David Morrow Group Corporate Security Fraud Manager Vodafone Group Services Limited.

Similar documents
Make Better Connections Discover the Benefits of GSMA Membership

GSM Association (GSMA) Mobile Ticketing Initiative

Many countries decided on IMT-2000

E N H A N C E D F R A U D D E T E C T I O N U S I N G S I G N A L I N G. W U G M a l a y s i a

Mobile School Training International Mobile Communication

A MODEL FOR INTERCONNECTION IN IP-BASED NETWORKS

Emerging Risks in Emerging Payments

COURSE DESCRIPTION VOICE OVER LTE (VOLTE) Format: Face to Face, Live on Web. Duration: 2 Days, 4 x 3 Hours

Convergence Presented by

Challenges on the way to 3G success in Poland

End User Services. On the Road to Ultra Mobile Broadband. March 27, 2007

BENEFITS of MEMBERSHIP FOR YOUR INSTITUTION

Nuno Pestana, WeDo Technologies

IP multimedia in 3G. Structure. Author: MartinHarris Orange. Understanding IP multimedia in 3G. Developments in 3GPP. IP multimedia services

M-Commerce and its features

Sustaining profitable growth in Mobile

MOBILE NETWORK SECURITY

COURSE DESCRIPTION INTRODUCTION TO MODERN TELECOMS. Format: Classroom. Duration: 3 Days

09. Mobile Commerce. Contents. Mobile Computing and Commerce

COURSE DESCRIPTION ICT, UNIFIED COMMUNICATIONS AND DIGITAL SERVICES. Format: Face-Face or Live-on -Web. Duration: 2 Days or 4 x 3 Hours

Reshaping Indonesia s Advertising and Media Landscape New Approach to the Existing Business for XL Axiata

Push-to-Revenue: Maximizing Potential Beyond Basic Push-to-Talk. David Wetherelt, Director International Carrier Sales

ENABLING MULTI-ACCESS SERVICES WITH THE ALWAYS BEST CONNECTED CONCEPT

TELECOMS TRAINING SCHEDULE

Operator cooperation in South Korea has created a successful identity solution. SK Telecom South Korea

CDG Technology Forum Inter-Technology Networking

GHANA CANDIDATE FOR THE ITU COUNCIL REPUBLIC OF GHANA

TELECOMS TRAINING SCHEDULE

A Framework for Managing Crime and Fraud

University of Sunderland Business Assurance PCI Security Policy

Routing & Addressing FORUM. Carlos Dasilva, Orange. presented by. May 26, The opportunities and the issues given by

Ericsson in financial services

Challenges of Global Roaming

Mavenir Keynote. Think Smarter Secure communication Innovate Services. By Mohamed Issa Regional Head of Africa Sales

Connected & Smart Home Research Package

Version 11

COURSE DESCRIPTION INFORMA CERTIFIED MOBILE NETWORKS TECHNOLOGIES & EVOLUTION. Format: Classroom. Duration: 5 Days

LTE TECHNOLOGY. Format: Online Academy. Duration: 7 Modules

PBX Fraud Information

IP Interconnection. Calvin S. Monson Vice President. Antigua September 2007

Mobile communication and the Internet two success stories joining forces

The future of mobile banking

Preventing Telecommunication Fraud in Machine-toMachine Communications

Evolving Wireless Services to the Future


Regulation and the Internet of Things

What is NGN? Hamid R. Rabiee Mostafa Salehi, Fatemeh Dabiran, Hoda Ayatollahi Spring 2011

ITU/BDT Regional Economic and Financial Forum of Telecommun ications/i CTs for Asia and Pacific. Impact of Internet and OTT on Services

Online Digital Transformation Courses COB Certified E-Commerce & E-Business Manager E-Learning Options

Portugal - Telecoms, Mobile, Broadband and Digital Media - Statistics and Analyses

COURSE DESCRIPTION INTRODUCTION TO MODERN TELECOMS. Format: Classroom. Duration: 3 Days

To Study the Usage & Awareness of M- Commerce and its services with reference to Nagpur City

The Economics of Delivering Triple Play to the Home

Examining potentials for future of mobile Internet

Mobile Security / Mobile Payments

Emerging Technologies. Kursten Leins GM Strategy & Government Affairs, Ericsson Australia & New Zealand

Applications Expert Center WELCOME I M S

The unbundling of international roaming

This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry

Mobile Commerce. Electronic Commerce

MGT Mini MBA in Telecom Technologies

Overview. M-commerce vs. E-commerce

Tiscali Business Services Wholesale IPVPN Services Summary

Development of IPX: Myth or Reality?

Mobile Internet Development in China

3G Network Convergence

Fixed Mobile Convergence

CITEL s s Focus on Cybersecurity and Critical Infrastructure Protection CITEL

Avaya Aura Scalability and Reliability Overview

3G Wireless. from an Operator s Perspective. David T. Shimozawa Technology Development. Page 1. June 2001

Evolution and Migration to IMT-2000 & Systems beyond

Join the Revolution in prepaid payments!

