/responses reconcile revenue assurance trouble tickets,
and Revenue Assurance Violations and may bring the Revenue Assurance Trouble
Tickets to closure by initiating and performing a series of one or more activities.
These activities may include corrective activities, e.g., correcting and recycling the
dropped CDRs, and other activities such as sending reports to all the people that
should be aware of the violation of the objective, e.g., sending a report to the CFO if
more than 50,000 dropped CDRs were found. Revenue Assurance Action/Response
ABE entities also may consist in root cause analysis.
Revenue Assurance Assessment ABE entities measure the effectiveness of
Revenue Assurance Controls, Revenue Assurance Objectives, and Revenue
Assurance KPIs.
Revenue Assurance Assessment ABE entities include
recommendations of refining controls, objectives, and KPIs.
The RA ABEs proposed are based on existing SID ABEs, for example the Revenue
Assurance Trouble Tickets is defined using the already existing SID ABE of
TroubleTicket, and the Revenue Assurance actions/responses is defined using
the already existing SID ABE of Activity.
Revenue Assurance (RA) business entities support the complete RA lifecycle. These
processes range from creating RA controls, KPIs and RA objectives, identifying RA
violations and trouble tickets, resolving trouble tickets to assessing an enterprises RA
program. RA eTOM processes are shown in Figure RA.5.
Page 20 of 70
Page 21 of 70
3.1
Introduction
Traditionally, most CSPs identified fraud management as a priority in the early days
of operations. The early focus and implementation of systems contributed to the
development and maturity of fraud management practices and systems. Although
there is a clear relationship between fraud management and revenue assurance,
fraud management has evolved as a separate function, often under different
department and sponsorship within the organization. Industry-wide, there is
consistency in the approach and system functionalities for fraud management.
However, revenue assurance is still an immature activity for many CSPs. Revenue
assurance activities in most of the CSPs are independent of their fraud management
practices. As new issues and systems come into place, there is an increasing need to
look at both fraud management and revenue assurance together due to the nature of
the leakages and the solutions and practices to identify these.
The purpose of this section is to demonstrate the relationship between fraud
management and revenue assurance and recommend different options for CSPs to
effectively tackle revenue assurance issues.
3.2
Page 22 of 70
Fraud
Operational
Inefficiency
Bad Debt
3.2.1
Case 1
Service is not provisioned for a particular subscriber in the billing system, but the
subscriber is using the service. The subscriber is provisioned in the network element.
This scenario can be interpreted in the following way:
The subscriber has been illegally provisioned in the network element
The subscriber was genuine, but because of a process error or error in provisioning
system, only network element was provisioned.
Page 23 of 70
3.2.2
Case 2
A sudden increase in the number of CDRs generated for a subscriber could be
interpreted as three different scenarios
Increased call pattern that is detected by the fraud management system as a potential
fraud;
Increased number of records that may be due to malfunctioning of switch causing
multiple records or incorrect guiding of records
Genuine increase in usage of the subscriber that could be potentially new revenue
opportunities for the service provider.
3.2.3
Case 3
A sudden increase in traffic is detected from a trunk configured for national calls from
an interconnect operator. This scenario can be interpreted as:
Incorrect trunk configuration causing other traffic (such as international traffic) to be
routed through the trunk;
A third company is illegally routing its calls through the trunk using devices such as
gateway SIMs
There is a genuine increase in traffic. This calls for a renegotiation of the existing
contracts and tariffs.
3.2.4
Case 4
As a part of new product development and testing, a CSP provisioned mobile phones
and services for field-testing. This testing included quality of service and network
coverage testing.
At the end of the testing period, the majority of the phones were not
returned but services on them were left activated due to a process error.
After the launch of the new service, fraudsters gained access to these test
phones and used them for illegal call selling, causing significant losses.
3.3
Page 24 of 70
3.3.1
Page 25 of 70
3.4
Recommendations for a
Collaborative Approach
To analyze and resolve revenue leakage issues at a holistic level and in many cases
evolve revenue generation opportunities out of this effort, it is important to adopt a
collaborative approach to revenue assurance. We recommend collaboration between
Revenue Assurance and Fraud Management at three levels: the team level, the
process level, and the tool level. In many cases, such collaboration permits analysis
and resolution of revenue leakage at a holistic level that would be missed otherwise.
Nevertheless, our recommendation is for collaboration between RA and Fraud teams,
and not necessarily for having common people dealing with both.
Similarly our recommendation is to use tools and processes for RA and Fraud that
permit sharing data, KPIs, case management, dashboards and reports. However, we
do not necessarily recommend using the same tool or process for revenue assurance
and fraud (additionally, we do not necessarily recommend to use of the same tool for
all revenue assurance tasks, we recommend rather to use the best of breed). Our
recommendations are explained in the following sections.
