Fraud Detection Enhanced with Machine Learning
Machine Learning (ML) is the future of fraud detection. With an ever-increasing data processing load, traditional rules-based systems are struggling to keep up, and in turn alerting delays are experienced with high false positives rates. Fraudsters are now utilizing techniques to take advantage of traditional Fraud Management System ( gaps by utilizing sophisticated and ever improving approaches to avoid detection.
The Mavenir Fraud Management System (FMS) boasts the most original and sophisticated approaches for ML in the telecom industry and has proven to outperform rule-based systems time and time again. The Mavenir FMS combines the experience and knowledge of ML and Big Data technology coming from Argyle Data (acquired in early 2018) with core network knowledge, a real-time approach as well as ongoing improvements with its own ML developments to date. As a result, Mavenir’s ML capabilities outperform the current market available systems, which largely rely on bespoke open-source algorithms and software and therefore have limited value in terms of owned IPR.
The specially tuned Mavenir FMS ML models also eliminate the need to constantly edit rules to identify fraudsters who stay under the rule-based thresholds, which historically requires thresholds to be lowered and in turn increasing false positive alerts. Use cases include voice fraud (revenue share, IRSF, Wangiri) subscription/dealer fraud, data fraud, mobile money and wholesale fraud.
Mavenir Fraud Management System (FMS)
Fraud never stops, it only changes. Carriers can no longer rely on only rules and thresholds for fraud detection, as fraudsters themselves are using artificial intelligence to change behavior in real-time and avoid detection.
By using Mavenir’s native ML algorithms to identify fraud and other anomalous network behavior, reliance on rules can be avoided, providing higher accuracy, lower false positives, and the knowledge that future and unknown types of fraud will be quickly identified.
- Voice fraud (Revenue Share, IRSF, Wangiri): fast detection of revenue share frauds in real time, with both ML and rules approach available. Automatic blocking support.
- Subscription / dealer fraud: prediction of subscription fraud at connection time using ML predictive analytics. Identification of dealer fraud post connection.
- Data Fraud: Detection of data charging bypass, through both malicious and accidental methods such as through DNS abuse, accidental zero ratings, incorrect camel flags, and protocol tunnelling.
- Mobile Money: detection of fraud across the mobile money eco system, revenue protection.
- Wholesale Fraud: FMS environment to suit wholesale specific demands, such as key measurement criteria and multitenant environment.
Not all anomalous activity on a carrier’s network is fraudulent, but all fraud is anomalous. By using ML, identify unknown anomalies or future types without the need for new rules.
Dedicated ML algorithms are available to provide built-in focus on known fraud types, while also providing methods to identify new forms of unknown and future forms of fraud. Unique real-time data featurization ensures a targeted ML approach, with constantly improving detection precision.
Unlike the typical ML approaches used by traditional FMS vendors of applying simple off-the-shelf open-source techniques to data collected in a big data store, the Mavenir FMS implements real-time featurization. This enhanced ML approach uses proprietary real-time high speed data processing tooling that has a track record in multiple T1 networks world-wide. This approach not only enables flexibility in support of various data streams starting from raw signaling data all the way into the subscriber CRM data, but also detects fraud at the moment of occurrence, enabling far lower revenue loss.
This enables much lowered revenue loss to fraud, and not just indications of Mavenir FMS to prevent revenue loss due to fraud, and not just indicate lost revenue as a result of slow post processing.
Unlike traditional FMS vendors, the Mavenir FMS modules are built around ML principles while still leveraging the power of rule-based configuration to provide flexibility and user control. Rules in this case control the process of data mediation, data featurization, ML and ML output results.
Traditional solutions are now moving towards Big Data solutions to replace old SQL based store databases relied on by FMS’s, however those same solutions continue to apply open source bespoke algorithms to the collected data. In contrast, Mavenir is dramatically changing the approach to real-time high-speed data processing, while leveraging big data for investigations and non-time critical operations.
The clear advantage of this real-time aspect is difficult to underestimate. While traditional systems may still detect sophisticated fraud, this detection typically happens post-factum, with the carrier simply informed of the lost revenue and damage occurred. In contrast, Mavenir’s detection modules react to a situation in real-time, ensuring speedy detection and prevention of fraud and revenue loss. Therefore, in this sense, the Mavenir FMS becomes part of the carrier’s overall security protection and with its real-time characteristics, can implement sophisticated protection of a carrier’s revenue, subscribers base, and eventually network resources.
Mavenir’s FMS also may be used as a framework to enable operator’s to launch their own exploration of ML, with access to the FMS’s underlying technology to support ongoing ML detection. Mavenir’s ML can run alongside any other algorithms provided by the operator, with all outputs from all algorithms able to follow the same path through the FMS, and lead to eventual alerting and blocking actions.
The Mavenir FMS modules are part of Mavenir’s Fraud and Security Suite that, which among other capabilities, includes a set of network facing elements, Policy Enforcement Points, (PEP) normally deployed as a firewall on a specific signaling or data stream. These modules can act in both active and passive mode. In active mode, PEPs can perform real time signaling protocol protection according to the corresponding GSMA recommendations, while in passive mode they can be utilized as high-speed data collection points serving as input into the real-time fraud detection modules. In addition, the Mavenir FMS framework supports a set of telco protocols and number of generic data connectors enabling integration with additional data sources in scope of a configuration project. This positively affects TCO of the system, as traditional FMS vendors normally charge premium for support of additional data source or protocol, while the Mavenir FMS has these capabilities built into the software, leveraging multi-year experience in core network solutions and advanced mobile services implemented using own carrier grade software.
While it is not always possible to place PEP in all key network areas, the Mavenir FMS also supports external Representational State Transfer (REST) API for blocking and alerting. This API can be used for real-time blocking of fraud just at the moment of occurrence though the optional integration into carrier’s network elements.
Mavenir FMS is built based on carrier grade principles with carrier grade design, it also complies with standard requirements for SNMP alarming and performance monitoring, CDR generation, traffic log, and detailed tracing capabilities.
Rule Engine and Mediation
To ensure flexibility of external interface integrations it’s important ML algorithms consume the correct information irrespective of the network topology, integration points, and protocols. To comply with such diverse integration requirements, the Mavenir FMS framework leverages a real-time mediation module that is developed based on multi-year IPR in real-time telco protocol mediation capabilities, currently installed in various mobile networks world-wide. This mediation engine has a flexible design and real-time configuration capabilities, controllable by various configuration files, as well as through a built-in rule-engine that allows fine tuning of data mapping conditions to a specific run-time situation.
Rule Engine and Fraud Detection
While the Mavenir FMS detection software is built around ML capability, control of the system, fine tuning of the detection, classification and blocking is executed using rules-based configuration. This rule engine orchestrates mediation, featurization, ML, fraud qualification and blocking actions.
It’s important to highlight the rule-engine’s primary usage in the Mavenir FMS. It is dedicated to the tuning of the ML process and streamlining decisions. The rules engine may also be utilized for traditional rule alerts. Rule alerts can be created and used entirely separate from the ML, or in combination.
Data Storage and Reporting
ML models do not require huge data storage as their design enables them to adapt real-time to the current network conditions. However, for non-real-time data, subsequent fraud investigation activities, and for regulatory compliancy, a data storage and powerful reporting and processing engine is available.
General market trends today are driving towards reduction of SQL based databases in favor of Big Data systems. The majority of vendors as well as carriers are following Hadoop based implementations of a Big Data store. This technology while quite good for storing large amounts of unstructured data still has number of disadvantages, specifically regarding it’s hardware footprint and search performance. In contrast, the Mavenir FMS is equipped with a data store based on an elastic search storage engine and has been rated as a superior approach to Big Data concepts due to its smaller hardware footprint compared to Hadoop implementations, as well as faster search and storage speeds which are critical to Telco grade operations. Of course, when a carrier already has a big data solution based on Hadoop, Mavenir can consider potential integration scenarios into Hadoop environment.
Powerful reporting interface offers a set of pre-defined dashboards as well as customizable query capabilities to enable fraud analysts to perform enhanced investigation.
Deployment & Integration Options
Mavenir software design principles are focusing on full hardware independence, virtualization and network function virtualization (NFV).
Mavenir FMS can be delivered as:
- Turn-key including the hardware sized accordingly to the capacity requirements.
- Virtualized, deployment into the virtual environment of the customer.
- NFV – as virtual functions deployed and integrated into customer NFV environment.
- Cloud service – when possible, according to the local regulation and privacy rules, Mavenir can support. Software as a Service (SaaS) SaaS.
Integration into a specific customer network environment is performed by the Mavenir deployment team where exact integration points, interfaces and protocols are defined on initial project stages. Integration might go beyond technical concepts , into the carrier’s processes and business flow to ensure consistent operation of the network as well as integration into essential customer service processes.
Mavenir has a multiyear track record providing carrier grade critical telco systems support worldwide. We are similarly dedicated to the same high standards of support services for the Mavenir Fraud Management and Security Suite.
Similarly, we also recognize the nature of fraud and security issues that could drive demand for additional service levels on top of traditional system support provided on network elements.
Mavenir has established a team of product specialists and fraud analysts that can provide additional services for Mavenir security and anti-fraud products. These services range from the mandatory quarterly ML module validation, through the regular system audits and alert reporting, all the way into the full managed service integrated into a carrier’s process.
The RIC Opens a New World of Opportunities for CSPs
09 September 2021
The RAN Intelligent Controller (RIC) brings the concept of next-gen and open Self-Optimizing Networks (SON) into the modern, digital landscape. Learn more about real-world applications of the RIC and new opportunities the RIC offers CSPs.
How Standards-Based AI-Powered Analytics Drive Network Automation and Business for Communication Service Providers
14 July 2021
Explore the role Analytics and Artificial Intelligence/Machine Learning (AI/ML) can play as CSPs transform into Digital Service Providers (DSPs) and find new opportunities beyond traditional services.
Real-time Network Protection Critical in Wake of Sophisticated Flubot Cyberattacks
06 July 2021
As more network customers become vulnerable, CSPs are challenged to build the right defenses and monitoring to protect and predict sophisticated cyber-attacks.