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Reducing Telecoms Fraud Losses

Mobile Payments Building the NFC Ecosystem

Breaking the Silos Access and Service Convergence over the Mobile Internet

Mobile TeleSystems (MTS) Converges Fixed and Mobile Telephony

The Voice over Mobile Broadband (VoMBB) Market:

User-to-Data-Center Access Control Using TrustSec Design Guide

SK Telecom Roaming Business

Use of Mobile Devices on Voice and Data Networks Policy

Mobile Converged Networks

This tutorial is prepared for beginners to help them understand the basic-to-advanced concepts related to GPRS.

Solution Highlights. Supports all major signaling protocols. Widely deployed multi-national SS7 solution. NEBS3 certified standard server platform

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

- OQSF - Occupational Qualifications Sub-framework

The challenges, opportunities and setting the framework for 5G EMF and Health

Vendor: Cisco. Exam Code: Exam Name: Cisco Sales Expert. Version: Demo

Implementing CDMA in TDMA Networks Leveraging the success of CDMA

Course Outline Comprehensive Training on Bypass/SIM Box Fraud Detection and Termination Duration: 3 Days

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

COMPANY PRESENTATION

BLANK.POT 1. Telco opportunities in cloud services. Introduction. Defining cloud services. Stimuli for cloud services. The market opportunity

DIGITAL IDENTITY TRENDS AND NEWS IN CHINA AND SOUTH EAST ASIA

SMB Solutions for Account Managers (SMBAM)

Bowie Senior Center Surfing the Web

Operationalizing Seamless Mobility through Service Delivery Platforms

REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES. Dynamic Solutions. Superior Results.

Mobile Devices & Wireless Security. Jack Jania Director Field Marketing Mobile Communications

MOBILE LOCATION-BASED SERVICES

Transcription:

David Morrow Group Corporate Security Fraud Manager Vodafone Group Services Limited www.i3forum.org

GSM Association Fraud Forum Presentation to i3 Forum David Morrow, Vodafone Document Number Meeting Date 17 May 2012 Meeting Venue For Approval For Information Version 1 Security Restrictions Chicago X Confidential GSMA Members, Associate Members & Rapporteurs & i3forum members Restricted - Confidential Information GSM Association 2012 All GSMA meetings are conducted in full compliance with the GSMA s anti-trust compliance policy

GSM Association (GSMA) Background Global trade association responsible for GSM family of technologies Global membership of nearly 800 operators and 200 manufacturers and suppliers Organised into working groups and projects on many topics, open to all employees of GSMA member companies Participation leads to industry solutions, information sharing and education GSM Association 2012 3

GSMA Working Groups Eight Working Groups report to EMC Focus on a particular area of competence, e.g. security Deliver solutions for the GSM community where cooperation is needed, e.g. roaming Operators provide subject matter experts to the Working Groups HQ provides support via a WG Director and Coordinator GSM Association 2012 4

Fraud Forum (FF) Objectives & Membership Trusted forum on GSM fraud issues to minimise exposure for members Develop fraud awareness Exchange intelligence & best practice Develop & maintain industry countermeasures e.g. NRTRDE Assess the fraud exposure of new services Collaborate with other GSMA working groups and projects Provides value through education in addition to formal work items. FF Membership Jan 2012 Individual members Total across FF, Asia-Pac FF & Africa FF 487 Countries 106 Companies 242 Operators 199 Associate members 43 GSM Association 2012 5

Evolution of Mobile Fraud Analogue - subscription fraud Analogue cloning - personal use, Call Selling (later inc. PBX fraud) Premium Rate Service (PRS) fraud (domestic) Roaming PRS fraud Credit card fraud prepay SIM cloning (small numbers) + Roaming PRS, etc. International Revenue Share Fraud (IRSF) GSM Association 2012 6

Current key issues: Subscription fraud Roaming GSM Gateway/SIMbox (bypass) GSM Association 2012 7

03:00 Thurs 05:00 Thurs 17:00 Fri 09:00 Mon 11:00 Mon 37800 per SIM GSM Association 2012 8

Optimised Fraud No payment to Home Network Home Network Carrier 1 Carrier 2 Carrier n Number range holder Content provider 1.00 0.50 0.25 4.00 3.50 3.25 3.00 Short stopping by fraudsters Number Range hi-jacking GSM Association 2012 9

What next (and what s in a name)? 4G LTE (Long Term Evolution) NGN (Next Generation Networks) all terms referring to mobile evolution from circuit switched to packet switched services GSM Association 2012 10

What is a Next Generation Network? Support for services, applications based on service building blocks Interworking with legacy networks via open interfaces Unified service Converged services Services don t have to be from the Mobile Operator Voice Codec Destination Access network Auth. Set destination Receiving network Find end party Give IP address and route Access for End party Select codec Decode IP data GSM Association 2012 11