3.4.1
Collaboration Components
3.4.1.1
Collaboration of Teams:
Collaboration of fraud management and revenue assurance teams results in more
effective dissemination and transfer of information helping in faster resolution of
issues. Some of the options for collaboration of teams are:
Co-location of the teams that allows easier communication;
Common team members and managers with clear roles and responsibilities who can
liaise between the two teams;
Common team members who analyze both fraud and revenue assurance issues.
3.4.1.1.1
3.4.1.1.2
Page 26 of 70
3.4.1.2
Process
Integration of the fraud management and revenue assurance processes helps
streamline information flow and improve issue resolution. Integration of processes
encompasses setting common objectives and KPIs, integrated resolution
methodology and procedures, transfer of information and cases, inter-department
communication and other related areas. Depending on the nature of the business,
scope and ability to affect changes in the existing structure, integration can be
adopted in all the processes or specific areas. For example, integration can be
adopted only for prevention activities and not for operations.
3.4.1.2.1
3.4.1.2.2
3.4.1.3
Tools
Fraud Management and Revenue Assurance tools can be integrated at two levels
Data Management layer and Business layer.
At the data management layer, the systems use the same data processing and storage
for the interfaces that are commonly used by both. Integration of tools can provide in
significant operational expenditure and infrastructure savings for the CSP.
Page 27 of 70
At the business layer, the integration involves common alarms, workflow, reporting and
presentation. This allows users to share and collaborate effectively. Automation helps
in faster issue communication and resolution, provided appropriate processes are set
up and issues are summarized correctly.
3.4.1.3.1
3.4.1.3.2
Challenges:
Integrated platform that can address both revenue assurance and fraud management
issues;
Modes of operation of fraud management tool and revenue assurance tools are typically
different. Due to the nature of the problem, its perceived impact on the business and
economic considerations, fraud management tools are typically real-time systems
whereas RA tools generally work in a batch-processing mode.
Standard interfaces for tools to collaborate.
3.4.2
Page 28 of 70
4.1
Sarbanes Oxley
The Sarbanes Oxley Act of 2002 was enacted largely in response to a number of
major corporate and accounting scandals involving some of the most prominent
companies in the Unites States. These scandals have resulted in loss of public trust
in reporting practices and corporate accounting. The objective of the SOX Act is to
restore investor confidence in public markets and enhance penalties for corporate
wrongdoing. The SOX Act has entitled the PCAOB (Public Company Accounting
Oversight Board) to oversee compliance with relevant provisions of the Act.
4.1.1
Page 29 of 70
Presenting Conclusions
Fraud, Deficiencies & Significant changes in the Disclosure Controls should be disclosed
Section 404 Internal Controls
Management accepts responsibility for establishing & maintaining Internal Controls
Management is responsible for assessing the effectiveness of Internal Controls
External Auditor attests managements assessment of Internal Control
4.1.2
Page 30 of 70
Revenue
Assurance
IT
Governance
Regulation
Compliance
Internal
Audit
Business
Risk
Management
Page 31 of 70
4.1.3
4.1.4
Page 32 of 70
studied the causal factors that can lead to fraudulent financial reporting, and developed
recommendations for public companies and their independent auditors, for the SEC and
other regulators, and for educational institutions.
Control Environment encompasses the tone of an organization, and sets the basis for how
risk is viewed and addressed by an entitys people. This includes risk management
philosophy and risk appetite, integrity and ethical values, and the environment in which they
operate.
Risk Assessment includes risk analysis, assessment of a risks likelihood and potential
impact, as a basis for determination how those risks should be managed. Risks are assessed
on an inherent and a residual basis.
Control Activities represent policies and procedures that, when established and implemented,
help to ensure that responses to risks are effectively carried out.
Information and Communication ensures that relevant information is identified, captured, and
communicated in a form and timeframe that enable people to carry out their responsibilities.
Effective communication also occurs in a broader sense, flowing down, across, and up the
entity.
Monitoring ensures that internal controls are monitored and modified as necessary.
Monitoring is accomplished through ongoing management activities, separate evaluations, or
both.
Control activities have to be properly documented to enable regular assessment of their
design and operational effectiveness. The usefulness of the above framework is in that
internal control system, designed according to the definitions of the framework layers, could
be successfully used for different risk management objectives, e.g. the ones formulated in the
areas of operational efficiency, compliance or financial reporting.
Page 33 of 70
4.1.5
4.1.6
4.2
4.2.1
Page 34 of 70
4.2.2
4.2.3
Page 35 of 70
4.2.4
4.2.4.1
4.2.4.2
Right of Appeal
At national level effective mechanisms must allow any user or undertaking providing
electronic communications networks or services the right of appeal to an independent
appeal body in the event of any disputes with a national regulatory authority.
