Telecommunications companies focus on subscriber fraud but they should take account of other risks too

Telecommunications companies focus on subscriber fraud but they should take account of other risks too, suggests Richard Lines

The public are always advised to check the identity of those who knock on their door, whether they are salesmen, charity workers or officials. If you are looking to manage risk properly and protect your bottom line how does this advice apply to a company?

The telecommunications industry has not been the best performing sector in recent months. Huge investment in 3G licences (third generation mobile network resources) coupled with a flattening of the subscriber acquisition curve as markets approach saturation have been partly responsible, but so too has the fear that 3G might not be the customer puller everyone hoped.

The Korean experience is a good example. Large sums have been invested, but the services are too expensive for customers to buy. Hutchison 3G is now thought likely to merge with another operator as loan covenants become due. Whatever happened to the optimism of a few years ago?

Of course there are still growth markets in South Asia and, to some extent, in Africa and the Middle East, even if the third generation experience is proving painful. One thing remains certain, however. Everyone in the game needs to be devoted to securing the best bottom line they can. And they are not – even if they think they are.

One of the reasons is the way in which fraud is managed across the industry. Much attention is paid to subscriber fraud, and huge sums are spent on attempting to deal with it. But the fact remains that, no matter how sophisticated the technology deployed, the problem remains and grows. There is the further problem that subscriber fraud is not the major concern anyway. These difficulties are compounded by the fact that, as convergence between financial services and telecoms develops, few people really understand the new risks the industry faces.

First, let us look at fixed line services. One of the important fraud risks, which most players largely overlook until it leaps up and bites them in the leg, is wholesale fraud. Major players sell huge chunks of airtime to prepaid and other vendors, gradually increasing credit limits and sometimes ignoring them altogether. Suddenly the customer disappears.

There is a saying that there is nothing new under the sun, and it is refreshing for fraud specialists to know that the so-called 'long firm fraud' is alive and well. In fact, it is flourishing because modern business techniques mean that boundaries between nations no longer frustrate the criminal. Indeed, the opposite is true as criminals now have greater ability to operate all across the world. Once the fraudster has completed his scam and flown off with his ill gotten gains, he will reappear in another disguise and start again. Alan Marshall, director of telecoms financial risk specialists 3rd Estate said recently, "Sadly, in its blind chase for top line revenue growth, the industry has created the environment for this to happen through inadequate attention to collections and the bottom line."

The question is, why is this allowed to happen? One reason is that the industry has always been centred on the short term. Many participants have never before had to face the hard times they are currently encountering. Fraud was accepted. In fact it was usually completely misunderstood and mistakenly regarded as bad debt, but since revenues and profits were growing exponentially, no-one really cared. In times of attrition, however, these attitudes must change. If investors understood the issues and the appropriate responses, they could put pressure on operators to do the job properly.

Effective due diligence is often a myth in the telecoms industry. A company will request to buy a significant number of hours of airtime, and the salesmen will go into a feeding frenzy. Often the most that will be done is to look at the numbers provided by the potential customer. Assuming they add up, the deal is done. The figures may never be looked at again, so long as the company pays some time near the due date. If its debt increases month on month, this is regarded as a positive factor. If the number of pipes it asks to lease far exceeds its apparent need, who is going to complain?

Who is the customer?
Forget that the company is a plc, has three million shares in issue and looks as if it has an angelic reputation. Who are the people who run it? It is people who commit fraud, not company names. True due diligence requires a detailed examination of the people behind an organisation, not just the front men but those hidden behind trusts and funds. It is too late to do this once you have been hit, and it is much easier to get disclosure at the outset. It is also important to have contractual obligations on the counterparty, which require them to notify changes in ownership and declare the true underlying ownership of the business at all times.

Now that you know who the people are that you are dealing with, what else do you need to know about them? For a start, are their identities real? Do they have criminal convictions? Have they previously run businesses which have hurt your organisation or another in the sector before now?

That is, briefly, the sensible approach to the wholesale customer. How does it relate to mobile communications? The advent of mobile internet services means that the number of partnerships will grow dramatically. The operator's customer interface will be the outlet for a wide range of services and products, many of which will be provided by others. If the static internet experience is anything to go by, broadcasters will offer content from a vast array of providers, some directly and some through consolidators.

