BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET

IN THE BEGINNING…there was Roaming.

Or maybe the title of the chapter isn’t quite apt since International roaming only became technically
possible in the early 1990s as of the launch of GSM though. Working in the Fraud Management unit and
specializing on Roaming fraud, I have come to discover that it is one of the highest revenue earners in
telecoms and also contribute to major losses; however the home network bears all the risks but must share
revenue. The visited network is only liable where it fails to send required fraud alerts on time.

Wikipedia on Answers.com described roaming as a general term referring to the extension of connectivity
service in a location that is different from the home location where the service was registered. Roaming
ensures that the wireless device is kept connected to the network, without losing the connection.

Roaming can be classified into several groups/types, in fact according to Wikipedia, there are eight (8)
types of roaming but for the sake of this document we shall concentrate on International Roaming.

Put simply, International Roaming offers subscribers the facility to use a mobile phone outside the country in
which the user has a contract and it is noteworthy to know that it is used by over 80% of the world’s mobile
operators.

Mobile operators conclude ‘roaming contracts’ between themselves in order to provide opportunities for
making calls and receiving calls from abroad, and in this way the operators can charge the call on the
ordinary telecom bill without the foreign operator needing to send any bill to the end user. Roaming
contracts govern, among other things, the compensation the operators charge each other for allowing other
operators’ foreign subscribers to use mobile telephones in their own network.

International roaming, which is the core of this article, can be split into two parts:

 Inbound Roaming are the calls received, etc when on a different network than your home
network. A lay mans definition could be roaming activities carried out by say a Ghanaian visiting
Nigeria. So to us at Airtel Nigeria our Ghanaian visitor is an inbound roamer.
 Outbound Roaming is the exact opposite of Inbound Roaming. In this case Nigerian subscribers
are roaming on foreign networks.

Inbound Roaming activities are in the hands of our roaming partners, as it falls on them to flag any
suspicious usage; unless such anomaly’s are flagged the roaming partner bears all liability. Conversely we
shall focus mainly on Outbound Roaming since major fraud takes place here and revenue running into
millions of dollars can be lost. Our country of interest of-course will be Nigeria.

The first time I understood what roaming entailed, I was truly amazed at the seamlessness of it all,
(everything being equal that is); You are a subscriber (prepaid or postpaid), you plan to travel and want
to roam when you do so, you request for roaming from your local operator, roaming is activated and
bingo…you can make and receive calls, send sms and even use data in a geographically different zone
all on your own MSISDN (your mobile phone number). It offers the convenience of a single number, a
single bill and a single phone with worldwide access to a number of countries. It’s quite fascinating when
you think about it.
BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET

But here comes the snag and you guessed it… roaming charges. This is both MO (mobile originating and
MT (mobile terminating) meaning that you are charged for making and receiving calls and these charges
are dependent on the country you’re in (zone) and the operator you are roaming on and they are not
cheap!

The Roaming Process

Figure A1 is a simple diagram showing the different stages of an outbound roaming call. The host
operator being the network in the country in which you are roaming.

Fig.A1

In general the actual process is as outlined below:

1. When the mobile device is turned on, this new visited network sees the device, notices that it is not
registered with its own system, and attempts to identify its home network. If there is no roaming
agreement between the two networks, maintenance of service is impossible, and service is denied
by the visited network.

2. The visited network contacts the home network and requests service information (including whether
or not the mobile should be allowed to roam) about the roaming device using the IMSI number (this
is a unique identification associated with all mobile phone users).

3. If successful, the visited network begins to maintain a temporary subscriber record for the device.
Likewise, the home network updates its information to indicate that the mobile is on the host
network so that any information sent to that device can be correctly routed.

As observed, there are three major players that intervene in roaming: the subscriber, the home network
(HPMN) and the visited network (VPMN). In order for the visited network to charge on the basis of the
services provided to the roaming subscriber, all information gathered about calls made and data
transmitted are collected in billing records also known as CDRs (call detail records) and these are compiled
in a well defined structure known as TAP files (transfer account procedure) which are now sent to the home
network for billing. To save the operators that have a large number of roaming agreements from the
BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET

hassle of managing the sending and receiving of TAP files, certain companies are used to act as clearing
house for these data, they are called data clearing houses.

Data Roaming occurs when a subscriber is roaming and using data services such as internet access, data
transfer or text messaging. Its process is not much different from voice calls, though here the subscriber is
associated with the Serving GPRS Support Node (SGSN) which belongs to the VPMN and the Gateway
GPRS Support Node (GGSN) which belongs to HPMN. The data received by the subscriber must pass by
way of the HPMN and this does not happen with voice traffic. Generally the main concern about tariffs is
centered on costs related to making and receiving calls more so the tariffs here differ and it is often not
straightforward to figure out how the operator charges the different data services. However fraud losses
are occurring greatly on voice services.

This is all very straightforward and looks trouble free however when we consider system issues, scheming
subscribers and internal collusions (yes that does happen!), we have a big spanner in the wheel of things.

ROAMING FRAUD…demystified.

Now that we have a basic idea of how International Roaming works, let’s look at the fraud that happens
behind the scenes.

According to the EMC document #42, the average roaming fraud incident is valued at $750,000 and
$1.93M for large operators. The highest loss from one operator was $15,000,000.

As earlier pointed out, Roaming Fraud can be as a result of many factors. In my experience I have learnt
that the majority of factors are a product of system issues. This is not to say that the other factors
mentioned should be downplayed in any way as they all have very serious implications.

Let’s examine the different factors that can be responsible for Roaming Fraud:

System/Network Issues – this is a very brief title to give a very broad subject. These issues arise from a
technical breakdown in the configuration and design of communication networks of operators. Such
breakdown can lead to:

 Delays in information transmission or no information being transmitted at all and with roaming,
timing is everything
 Network configuration flaws which can be as a result of poor quality of configuration and
procedures or in some cases, staff with inadequate training
 Legacy also creates an avenue for fraud to take place. Legacy is a situation where a company
inherits the systems of another by way of a merger or outright acquisition. The hitch with this is that
the shortcomings of the systems are also inherited.
BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET

 On another hand as a company increases in size, its customer/subscriber base also increases. If the
systems on ground are not able to support the subscriber size then all manners of malfunctioning
and down times should be expected.

Scheming Subscribers –Any situation where a subscriber knowingly procures a mobile line with the intent
of using it for fraudulent activities is classified under this heading. There have been situations where
subscribers, claiming ignorance or insufficient information, go ahead to enjoy roaming services and refuse
to settle their bills afterwards claiming the service was never requested for. This is also one of the
prevalent scenarios.

Subscription Fraud- undoubtedly the most rampant subscriber based fraud (though not very common in
this part of the world) in recent times. It should be taken seriously as not only is this type of fraud very
organized and losses can run into millions of dollars, other fraudulent acts are contained in it e.g. Identity
fraud. Its methodology involves obtaining postpaid Sim cards from the HPMN (using falsified
documentation and information) with international roaming activated on them. The Sims are transported to
the VPMN and begin making many long duration outgoing calls. The VPMN’s HUR (high usage reports)
alarms expose the high traffic on these lines and naturally this is escalated to the HPMN who should
barr/disconnect the lines immediately.

Between the period where these lines are making high value calls and when they are
picked up by the VPMN, there is a window of opportunity for huge sums of money to be lost to the
fraudsters.

These fraudulent lines are used for:

 Call selling: this varies from phone rentals to phone shops (business centers)

 Call forwarding: local call services forwarded to a more expensive number

 Calls to premium rate numbers (PRN): these are very expensive numbers to call and in some
cases the fraudster actually owns the lines, he makes a lot of calls to the PRNs and thus gets
benefits for himself. `

International Revenue Share Fraud (IRSF): this type of fraud is similar to the PRN mentioned above but
much more profitable. The GSMA identified that the IRSF started having major problems from mid 2005.
BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET

After the subscription fraud the roaming Sims are used to make high duration calls to high cost
international destinations. Some of these calls will terminate on a PRN which as pointed out earlier may be
owned by the fraudster. However on another front, the calls will never reach the intended destination
(short stopped) but are routed by an intermediate operator to a third provider that has a shared payment
service (e.g. Audiotext) most times the routing takes place without the knowledge of the number range
owner, thus the shared payment service provider obtains the benefit of these calls and does not pay the
operator with which it owns the fraudulent subscription.

Internal Collusion - this type of fraud is carried out by the staff of the company. It could be as a result of
bad blood between the staff and the company or the staff taking advantage of defective internal security
systems or performance protocols that are lax. In some cases the staffs collude with subscribers to
perpetrate subscription fraud. This type of fraud is very frequent when it involves the theft of roaming
scenario test cards and their subsequent abuse.

The Nigerian Roaming Fraud Scenarios

At this stage I would like for us to have a succinct but detailed look at the prevalent roaming fraud issues
observed in this part of the world.

There are three roaming flags on the network; Global Roaming which can be postpaid or prepaid. It
allows a postpaid subscriber roam on over 300 different operators. For prepaid subscribers a standard
signaling known as Camel enables them roam globally in over 30 countries. One-network is given as a
default to all subscribers and allows them roam in about 20 countries while retaining their home network
functionalities.

ROAMING BEYOND CREDIT LIMIT

This is a scenario where post-paid subscribers are able to roam well beyond their credit limits. Ordinarily
the billing application is meant to cut off post-paid subscribers immediately they reach their credit limits,
but due maybe to systems limitation it does not do this. The implication is that such subscribers accumulate
very high bills and are understandably reluctant to settle their bills since they assume that they should be
cut-off as soon as the credit limit is reached. However experience has shown that usually 90% of the time
such subs end up settling their bills in order for their lines not to be barred, therefore the revenue loss is
almost negligible.

ROAMING ON INSUFFICIENT AIRTIME

This issue has to do with Pre-paid subscribers who are able to roam on very insufficient to no airtime at all.
The subs make very high value calls and we have seen occasions where no revenue generating activity is
carried out on these lines. The technical team has associated the issue with HLR profiling and escalations
are based on re-profiling of the lines. The implication of this is that while subs are able to roam and make
calls they are not billed for, roaming partners still have to be settled regardless.
BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET

ROAMING ON NO AGREEMENT NETWORKS

We currently have Camel Roaming agreements in more than 30 countries, it has been noted however that
some prepaid subscribers are able to roam on networks where such agreements do not exist. The
implications of this is since no tariff has been implemented on the IN for these operators, subscribers will
not be billed for these calls and at the same time revenue loss from settlement of roaming partners for
calls where no revenue was earned. Countries where this issue occurs have greatly reduced but the
problem itself is still prevalent. The technical team attributed the problem to wrong profiling on the HLR.

ZERO LIMIT SUBSCRIBERS ABLE TO ROAM

In the case of zero limit subscribers they are seen as Pre paid on the IN while on billing system they have
Post-paid profiles. Investigations revealed that these subscribers are actually on a closed user group
(CUG) which allows them to make free local calls to other members on the same CUG. These should not be
provisioned on these lines except where requested for but investigations have revealed that such subs are
able to roam globally, on no airtime, make very high value calls and end up refusing to settle their bills
stating that they didn’t request for roaming to be activated on their lines. The IT experts have also
associated the issue with HLR configuration.

As observed the cause of all the issues are attributed to system challenges. It should be noted though, that
even as the issue persists, revenue losses have greatly reduced over time due to identification and better
understanding of the problem.

Reducing Roaming Fraud

Yes, reducing as fraud in general can never be totally done away with we can only work to better protect
our systems. There are several protection systems that can be employed and are currently being employed
by various operators to minimize the effects of roaming fraud, but even with all these systems, my
experience has taught me that timing is everything and can make one serious difference!

Let’s look at the two most effective and popular protection techniques

i. High Usage Reports (HURs)

This consists of the VPMN monitoring roaming traffic on the network and flagging MSISDNs that have
exceeded the stipulated threshold (which is contained in the agreement between both operators) to the
HPMN who investigate the lines and determine the level of fraud if present. Another picture could be
where the clearing house is responsible for sending the HURs to the operator. Remember when we
discussed TAP files and the data clearing houses (DCH) being responsible for sending and receiving them,
the DCH can equally act in that same capacity with the HURs.

The major setback with HURs is the time lag as it reportedly takes 36hours to send the report. Another
setback is the limited information contained in the HURs. For instance the reports we presently receive come
without the subscribers MSISDN so additional analysis have to be done on the data to get this.
BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET

ii. Near Real Time Roaming Data Exchange (NRTRDE)

There are presently several documentations on NRTRDE and a lot of forums have held concerning this and
rightly so since it was developed by the GSMA. In a nut shell the aim here is for roaming CDRs to be
transmitted to the HPMN in near real time (there is a 4hour time limit for the CDRs to be
transmitted…compare that to 36hours!)

There are several advantages with the NRTRDE one of which being that since the CDRs are not sent as TAP
files, data inconsistencies are better detected and system integrity checked. But even as fantastic as the
scheme is it does have its own set of drawbacks the major one being that the data will still need additional
processing to surmise fraud alarms. The VPMN don’t have a lot to benefit from the scheme, in fact it’s quite
the opposite as they lose potential revenue they would otherwise have gained (even if as a result of fraud)
and so they are reluctant to roll it out. In any case the NRTRDE is more efficient than the HURs.

In Conclusion

This document was written to give a somewhat concise but in depth look at the international roaming
process and the fraud it has to grapple with. There are pertinent questions that should be taken into
consideration, these include:

 What is the magnitude of the problem in terms of the impact of losses and the frequency of the
frauds?
 What are the deficiencies of the fraud prevention systems on ground and what are the inhibiting
factors preventing operators from rolling out the NRTRDE scheme?
 What sector of the population could potentially benefit from roaming fraud and what does the
law provide as regards benefits from roaming fraud?
 What kind of collective action can be taken among operators to tackle roaming fraud?

An operator’s answer to the above can very well mark its turning point as far having a firm hold on
roaming problems. The benefits of roaming cannot be disputed but the losses incurred by operators as a
result of fraud cannot and should not be ignored.

Author: Joyce O. Akujobi. Joyce.Akujobi@ng.airtel.com 0234 802 222 7458

BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET

REFERENCES

IIRSA/CITEL Workshop on International Roaming Services (March 11, 2008)

http://www.roamingsims.com/data-roaming.php

NRTRDE Briefing Pack July 2008

Daniel M. Ferreira, Mobility Services – VSNL International (December 3, 2007)

GSMA, PRD BA.08, v19.0, Timescales for Data Transfer, May 2007

GSMA, PRD FF. 01, v2.0, GSM Subscription Fraud Management Guidelines, Aug, 2006

Yoav Kantor, Starhome Roaming Fraud Detection and Prevention (December, 2007)

http://www.mach.com

GSMA, PRD FF.02, v3.0, Fraud Management Systems- Guidelines to GSM operators, June 1996

GLOSSARY

CAMEL: Customized Applications for Mobile Networks Enhanced Logic- is a signaling protocol used in the
Intelligent Network architecture

CDR: Call Detail Record- a computer record produced by a telephone exchange containing details of a
phone call that passed through it

DCH: Data Clearing House- an agency or separate body responsible for receiving and sending roaming
CDRs
BEGINNERS GUIDE TO UNDERSTANDING ROAMING FRAUD IN THE DEVELOPING MARKET

GSM: Global System Mobile- the world's most popular standard for mobile telephone systems

GSMA- GSM Association

GGSN: Gateway GPRS Support Node- is the gateway between the GPRS (General Packet Radio Service)
wireless data network and other external packet data networks or private networks.

HPMN: Home Public Mobile Network-proprietary network of the subscription for a subscriber roaming

HUR: High Usage Report- contains a subscriber roaming exceptions which are forwarded to the HPMN

NRTRDE: Near Real Time Roaming Data Exchange-system for gathering roaming data in near real time

SGSN: Serving GPRS Support Node- data network node controlling the mobiles access to the network

TAP: Transfer Account Procedure- consists of a file compiled with information on roaming tariff-setting
records

VPMN: Visited Public Mobile Network- this is the network visited by the roaming subscriber/operator