4.2.4.3
4.2.5
Page 36 of 70
Ensuring that users derive maximum benefit in terms of choice, price and quality;
Encouraging investment in infrastructure and promoting innovation;
Encouraging efficient use and management of radio frequencies and numbering
resources.
The national regulatory authorities must also contribute to development of the internal
market by, inter alia:
Encouraging the establishment and development of trans-European networks and the
interoperability of pan-European services;
Ensuring that there is no discrimination in the treatment of undertakings providing
electronic communications networks and services;
Cooperating with each other and with the European Commission to ensure the
development of consistent regulatory practice and consistent application of the new
regulatory framework for the telecommunications sector.
The final task of the national regulatory authorities is to promote the interests of the
citizens of Europe by, inter alia:
Ensuring that all citizens have access to a universal service, as specified in Directive;
Ensuring the availability of simple and inexpensive dispute resolution procedures;
Contributing to ensuring a high level of protection of personal data and privacy (Directive
on Privacy and Electronic Communications.)
4.2.6
4.2.7
Page 37 of 70
Page 38 of 70
5.1
5.1.1
Challenges
Challenge #1: CSPs and the multi-party value chain
Old Value Chain
Page 39 of 70
Under the old value chain, CSPs owned the network, OSS/BSS systems and owned the
bilateral relationship with the customers. Consequently, network operators had
complete control of services offered to the customers. Figure 4 describes
schematically the old value chain for network operators. As long as network operators
effectively controlled their infrastructure (OSS/BSS) from process and data integrity
perspective, they were covered from a revenue assurance perspective.
Game
Application
Developers
G
aContent
Providers
m
e
s
G
a
Content
Aggregators
Content
Distributors
Payment
Handlers
Service
Operators
Bearer
Providers
Customers
Page 40 of 70
The other challenge is that the new value chain relies on multiple parties
to provide critical information to enable the CSP to formulate the event
record. The CSP faces the daunting task of assembling information from
all these parties, a task that poses a great source of process and data
integrity challenges.
This new way is in sharp contrast with traditional voice service, in which a call detail
record generated by switch has been the main source of information for the rest of
downstream OSS/BSS systems.
5.1.2
5.1.3
Page 41 of 70
different from making a simple voice call. The user activities in such a transaction could
spawn a set of multiple interactions and multiple dependencies with a number of third parties
such as ring tone and device wallpaper vendors, chat rooms, music and video content and
MMS providers each of which has to be accurately billed, with a portion of each payment
being shared with the owner of the content or service.
Suddenly the CSPs find themselves vulnerable for far more than just the cost of a voice call
in the event of billing errors. Error management becomes very complex and may involve
resolution of errors by multiple parties.
5.1.4
CSP handles all functions for the value chain. CSPs have some expertise and offers
to handle the payment (they know the customer), be the clearing house for the value
chain settlements (they have expertise with interconnections).
The value chain uses an outsourced payment and settlements clearing houses (bank
or Credit Card Company).
This is a whole new concept for CSPs and it reduces the control that the CSPs have over the
revenue stream, hence increase the risk for revenue leakages.
5.2
5.2.1
Recommended Strategies
Key Strategies
Clearly define and address the business process, systems and integration requirements
to support the new services.
Identify the control points required in the new value chain, what controls they provide,
cost of control and time to implement.
Page 42 of 70
Define a New Services Launch Process for revenue impact assessment. This process
needs to be examined closely and testing of the launch process needs to be
evaluated from distribution of content and revenue recognition perspective.
Do not assume that legacy infrastructure would be sufficient to address the evolving value
chain. Carry out the assessment and review of the legacy infrastructure in support of
the new value chain. Identify the gaps, process and data integrity challenges.
Segregate the new value chain processes, reconciliation and accounting procedures from
the existing business processes and procedures.
Identify and partner with the vendors who can provide infrastructure with in-built
assurance framework necessary for mobile content and advanced services
Define the Clear set of rules of engagement with the value chain partners. Carefully
define the details on contract terms and conditions with partners of the value chain to
address the roles and responsibilities.
Evaluate the Settlement Challenges. Settlement requirements need close examination.
Content partners need to provide the accurate and timely data feed for settlement
information. Settlement process robustness from a business requirements
perspective and reverse settlement perspective needs to be evaluated. Configuration
of the partners within the settlement and billing system needs to be evaluated from
data accuracy and data completeness perspective
Call Centers Methods and Procedures (M&Ps) related to customer requests for credits
and adjustments for content need to be closely evaluated. Customer adjustments
need to be closely linked with the settlement process with the partners to ensure the
company can realize the adjustments from the content providers in case if they have
provided adjustments to its customers
Event data must be evaluated on a continuous basis in correlation with the common
customer problems for these services to identify data and process integrity issues.