IP & IMS Systems First time in mobile telecoms that the bearer providing the service is totally separate from the services offered In effect, this means two separate operators can run services, one for the service and one for the bearer Within 10 years Telco networks will be solely IP backbone and conventional switching will have disappeared due to cost All services offered will be digital GSM Association 2012 12 12

NGN issues - Identity Management There are now two types of identity - for the bearer & service layers Different identities may be combined into one account There will be a number of other identities used internally in the network Many of the identities are dynamic and change in session Service Identity Bearer Identity IMPU IMPI sip_uri tel_uri E.164 Account ID, Radius ID IMSI, Terminal ID MSISDN, Fixed line access number IMEI, Device Electronic serial number GSM Association 2012 13

NGN: The Challenges The key areas for challenges and risks are: For Operators - control of separate Bearer and Services Service Providers - lack of total control and information New players with lack of knowledge and/or experience Fraud Management - new technical opportunities for fraud Revenue Assurance - Different billing models and data sources Security - More complex technical controls 3rd parties - Control and trustworthiness of billing and content! A mix of: More complex technology Different billing models So Fraud will be different GSM Association 2012 14

IMS: IP Multimedia Subsystem IMS means a complete new network that separates the bearer network and can work across many network types Mobile GSM, 3G, CDMA etc. Fixed networks WLAN PAN e.g. Bluetooth, IR or Near Field Communications (NFC) IMS does not standardise applications, but aids access of multimedia & voice applications across wireless & fixed terminals IMS provides horizontal control layers that allows the separation of the access/bearer network from the service layer This drives different needs for fraud & risk management GSM Association 2012 15 15

Customer Terminal Device In NGN, the end point can be called different names in different network types can be: Mobile Phone (GSM, CDMA,..) Data terminal tablets or smartphones ASDL or Cable Router/ Modem IAD (Integrated Access Device) CPE (Customer Premise Equipment) for fixed networks They all have some common functions: Store an identity such as SIP Username and password Have an IP address (allocated or dynamic) Have some other identity such as an equipment identity Have an operating system and memory and run applications Generally poor internal security or fraud controls so these need to be in the CSP s systems GSM Association 2012 16

Key Issues for Next Generation Services Every service can be very different and made up of different component parts - both IP with interaction over different Bearer and Services Content and payments will move operators to a different risk profile similar to those of banks and retailers e.g. money laundering, undelivered goods etc. Issues for the operator on CPE, IAD, SIP & smartphones and the applications that exist on them corruption or malware Proof of the location and identity of the user and transaction is difficult with mobile and IP based services! GSM Association 2012 17

NGN Service Groupings Professional: Video Conference Multimedia Sales Advertising Informative Remote Vigilance Mobile Marketing On Line Training Location Based Security Surveillance Mobile Office Presence Financial: M Commerce Virtual Banking E Payments On Line Billing Stock broking Auctions Government Community Financial Transactions Entertainment: Informative Multiparty Gaming Music Movies Video Content Gambling TV Radio Pictures Messaging Video Sharing Shopping: M Commerce Auctions Retailing Ticketing Booking Working Advertising GSM Association 2012 18 18

Challenges for Fraud & RA More complex both from a technical and operational perspective Data more real-time and complex - increased need for the collection of events Linking data in Bearer & Services Requires new data feeds from new services platforms GSM Association 2012 19

NGN Frauds? Aim for the highest value content or greatest volume Hackers and Malware writers looking for notoriety by implementing widespread damage / maximum financial gain Fraudsters from the Finance Industry targeting M-banking & M-commerce Will make more use of internal information and work with internal staff due to better external controls Criminals will exploit the same approaches as today but with a greater potential reward.. Moving away from simple airtime usage comparatively low value! GSM Association 2012 20

NGN Fraud Management Approach NGN FM approach will be a variation of what is done today, but it will be more complex both from a technical and operational perspective Significantly more data and increased need for the collection of events from many places compared to present The identities may not have a known location for traffic origination or termination? 20% of IP are not where they are geographically expected Traffic can originate in different places - no need for a central switch location where call records can be collected for FM purposes GSM Association 2012 21

Services Fraud Management Fraud detection of the services layer will be partly the same as today - many services used combined with multiple bearers Provisioning related fraud will need detecting as a lot more self care will take place and it will also be driven by the billing model FMS will need to know which services the customer is allowed to use - needs much more control of provisioning fraud than with present systems GSM Association 2012 22

Fraud Control & Management Panel Discussion Panelists: Dima Alkin, Director, Sales Support, North America, Cvidya Peter Coulter, Member of Executive Cmtee-FIINA, Executive Director, Global Fraud Management, AT&T Steve Heap, Senior Technology/Communications Executive, IPSoft David Morrow, Group Corporate Security Fraud Manager, Vodafone Group Services Limited Thomas Walker, Director - Business & Solutions Consulting, Subex www.i3forum.org

3rd Annual i3forum Conference The Future is All IP May 17, 2012 Chicago www.i3forum.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback