Fraud Risk Management

5G presents an opportunity for telecom operators to capture new revenue streams from industrial digitization. In cases such as network-as-a-service (NaaS), network exposure is becoming a reality through the transformation of core telecom network assets into digital assets. With 5G, the dynamic provisioning and scaling of network capacity and resources are available for the first time.

The vision of managing the network-as-a-service in the same way as a developer might manage cloud resources on Azure, AWS, or Google Cloud is happening through a combination of scalable infrastructure and the next generation of digital business support systems (BSS).

The 5G network evolution has opened up an abundance of new business opportunities for communication service providers (CSPs) in verticals such as industrial automation, security, health care, and automotive. To capture the opportunities and leverage their NaaS capabilities, CSPs are deploying automated business support systems (BSS) capable of expanding non-telecom value chains, while supporting new business models through open interfaces.

Figure 1: 5G Open Interfaces for Business Models


The world’s digital connections are becoming broader and faster, providing a platform for every industry to boost productivity and innovation. To illustrate the range of possibilities, let’s look at the healthcare industry where connectivity-enabled innovations can make it possible to monitor patients remotely, use AI-powered tools for more accurate diagnoses, and automate many tasks so that caregivers can spend more time with patients.

This technological transformation of the healthcare sector offers numerous opportunities for telecom operators to penetrate new value chains and initiate partnerships that benefit the entire ecosystem. Still, it is just one example of how CSPs can partner with a wide range of vertical industries.

Expanding the business models through partners can bring significant benefits and help bring about successful innovation, but inevitably offers less direct control than delivering by themselves in their own controlled environment. It is often said that a business is only as strong as the chain of suppliers it works with.


An example of how service delivery chains are becoming complex, and by doing so, becoming more difficult for handling risks, can be exemplified by Uganda’s recent hacker attack on the country’s Mobile Money business that processes phone-based transactions. The mobile money value chain is made of mobile network operators (MNOs), banks, and end-users, and is a technology that allows people to receive, store, and spend money using a mobile phone.

In the mobile money value-chain, there are blurred risks mostly due to the often-undefined roles of banks and telecommunications companies in financial services, as proven by the recent hack of a gateway that links the bank-to-mobile money transactions. There is a clear line between “banking” and “mobile money” as a standalone business. But the big question is, and when the lines become blurred, is when MNOs expand their services to connect with banks and allow the withdraw of money from regular ATMs.

Figure 2: Responsibility Matrix

At Mobileum, we believe that is the opportunity to leverage the digital transformation data exchange and create the capacity to analyze distributed big data for integrated risk management (IRM) purposes, instead of pursuing a more reactive approach that focuses on finding more data sets and understanding how to use them to address risk. An IRM strategy reduces siloed risk domains and supports dynamic business decision-making via risk-data correlations and shared risk processes.


Figure 3: Integrated Risk Management Overview

Along with the connectivity platform, CSPs are at a good point to understand and manage a wide scope of risk through a comprehensive view across business units, risk and compliance functions, and key business partners, suppliers, and outsourced entities.

The goal should not be to create one big repository that can handle any data set, no matter how large. Instead, it should be to fully automate the linkage among relevant insights from a wide variety of internal and external sources, a process that data in various nodes of the supply chain triggering action immediately when possible, and adding data to a queue for deeper analysis.

The Adaptive, Intelligent, and Distributed Assurance Platform, AIDA, project aims to deliver this vision, an end-to-end 5G-ready fraud management platform that is able to protect the 5G ecosystem in its multiple layers, and deploy an IRM strategy that manages high data volumes and real-time visibility through edges close to the monitoring points, contributing with scalability and local learning to global models.  Additionally, 5G introduces challenges that previous generations did not have. The multitude of deployment scenarios between isolated or shared and private and public networks, and the multiple business entities and partners involved in the new business models, introduces intrusion, tampering, confidentiality, and data privacy requirements that need to be monitored and analyzed, ensuring system-wide protection of the ecosystem and value chain.

Another key aspect of 5G is the number of new stakeholders in the fraud landscape, which brings new types of fraud that are difficult to anticipate now. This is where the use of AI, especially unsupervised learning algorithms for abnormal behavior detection can help to address the unknown patterns or smart fraud, designed to dissimulate any abnormal patterns and create blind spots, evading detection.  In an Integrated Risk Management approach, data feeds that traditionally are not considered in fraud management systems will strengthen the linkage between the different sources enhancing the relations between different domains, like fraud, security, or network fault and performance.

While detecting fraud in clear data can be a challenge, doing it on encrypted streams is far more challenging. Either by legislation enforcement or with the intention to cover fraud or simply as good practice, data is encrypted providing nothing more than a relation between two entities. As an example, most malware used today in telecom fraud depends on command and control botnets over encrypted connections. They control infected devices and monetize fraud by using services owned by the fraudsters, one of many monetization methods that can be used. Likewise, premium content can be streamed through illegal services by any node in the network, and data will only reflect a connection to a VPN provider, covering all the illegal activity behind it. In a 5G context where is difficult to anticipate the new types of fraud, the challenge grows on identifying them on encrypted data. 

Resilient organizations anticipate risks, develop controls, monitor events, and whenever possible, apply automatic actions to remediate risks. At Mobileum, we believe CSPs will position themselves to lead the emergence of new ecosystems and play their full role in transforming industries and society. Our technology and telecommunications risk management services can assess and protect risk-related issues specific to the telecom industry and assure the industries that are leveraged by connectivity. Currently, we provide a vast stack of solutions that can support the changing imperatives of risk management when it comes to monetization, security, and trust brought by the telco platform economy.

The Mobileum portfolio is unique to assure how our customers build a strong relationship between enterprise risk management and improve its customers’ ability to track risk. At Mobileum, we believe that business resilience and risk management should be tightly linked.

By bringing an integrated view of network services, security, and testing and monitoring results, we create a comprehensive view and analysis of risks from fraud, monetization failures, and customer/partner experience while enabling the success of the digital transformation.

By Mobileum