Page 43 of 70
6.1
Introduction
Revenue Assurance is an ongoing, ever evolving process in organizations. Regardless of
which evolutionary step the RA Team is currently in, each RA Team continually evaluates
and reviews its processes and data quality. Part of this process is the recognition of different
scenarios in its methods/procedure/process that create revenue/cost loss.
The purpose of this chapter is to:
Provide some practical examples of revenue affecting issues, based on the combined
experience of the TMF working group,
Enable the reader to gain an insight in the many and varied causes of under and over
billing that are present within the industry
Provide a framework to assist the reader in classifying recurring revenue assurance
problems and provide some practical guidelines for their detection and correction
It should be noted that whilst these are real examples, no one CSP is expected to suffer from
all of the issues described here. Our goal is to provide an extensive but non-exhaustive list of
examples of events that have been observed within member organizations. Murphys Law
states that if something can go wrong, it will eventually.
As a team, our objectives are to help, share, and add to the shared knowledge of all
members. If you have other examples that would help or enlighten future readers, please
forward to Gadi Solotorevsky (email: [email protected] )
6.2
Page 44 of 70
Other
14
12
10
Internal fraud
External fraud
Interconnect / partner payment errors
2003
(sample 50)
2004
(sample 100)
2005
(sample 104)
Fraud
Credit management
Incomplete/incorrect
xDRs
Poor
processes/systems
Poor systems
Page 45 of 70
6.3
integration
Applying new
products/prices
Interconnect errors
Invoicing system
errors
A.1
Revenue Leakage
A.2
Revenue Leakage
Page 46 of 70
A.3
Revenue Leakage
A.4
Cost Leakage
A.5
Revenue Leakage
A.6
Revenue Leakage
A.7
Stranded assets
Cost Leakage
A.8
Cost Leakage
A.9
Revenue Leakage
A.10
Cost Leakage
A.11
Cost Leakage
A.12
Cost Leakage
Provisioning
B.1
Revenue Leakage
B.2
Revenue Leakage
B.3
Revenue Leakage
B.4
Revenue gain
B.5
Revenue Leakage
B.6
Revenue Leakage
B.7
Ported out numbers not de-listed from billing for which costs
are still paid to third parties
Cost Leakage
B.8
Revenue Leakage
Page 47 of 70
B.9
Revenue Leakage
B.10
Revenue Leakage
B.11
Paying retail rates to third party suppliers for lines which should
be charged as wholesale
Cost Leakage
B.12
Cost Leakage
B.13
Revenue Leakage
B.14
Revenue Leakage
Network management
C.1
Revenue Leakage
C.2
Cost Leakage
C.3
Cost Leakage
C.4
Revenue Opportunity
C.5
Revenue Leakage
C.6
Revenue Leakage
C.7
Revenue Leakage
C.8
Revenue Leakage
C.9
Revenue Leakage
D.1
Revenue Leakage
Page 48 of 70
D.2
Revenue Leakage
D.3
Revenue Leakage
D.4
Revenue Leakage
D.5
Revenue Leakage
D.6
Any data lost during file transfer between switch and mediation
Revenue Leakage
D.7
Any data lost during file transfer between Mediation and Billing
System
Revenue Leakage
D.8
Revenue Leakage
D.9
Revenue Leakage
D.10
Number of calls per month which are not billed as the billing
system incorrectly identifies them as 'duplicates'
Revenue Leakage
D.11
Revenue Leakage
D.12
Revenue Leakage
D.13
Revenue Leakage
D.14
Revenue Leakage
D.15
Revenue Leakage
D.16
Revenue Leakage
D.17
Revenue Leakage
D.18
Revenue Leakage
D.19
Revenue Leakage
D.20
TAP files from network not sent to clearing house and foreign
operator
Revenue Leakage
D.21
revenue leakage
Page 49 of 70
E.1
Revenue Leakage
E.2
Revenue Leakage
E.3
Revenue Leakage
Rating process
F1
Revenue Leakage
F2
Revenue Leakage
F3
Revenue Leakage
F4
Revenue Leakage
F5
Revenue Leakage
F6
Revenue Leakage
F8
Revenue Leakage
Pricing Structure
G1
Revenue Opportunity
G3
Cost Leakage
G4
Cost Leakage
G7
Revenue Leakage
G8
Low Margin Calls: Cases where Operator has set call rates
significantly lower than other operators
Revenue Opportunity
G9
Revenue Leakage
G10
Revenue Opportunity
Page 50 of 70
Billing operations
H1
Revenue Leakage
H2
Revenue Leakage
H3
Revenue Leakage
H5
Revenue Leakage
H6
Revenue Leakage
H7
Revenue Leakage
H8
Revenue Leakage
H9
Revenue Leakage
I.1
Revenue Leakage
I.2
Revenue Leakage
I.3
Cost Leakage
I.4
Revenue Leakage
I.5
Revenue Leakage
I.6
Cost Leakage
I.7
Revenue Leakage
I.8
Revenue Leakage
I.9
Revenue Leakage
I.10
Revenue Leakage
Page 51 of 70
I.11
6.4
Revenue Leakage
Classification
Source
Related
Process
Description
Sales Assurance
Credit Assurance
Subscription Assurance
Usage Assurance
Fraud Assurance
Collection Assurance
Page 52 of 70
Classification
Source
Related
Process
Description
Quality Assurance
Cost Assurance
Process Assurance
Corporate Governance
Page 53 of 70
Title
Market segment
Classification
Leakage Point
Voicemail (333)
Mobile (GSM)
Usage Assurance
D.8
Description
A European GSM mobile operator offered a voicemail service and provided a short code of 333,
enabling subscribers to access their voicemail. Voicemail retrieval was offered free of charge.
