19-02-2011, 10:31 AM
presented by:
Suhas P.Karve
Vinayak S.Nadkarni
MOBILE FRAUD DETECTION.doc (Size: 62.5 KB / Downloads: 66)
MOBILE FRAUD DETECTION
Abstract
This paper discusses the status of research on detection of fraud undertaken in mobile system.
A first task has been the identification of possible fraud scenarios and of typical fraud indicators, which can be mapped to data in toll tickets. Currently, this project is exploring the detection of fraudulent behaviour based on a combination of absolute and differential usage. Three approaches are being investigated: a rule-based approach, and two approaches based on neural networks, where both supervised and unsupervised learning are considered. Special attention is being paid to the feasibility of the implementations.
Introduction
It is estimated that the mobile communications industry loses several million customers per year due to fraud. Therefore, prevention and early detection of fraudulent activity is an important goal for network operators. It is clear that the additional security measures taken in GSM and in the future UMTS (Universal Mobile Telecommunications System) make these networks less vulnerable to fraud than the analogue networks. Nevertheless, certain types of commercial fraud are very hard to preclude by technical means. It is also anticipated that the introduction of new services can lead to the development of new ways to defraud the system. The use of sophisticated fraud detection techniques can assist in early detection of commercial frauds, and will also reduce the effectivity of technical frauds.
3.1 Possible Frauds:
Two way Classification of Frauds:
The first stage of the work consists of the identification of possible fraud scenarios in telecommunications networks and particularly in mobile phone networks. These scenarios have been classified by the technical manner in which they are committed; also an investigation has been undertaken to identify which parts of the mobile telecommunications network are abused in order to commit any particular fraud. Other characteristics that have been studied are whether frauds are technical fraud operated for financial gain, or they are fraud related to personal use - hence not employed for profiteering. A further classification is achieved by considering whether the network abuse is the result of administrative fraud, procurement fraud, or application fraud.
3.2 Indicators
Subsequently, typical indicators have been identified which may be used for the purposes of detecting fraud committed using mobile telephones. In order to provide an indication of the likely ability of particular indicators to identify a specific fraud, these indicators have been classified both by their type and by their use.
The different types are: -
usage indicators, related to the way in which a mobile telephone is used;
mobility indicators, related to the mobility of the telephone;
deductive indicators, which arise as a by-product of fraudulent behaviour (e.g., overlapping calls and velocity checks).
Indicators have also been classified by use: -
primary indicators can, in principle, be employed in isolation to detect fraud;
secondary indicators provide useful information in isolation (but are not sufficient by themselves);
tertiary indicators provide supporting information when combined with other indicators.
A selection has been made of those scenarios which cannot be easily detected using existing tools, but which could be identified using more sophisticated approaches.
3.3 Toll Ticket
The potential fraud indicators have been mapped to network data required to measure them. The information required to monitor the use of the communications network is contained in the toll tickets.
Toll Tickets are data records containing details pertaining to every mobile phone call attempt. Toll Tickets are transmitted to the network operator by the cells or switches that the mobile phone was communicating with. They are used to determine the charge to the subscriber, but they also provide information about customer usage and thus facilitate the detection of any possible fraudulent use. It has been investigated which fields in the GSM toll tickets can be used as indicators for fraudulent behaviour.
Before use in the fraud detection engine, the toll tickets are being preprocessed. An essential component of this process is the encryption of all personal information in the toll tickets (such as telephone numbers). This allows for the protection of the privacy of users during the development of the fraud detection tools, while at the same time the network operators will be able to obtain the identity of fraudulent users.
Suhas P.Karve
Vinayak S.Nadkarni
MOBILE FRAUD DETECTION.doc (Size: 62.5 KB / Downloads: 66)
MOBILE FRAUD DETECTION
Abstract
This paper discusses the status of research on detection of fraud undertaken in mobile system.
A first task has been the identification of possible fraud scenarios and of typical fraud indicators, which can be mapped to data in toll tickets. Currently, this project is exploring the detection of fraudulent behaviour based on a combination of absolute and differential usage. Three approaches are being investigated: a rule-based approach, and two approaches based on neural networks, where both supervised and unsupervised learning are considered. Special attention is being paid to the feasibility of the implementations.
Introduction
It is estimated that the mobile communications industry loses several million customers per year due to fraud. Therefore, prevention and early detection of fraudulent activity is an important goal for network operators. It is clear that the additional security measures taken in GSM and in the future UMTS (Universal Mobile Telecommunications System) make these networks less vulnerable to fraud than the analogue networks. Nevertheless, certain types of commercial fraud are very hard to preclude by technical means. It is also anticipated that the introduction of new services can lead to the development of new ways to defraud the system. The use of sophisticated fraud detection techniques can assist in early detection of commercial frauds, and will also reduce the effectivity of technical frauds.
3.1 Possible Frauds:
Two way Classification of Frauds:
The first stage of the work consists of the identification of possible fraud scenarios in telecommunications networks and particularly in mobile phone networks. These scenarios have been classified by the technical manner in which they are committed; also an investigation has been undertaken to identify which parts of the mobile telecommunications network are abused in order to commit any particular fraud. Other characteristics that have been studied are whether frauds are technical fraud operated for financial gain, or they are fraud related to personal use - hence not employed for profiteering. A further classification is achieved by considering whether the network abuse is the result of administrative fraud, procurement fraud, or application fraud.
3.2 Indicators
Subsequently, typical indicators have been identified which may be used for the purposes of detecting fraud committed using mobile telephones. In order to provide an indication of the likely ability of particular indicators to identify a specific fraud, these indicators have been classified both by their type and by their use.
The different types are: -
usage indicators, related to the way in which a mobile telephone is used;
mobility indicators, related to the mobility of the telephone;
deductive indicators, which arise as a by-product of fraudulent behaviour (e.g., overlapping calls and velocity checks).
Indicators have also been classified by use: -
primary indicators can, in principle, be employed in isolation to detect fraud;
secondary indicators provide useful information in isolation (but are not sufficient by themselves);
tertiary indicators provide supporting information when combined with other indicators.
A selection has been made of those scenarios which cannot be easily detected using existing tools, but which could be identified using more sophisticated approaches.
3.3 Toll Ticket
The potential fraud indicators have been mapped to network data required to measure them. The information required to monitor the use of the communications network is contained in the toll tickets.
Toll Tickets are data records containing details pertaining to every mobile phone call attempt. Toll Tickets are transmitted to the network operator by the cells or switches that the mobile phone was communicating with. They are used to determine the charge to the subscriber, but they also provide information about customer usage and thus facilitate the detection of any possible fraudulent use. It has been investigated which fields in the GSM toll tickets can be used as indicators for fraudulent behaviour.
Before use in the fraud detection engine, the toll tickets are being preprocessed. An essential component of this process is the encryption of all personal information in the toll tickets (such as telephone numbers). This allows for the protection of the privacy of users during the development of the fraud detection tools, while at the same time the network operators will be able to obtain the identity of fraudulent users.