The front end of many types of services will seem, to the customer, to have been supplied by the operator and this impression will be confirmed in bills. If customers buy products and services through such media and subsequently find them to be unsatisfactory or worse, then the telecoms operator's reputation will be the first to suffer. Many internet-based operations suffered because of this scenario, and there is absolutely no reason to believe the mobile internet experience will be any different. For the operator this means extending due diligence enquiries to all those for whom he carries content, and especially to those offering financial services products, where regulatory controls may be expected to be most onerous.

Fraud is a normal business risk, and telecoms operators are normal businesses. Yet, they generally concentrate on subscriber fraud and seldom recognise that internal fraud is more common. Even fraud related to airtime selling is less likely than the traditional dishonesty, such as procurement and payroll frauds.

Most managers within the operators are technologists and they like technical solutions. But people manage technology and people can be criminal. The moral is, when the doorbell rings, whether it is a customer, salesman or job-seeker, always ask to see some form of identification.

Richard Lines is a director of Stork Ltd, E-mail:

What is 3G? describes 3G as a radio communications technology that will create a 'bit pipe' for providing mobile access to internet-based services. 'It will enhance and extend mobility in many areas of our lives. In the near future, mobility won't be an add-on: it will become a fundamental aspect of many services. We will expect high-speed access to the internet, entertainment, information and electronic commerce (e-commerce) services wherever we are – not just at our desktop computers, home PCs or television sets. 3G services will add an invaluable mobile dimension to services that are already becoming an integral part of modern business life: internet and intranet access, video-conferencing, and interactive application sharing'.

Long Firm Fraud
'In a long firm fraud, the fraudster simply sets up in business as a wholesaler, and places orders with suppliers with the intention of evading payment'. So says Merseyside police authority. Initially, payment is prompt in order to establish creditworthiness. Then larger orders are placed. When delivered, the goods are promptly sold for what they will fetch.

The police authority defines the primary objectives of a long firm fraud as:

  • to establish credibility with manufacturers and suppliers
  • to obtain as many goods as possible over a credit period extended as long as possible
  • to make little or no payment to suppliers and creditors
  • to dispose of goods thus obtained with minimal delay
  • to abscond with the proceeds
  • to avoid identification and prosecution.

    Any marketable commodity can be the subject of fraud. It does not have to be actual 'goods', but can be the provision of a service.

    Implications of convergence
    In response to the EC Green Paper on the convergence of telecommunications, media and information technology sectors, The Telecommunications United Kingdom Fraud Forum (TUFF) expressed concern that the opportunities for telecommunications fraud and crime would increase. It believed that, with convergence, and with the introduction of electronic commerce digital TV services, and cable services, related crime, which to date has been localised, would take on a European-wide aspect.

    TUFF provides a vehicle for the exchange of information and the promotion of a united effort against telecommunications fraud. Its aim is to help the industry to manage fraud more effectively.

    You can contact TUFF at PO Box 28353, London SE20 7WJ, Tel: 020-8778-9864, Email:

    Risk management
    Managing the risk of fraud is the same in principle as managing any other risk, says the Fraud Reduction website. It is best approached systematically, both at the organisational level, for example by using fraud policy statements, and at the operational level. Suggested steps are:

  • identify risk areas: Establish the areas most vulnerable to the fraud risk. Patterns of loss and areas of potential loss should be identified so that areas vulnerable to risk can be pin-pointed. It may be useful to survey your staff to establish all the risks of which they are aware. Areas where risks may be particularly high include those where there is responsibility for letting or managing contracts, handling cash and and controlling the disposition of assets
  • assess the scale of the risk: Identify and assess what measures are already in place to prevent fraud – determine any residual risk if these measures are effective
  • allocate responsibility for risk: Identify who has responsibility for the management of each risk
  • identify additional controls: Establish what further controls are required to reduce or eliminate the risk
  • implement the additional controls
  • monitor implementation of controls: Monitor to assess effectiveness. This could be achieved by a number of means, including internal audit reviews of system controls and spot checks by managers to ensure that controls (such as supervisory controls or reconciliations) are in operation
  • evaluate the effectiveness of controls: Assess whether the risk of fraud is lessened as a result of the implementation of additional controls.

    The Fraud Reduction website is published by the National Working Group on Fraud on behalf of the UK Association of Chief Police Officers (ACPO). It provides information on how to recognise fraud, how to avoid it through preventative measures, and how to respond to suspected frauds.