The introduction of this service caused billing to cease for a region of an international destination, but
was not detected until nine months after launch.
Root Cause
The mediation system was instructed to remove usage records representing voicemail retrieval from
the billing stream, to avoid the billing system being overloaded with unbillable records. However, the
mediation system vendor implemented this rule as a prefix match rather than an exact match.
The result being that all usage records to numbers that started with 333 were removed from the
billing stream rather than those that were just 333.
33 is the country code of France, and 3 is the Northeastern region of France, so in this case calls to
this area remained unbilled.
Detection
This problem was difficult to detect due to the fact that the mediation system did not provide a
summary of the number of usage records removed using this rule.
It was detected by accident when a programmer was looking at the code provided by the vendor for
a different purpose.
Correction
Correction to this problem was simply to change the filter to an exact match.
Prevention
The following techniques could be used in combination to prevent recurrence of this or similar
issues:
Independent analysis of network usage records and comparison with billing summaries for
international traffic would have detected the anomaly
Improved testing process of new releases of mediation software
Page 54 of 70
Title
Unexpected roaming
Market segment
GSM (Inbound roaming)
Classification
Usage Assurance
Leakage Point
Ref.
C.5
Description
Subscribers of a foreign operator were able to connect, make and received calls, within a visited
network where no inbound roaming agreement existed between the two parties.
The problem existed for approximately six months before it was detected; the operator of the home
network was unable to recover any of this revenue.
In addition, the operator had also received and paid charges relating to termination of calls off-net
that originated by these foreign subscribers.
Root Cause
The network allowed foreign subscribers from this particular roaming partner to gain access to the
home network.
Detection
This problem was detected during a usage assurance audit that analyzed network usage data and
compared it to an analysis of the roaming clearing (TAP-out) files sent to the operators roaming
clearing house.
Files were not present for one of the foreign operators that were observed in the network usage
data.
Correction
The network was corrected so that these subscribers could no longer gain access to the network.
Prevention
The following techniques could be used in combination to prevent recurrence of this or similar
issues:
Review of process by which the network is open to foreign subscribers.
Ensure roaming agreements are correctly implemented within the network
Independent analysis of network usage records and comparison with billing summaries for
traffic would have detected the anomaly
Page 55 of 70
Title
Fraudulent interconnect traffic
Market segment
Interconnect
settlement
Classification
Usage Assurance
Leakage Point
D.2
Description
International traffic for terminating routed via PTT in such a way as avoid paying termination
charges.
The problem existed for approximately nine months before detection.
Root Cause
A loophole in the recording of usage data by the gateway switch was exploited by a competitive
operator, causing terminating international traffic to be recorded with a zero duration
Additionally, the process existed to specifically remove zero duration calls from the interconnect
settlement billing stream.
Detection
When analyzing usage patterns for a fixed line operator an unexpected high number of zero
duration calls was observed for international calls but only on routes relating to a particular
operator.
On further inspection, the calls were found to have represented real, successful calls; they had a
start time and an end time, but had been recorded by the network with zero duration.
Correction
Initially, the mediation system recalculated the duration from the start and end times.
Ultimately the switch was corrected.
Prevention
The following techniques could be used in combination to prevent recurrence of this or similar
issues:
Independent analysis of network usage records and comparison with billing summaries for
international traffic would have detected the anomaly
Recalculation of duration from start and end times to compare with recorded duration
Periodic network testing to ensure accurate recording of usage information
Page 56 of 70
Title
Unbilled Service
Market segment
Data Services
Classification
Sales
Assurance
Leakage Point
Ref. A.4
Description
Customers of a large operator took part in a trial period for a new service. When the trial period has
expired some of the customers that took part in the pilot continued to use the service and were
not charged for it
Root Cause
Once the pilot period has ceased, some of the participating customers did not request to continue
with the service, hence the billing system was not updated with the relevant service profile for
those customers.
The result was customers who did not have their billing profile updated continued to use the service
under the same terms of the pilot period i.e. without being charged for the service.
Detection
The detection of the problem was achieved by comparing the actual service topology on the
network with the profile of the customers on the billing system, i.e. the list of the service for which
each customer is being charged.
Correction
The billing profile of the relevant customers was corrected.
Prevention
The following techniques could be used in combination to prevent recurrence of this or similar
issues:
Test the data integrity between the network and the billing system whenever a trial period
(or any other special period) elapses.
Page 57 of 70
Title
Stranded Assets
Market segment
Broadband & Data Networks
Classification
Cost Assurance
Leakage
Point Ref.
A.7
Description
A DSL service involved many installations for customers joining the service and de-installations for
customers who decided to cease the service. Apparently, the utilization of the network elements
supporting the DSL service did not prove to be optimal, and that, in turn, required the purchase of
an excess amount of network equipment.
Root Cause
During the cease process the service resources were released correctly in the network inventory
database, but were not de-activated in the physical network, and the service was not deleted
properly from the billing system.
Detection
This problem was detected by comparing the information from the physical network, using an NMS
with information from the network inventory system, provisioning and activation system and the
billing system. This comparison highlighted the discrepancies between the information, as it was
stored in the OSS and the billing and the actual status of the NE utilization.
Correction
The network was corrected so that the network assets were marked again as available for use and
the billing customer profiles were updated to reflect the cease of the service for the relevant
customers.
Prevention
The following techniques could be used in combination to prevent recurrence of this or similar
issues:
Review of the process and the business rules involved in activation / de-activation of a
service for a customer, with contingency for failures overcome.
Analysis of the usage on the whole network assets against their operational status could
reveal in use components with zero utilization on them.
Page 58 of 70
Title
Market segment
Classification
Leakage Point
Under billed services
Service Provisioning
Subscription Assurance
Ref. B.1
Description
A customer was offered a new DSL service and ordered the lowest rate and least expensive
option. In the middle of the provisioning process the customer asked for an upgrade in the service
to premium option. The service that the customer got eventually was the premium service, but the
customer was charged for the cheaper option.
Root Cause
In the process that begins with a service order and completes with the activation of the service for
the customer the billing system was involved at the stage of the initial order as to which price-plan
is relevant, and receives an event that initiates the actual charging when the activation is complete.
However, if a change to parameters is done between the initial order and the activation the billing
system is not aware of this change.
Detection
The detection was possible through the comparison of information in the network inventory system,
the billing and the actual service status, as reflected by an NMS system. This comparison revealed
the discrepancy between the services defined in the billing system as the basis for charging and the
actual service that was both defined in the network inventory database and that was actually
configured in the network.
Correction
As a short term remedy the definitions in the billing system were updated to be aligned with the
actual service provided
Prevention
The following techniques could be used in combination to prevent recurrence of this or similar
issues:
Updating the business process to include an update to the billing system with any change
that is being done to an open order.
Proactively initiate a timely check to ensure that the information in all the OSS the BSS and
the network are aligned and synchronized.
Page 59 of 70
Title
Real Time Toll Ticketing files analysis
Market segment
Mobile
(GSM/UMTS)
Classification
Usage Assurance
Leakage Point
Ref. D.12
Description
A tier 1 mobile operator experienced a systematic loss of revenues due to a particular type of international
roaming.
Visiting users roaming onto the operator network originated calls that were incorrectly billed only by their
home operator (TAP OUT flow).
The problem persisted for almost six months till its definitive solution.
Root Cause
Such kind of roaming calls generate the production of composite xDRs, called CAMEL xDRs.
Camel xDRs are composed by two simple xDRs: a Mobile-Land xDR and a Land-Land xDR.
In this composite xDRs, the networks nodes generated some unexpected fields causing the
inappropriate billing of these international roaming calls.
Detection
Discrepancies between Usage data and Billing data for international roaming calls pointed out the
anomaly. Such analysis is performed periodically and however with a low frequency.
Correction
The mobile operator introduced an automatic network-testing tool, which allowed the real time analysis of
toll ticketing files where xDRs are included.
The real time analysis allowed checking xDRs fields against semantic rules. Warnings and alarms were
set to notify when incorrect xDRs exceeded defined thresholds.
These alarms enabled the operator to spot roaming issues before post processing activities.
Prevention
Most often such analysis are not performed real time but after post processing activities due to the lack of
an appropriate automatic tool enabling real time analysis.
Based on the frequency of batch analysis and the kind of similar issues spotted only after post
processing the leakage involved may vary too little to considerable amounts of money.
Improved testing of international roaming for calls and services.
Page 60 of 70
Title
Mobile content services roll out
Market segment
Mobile (GSM/UMTS)
Classification
Process
Assurance
Leakage Point
D.1
Description
A competitive mobile operator was forced to roll out in a very short time new services (games javabased) to stay competitive.
