Dror Eshet Dror Eshet FraudView® Product Manager - cVidya

Featured Blogs

Why DPI Analysis is Essential for Detecting Data & IP Fraud

  • As telcos transition to more Data & IP services, it’s revolutionizing the fraud management practice.

    Look at it from the criminal’s point of view.  Up to now, fraudsters have been making money on relatively traditional and expensive services like international or long distance voice calls.  Yet today, voice calls are super cheap, so how are they going to make money?

    The fraudster’s strategy is to switch horses: they are now highly focused on fraud opportunities around Data and IP services.  Trouble is: Traditionally these areas are a relative blind spot for fraud managers.

    Sure, fraud departments have always monitored Data transactions and traffic, but the analysis point was traffic volume – who’s using lots of data or uploading information more often.   Now while volumetric data is important, it’s just not enough in today’s world.

    So what can fraud managers do?   Well, first and foremost, I think fraud managers need to rethink their existing controls, map and reassess the "new environment" and where the exposure areas are. This will probably require updating internal policies and procedures, training staff, and creating new and efficient controls on top of the traditional ones.    


    Deep Packet Inspection meets the Data & IP Fraud Threat


    We feel the best way to handle the growing Data fraud threat is to vastly increase the number and variety of data sources you can analyze.  That’s why we’re putting a big emphasis now on data sources that weren't available in the past – unconventional data sources such as social media and DPI (deep packet inspection).


    DPI is a fancy word, but it simply means looking at the content of Data traffic, not just the headers or the volume.   We’re now busy integrating DPI into our intelligent detection engines that analyze the data. 


    The idea is to leverage the same DPI data that operators collect for service assurance, engineering, and network planning.  We take that data and using our sophisticated fraud detection engines that take in any data source, then find the suspicious or abnormal things and build alerts and cases around that.


    Market Changes Drive Fraud Management Practices


    You don’t need to look far to notice how mobile broadband is changing things massively.  Go to the website of any mobile operator in the world: five years ago you would see ads promoting low cost international calls.  But today you see ads touting things like "unlimited data plan" and "speak as long as you like", and “get 5 Gigabytes” for a fixed price.


    It’s pretty clear that mobile operators are aggressively pushing for customers to consume more data through: attractive data plans, on-demand offers – even selling connected tablets with a SIM card inside to encourage mobile data consumption and reduce the WiFi connection as much as possible.


    To understand the impact of these trends, you need to look at the business itself and understand where you are exposed.


    Monitoring the Practice of Tethering


    One particular interesting case here is “Tethering” – basically connecting multiple devices to the web through one internet access point.  Now in many shared plans, tethering is acceptable because you are connecting through someone in your family, for instance. The issue mobile operators face is when use tethering for commercial use (trying to make money out of it) and actually reduce the potential revenues of the operator.


    Now in most corners of the world, monitoring for tethering is not that important so far.   But I can tell you that operators in the States like Verizon and AT&T have launched dedicated packages for tethering that are much more expensive than normal packages, so it’s likely to become a worldwide trend.


    People are not quite sure how to classify tethering.   It’s not a classic fraud case like IPRS.   But it’s certainly an abuse of the wireless contract that could prove very costly for an operator.   Most fraud management systems out there don’t track tethering abuse: either they can’t get at the DPI data to find it or the fraud team is not fully aware of the issue.


    Illegal Mobile Access


    Another emerging area of risk is illegal mobile access.  In certain markets of Latin America and Europe, the operator created bundled data plans that offer premium access to certain websites.   For example, one bundle might provide high quality, unlimited Facebook access for $10 a month.  Or for $15, you get access to Twitter, Facebook, and emails.


    OK now, suppose the operator wants to charge a premium fee for YouTube access.  Well, right there is an attractive incentive for abusers to bypass the restrictions and gain access to YouTube via proxy servers that hide the user’s IP address.


    Fortunately though, with DPI we can manage this abuse: even though the user’s identity is masked at the originating point, you can spot any and all the web traffic that gets to YouTube via a proxy server.


    So I think you can see where things are headed.   More and more, operators will make deals with OTT (Over the Top) application providers to offer premium services.  Soon it will become essential to monitor and enforce these premium access policies.




    Bottom line, the dramatic expansion of Data services brings a totally new ball game.   Looking through the fraud management binoculars, we need new methods of fraud detection.  And operators who don’t move toward DPI data analysis will be more and more at risk as the consumption of Data services keeps on growing exponentially. 

    Dror Eshet
    About Dror Eshet Dror Eshet works as FraudView® Product Manager at cVidya
    More information : http://www.cvidya.com/