Such services required a change of release and some patches on SGSN and GGSN nodes.
Time constraints required the testing activities for service rollout to be significantly reduced.
After service rollout the operator suffered from revenue losses, i.e. poorer margins than expected,
without clear evidence of the causes.
This alarmed the operator since loyalty and churn issues turn into rolling out of new services almost
every month.
Root Cause
SW upgrades and patch activities on networks nodes are key factors in new services rollouts.
These activities are delicate. The correct setting of all parameters affecting service delivery and the
testing often are complex and involve test scenarios within several and different network nodes.
Time-to-market constraints unfortunately imply a limited set of tests cases to be performed.
Limited set of sample tests mean that more errors, read revenue issues, are likely to occur after the
service has been deployed.
Detection
Post processing analysis of both missing expected xDRs and badly generated xDRs (incorrect
fields) related to recently launched services pointed out the issue.
Correction
The objective of this testing is to encompass an adequately wide test cases base spanning different
user profiles, roaming types, geographical locations, etc. Review of new services deployment
testing procedures and sample test cases, patches and upgrading activities (time consuming heavy
non regression tests).
Prevention
Such activities have to be performed in a very short time yet they should include many testing
activities, to cover the different service scenarios.
Review of testing procedures and processes to avoid leakage, inaccurate billing or poor
service levels.
Use of automated tools to shorten testing activities period, make them easily repeatable
and widen their scope preferably including capabilities of:
Artificial traffic generation
Actual traffic analysis in real time
Flexible configuration of analysis to accommodate new services
Massive testing
Centralized architecture to reduce costs related to technical personnel involved in remote
on the field tests
Page 61 of 70
Title
Market segment
Classification
Leakage Point
WiFi
Mobile (WiFi)
Usage Assurance
D.18
Description
Business customers of a national data-voice Service Provider were able to get WiFi connection even if
their credit was void.
Such leakage was solved only after several weeks.
Root Cause
The updating of a Lucent Navis radius version required syntax changes in radius policies.
Navis Radius versions installed in production and testing environments were different. This
discrepancy raised troubles for changed syntax and generated leakages because what tested didnt fit
production environment.
In fact the user was actually able to connect even though NAS returned zero as maximum duration for
connection.
Detection
Subsequent analysis of WiFi connections pointed out some odd long connections with abnormal
amount of downloaded data. A restricted user base initiated them, which was easy to catch.
Correction
Analysis of old backup Radius policy spotted the misaligned syntax for production version and then
leads for it to be fixed.
Prevention
A tool for automated check and fixing on software versioning between testing and production
installation base was introduced.
Such a decision allows preventing also unknown discrepancies, which may arise form misaligned
software versions and generate leakages for the service provider.
Title
Market segment
Classification
Leakage Point
WiFi Roaming
Mobile (WiFi)
Usage Assurance
D.18
Description
Roaming for WiFi connections of a medium size Italian Service Providers towards a particular
operator was systematically unbilled.
Navis Radius was failing to properly connect to the rating engine.
Root Cause
Connection management for roaming calls toward the third operator of interest was managed by a
piece of software not correctly updated.
Such software requires two separate calls to the rating engine. The first aims at calculating users
remaining connection time from his remaining credit and users location. The last one aims at
deducing the remaining credit from actual connection time and users credit before starting the call, as
a double check.
Second call to the rating engine was not properly implemented.
Detection
The problem was resulting in different billing data from the two involved operators since only one of
them was properly rating and billing users WiFi connections.
Analysis of connections data pointed out the actual trouble since all connections was properly tracked.
Correction
Install and configure up-to-date software for the second call to the rating engine to properly be
accomplished.
Prevention
Legacy solution to monitor tracked connection data and rated values was implemented.
Moreover as a development mandatory policy was prohibited to release single java classes not
included in packages.
Page 62 of 70
Fraud - Unnoticed?
In spite of the fact that many telecom companies worldwide have lost significant
amounts of money due to fraudulent activity in their networks, a large number of
CSPs are still not addressing this crucial issue. In many cases, they even feel that
fraud does not exist. Even though one wishes that this should be the case, this is
never true. Losses due to fraud often get swept under the carpet as bad debt. A
recent study has proven that the portion of revenue lost due to fraud could form 4050% of the bad debt component! Another aspect is the belief that networks based on
digital technologies are secure. The networks that were rolled out earlier used
analog technologies that had several technical loopholes. Fraudsters exploited these
opportunities to make money. The advent of digital technologies like GSM put paid to
most of the technical frauds. Perhaps this could be the reason why many GSM
operators feel that they are safe from the clutches of villainous fraudsters.
Innovative fraudsters soon managed to find simple, non-technical ways to continue
their nefarious activities even in technically advanced digital networks. The much
dreaded subscription fraud is the best example of this scenario. This is a case where
fraudsters obtain legal connections from telecom companies with no intention of ever
paying their bills. The companies have no way of collecting these outstanding
amounts, as the fraudsters can never be traced. The very nature of subscription fraud
misleads operators into considering losses from fraudulent activities as ordinary bad
debts. The danger here is that the fraud - which actually requires focused attention goes unnoticed and in due course of time leads to a significant amount of revenue
loss.
Page 63 of 70
Page 64 of 70
physical connection to a telephone line using some clamping devices (like alligator clips).
This is one of the oldest forms of telecom fraud. Both of the above types of fraud are
surfing frauds, which imply unauthorized use of a service or a product.
Pre-paid systems that were deployed initially had several inherent problems such as
last call exposure and were prone to fraud attacks like hacking of platform. Vendors of
pre-paid systems understood the seriousness of the issue and upgraded the
technology in the platforms, making them more secure. This has led to a false belief
among operators that pre-paid systems are fraud-free. This is not true and huge
losses are being reported due to Pre-paid Fraud. Fraudsters have found it possible to
defraud pre-paid platforms through the abuse of security codes, using ghosting
techniques to confuse the platform, internal fraud etc.
In addition to the above, there exists the problem of internal fraud wherein
employees within the operator or associates of the company aid outsiders in
defrauding the network. Employees have access to all parts of the network and are
sufficiently knowledgeable to know where to play the dirty tricks. There have been
instances wherein employees have used highly sophisticated instruments (which
were actually meant to be used for network troubleshooting) to obtain confidential
information and make money using this information. Internal Fraud is extremely
dangerous and can lead to a quick erosion of revenue.
Interconnect fraud is another important area. Some of the common interconnect
frauds include partners introducing additional traffic not covered by the contract by
unapproved use of GSM gateways. This allows partners to terminate large amount of
calls that are not accounted for. Another interconnect fraud is the modification of call
parameters such as A-number to modify the nature of the call to apply lower charges.
By modifying the A-number, international calls that attract higher rates can be
modified to look like a local call. Other interconnect frauds include illegal bypass of
traffic through cheaper unauthorized networks whereas regulation mandates transit
through authorized carriers.
Page 65 of 70
8 Administrative Appendix
This Appendix provides additional background material about the TeleManagement
Forum and this document.
8.1
8.2
Page 66 of 70
8.3
8.3.1
Document History
Version History
<This section records the changes between this and the previous document version as it is edited
by the team concerned. Note: this is an incremental number which does not have to match the
release number>
8.3.2
Version Number
0.1
0.2
0.3
0.4
0.5
0.6
Date Modified
19-DEC-2005
21-DEC-2005
26-JAN-2005
10-MAR-2006
10-MAY-2006
01-JUN-2006
Modified by:
Mike Willett
Kathryn Durham
Mike Willett
Kathryn Dunham
Mike Willett
Gadi
Solotorevsky
D Burkett
0.7
9Jun06
0.8
5 -July-06
T.OSullivan
0.9
11-October-06
Gadi
Solotorevsky
1.0
08-Nov-2006
Tina O'Sullivan
th
Description of changes
First issue of document
Updates
First update with review comments
First Revision after TAW
Editors review to release to group
Internal review before release to
TMF members review
Minor edits in preparation for
Approval Committee review.
Final modification prior to ME
posting.
Minor formatting and numbering
changes as result from review
process
Updated for Public sharing
Release History
<This section records the changes between this and the previous Official document release>
8.4
Release Number
Date Modified
Modified by:
1.0
19-Dec-2005
Mike Willett
Description of
changes
Initial Release
Telstra Corporation
Ltd
Name
Title
Email
Phone
Fax:
Name
Title
Email
Phone
Fax:
Name
Title
Email
Page 67 of 70
Logan - Orviss
Subex Systems
Infogix, Inc
Datamat SpA
Revenue Protect
Limited
8.5
Acknowledgments
The members of the TeleManagement Forum Revenue Assurance Technical Team prepared
this document:
The Revenue Assurance Guidebook, GB941, is a genuinely collaborative effort. The
TeleManagement Forum would like to thank the following people for contributing their time
and expertise to the production of this document.
Page 68 of 70
A number of people provided input and/or formal contributions. Although not an exhaustive list, many
thanks to the following for their thoughtful input and contributions
8.6
Page 69 of 70
Enabling the development of a market and real products for integrating and automating
telecom operations processes.
The members of TM Forum include service providers, network operators and suppliers of
equipment and software to the communications industry. With that combination of buyers
and suppliers of operational support systems, TM Forum is able to achieve results in a
pragmatic way that leads to product offerings (from member companies) as well as paper
specifications.
Page 70 of 70