RAG Americas Online – Day 1

Matt hard at work getting RAG Americas Online ready to rock !

This spring I was invited to be a speaker at the next Risk and Assurance Group (RAG) Conference. It was to be held in Denver, CO at Century Link. Alas , the COVID-19 pandemic scuttled those plans so until we can meet-up again live, it was decided to move the conference online and RAG Americas Online virtual conference was launched. Today, September 15, 2020 was Day 1.

There was a mix of about a dozen presentations and panel discussions interspersed with commentary from the Wise Heads comperes; Eric Priezkalns, Rachel Goodin, Nixon Wampamba and Tony Sani . Canadians were well represented with 3 speakers today and 3 tomorrow (including me) from companies like Telus, Rogers and Xplorenet.

From my vantage the most relevant panel was the discussion on Trends in Fraud Management, especially during this pandemic. Which frauds are up, which are down and what is new ? The consensus was a large increase in social engineering and identity fraud (all manner of phishing schemes), as well as increases in CLID spoofing. Reinforcing that was an expert panel just on stopping the spoofing of calls !

A recurring theme through many of todays presentations was Artificial Intelligence (AI) and Machine Learning (ML) and their application in Revenue Assurance and Business Assurance. It appeared as more than just a way to automate fraud management, more as a set of tools to be able to transform the entire discipline and provide better business results.

If the telcos manage to move their massive data sets (the industry with the biggest data sets apparently) into the public cloud and could use AI/ML tools along with the other benefits that cloud brings, we could really see a profound transformation of the telecom industry ! That will be the panel discussion on Day 2 that I am most looking forward to; Moving Telcos to the Public Cloud.

If you didn’t get a chance to watch the live stream today, the videos of the presentations will be available to view at the RAG website;
https://riskandassurancegroup.org/

I will post a summary of Day 2 later followed by a separate post of my own presentation on Least Corrupt Routing.

RAG Americas Online: Sep 15-16

Coronavirus may have prevented RAG’s North American conference from being held at the offices of CenturyLink in Denver CO, but it will not stop us from running the biggest conference for telecoms risk professionals. Over 2,000 people from 93 countries watched RAG London Online in May (see my posts here and here) and we intend to do even better with our online North American conference, which will stream live on September 15-16, 2020.

RAG was kind enough to ask me to be a speaker this go around. I will be exploring how telecom carriers can meet multiple goals such as increase revenues, reduce costs and improve their customer’s satisfaction via one action; their LCR. The new LCR is Least Corrupt Routing and it provides better long term value and business outcomes than traditional Least Cost Routing by prioritizing Quality over simple cost per minute.

Most of the RAG members come from large global carriers like Vodafone, MTN, Deutsche Telekom, etc so AurorA will provide a different perspective; one from a smaller, niche, nimble pure international carrier that has been serving its wholesale customers in Canada, the United States and overseas since 1994

Come watch and ask questions live from 8am to 5pm Eastern time each day; click here to save the event to your calendar. You can watch the entire conference at the RAG webpage, without needing to register in advance.

Civic Holiday Long Weekend

Its a long weekend, pull up your Muskoka chair and clink glasses ! Cheers !

Monday August third is the Civic Holiday ! If you are in Toronto, “Simcoe Day”; Ottawa “Colonel By Day”; “John Galt Day” in Guelph; “Terry Fox Day” in Manitoba. It has different names all across the country (except for Quebec cause they took Saint-Jean Baptiste Day off in June). What is the Civic Holiday for ? A day to relax and enjoy ! Cheers !

It is an unfortunate fact that the hackers of the world like to plan their attacks on public holidays when network supervision may not be at its highest. On top of that we are still in the fight against COVID-19, and the criminals have escalated their attacks. Furthermore, our friends south of the border will not be celebrating anything which means the hackers will be focussed on us !

Please remember to be vigilant this Civic Holiday and guard access to your switches.

AurorA has to deliver any traffic that is sent to it , so you are responsible for any unauthorized access to your network. AurorA will pass on any alerts that it gets of suspicious traffic patterns. AurorA has also implemented automatic blocking of B numbers once we detect a suspicious fraudulent traffic pattern in an attempt to minimize losses. Also we have also implemented blocking of entire routing destinations after a threshold is breached to further protect you, our customers, from these criminals and mitigate the damage.

Make no mistake, these frauds are perpetrated by criminals; sometimes organized crime, sometimes terrorist groups looking to raise funds for their causes.

Have a safe and happy holiday. Thank you for choosing AurorA and trusting us with your international traffic.
Timo Vainionpaa

AurorA guests on RAG-TV

Timo appearing on RAGTV S2E1
Timo on RAGTV S2E1 with hosts Eric Priezkalns and Lee Scargall

On Wednesday, June 17, 2020 I had the honour of appearing on the opening episode of Season 2 of RAG-TV, the online streaming show of the Risk and Assurance Group. Their virtual conference in May was seen by over 2,000 telecom industry pros in over 93 countries ! Read more about that here and here.

RAG ia an association for telco professionals involved in all aspects of Revenue Assurance; fraud management, enterprise risk management, law enforcement liaison, credit risk, market assurance, capex analysis and security. Actually, association sounds too stuffy, a club is a better description. A club of like minded telecom fraud and risk managers wanting to get better and improve.

Commsrisk described the episode like this
“Telcos come in all shapes and sizes, from the hundreds of millions of customers served by an Indian mobile network like Jio, and the extensive multi-country operations and carrier function of a group like Vodafone, to telcos that serve tiny island nations and small, focused international carriers like AurorA International Telecom, based in Waterloo, Canada. They all need to work together in order to connect phone users whilst fighting the rouge elements that plague our industry.”

“AurorA’s Timo Vainionpää and LATRO Services’ Donald Reinhart were the guests for the first episode of the new season of RAG Television, giving me the opportunity to ask them about the factors that encourage bypass fraud and what can be done to identify and compete with gray routing. Watch the replay of the show below.”

Watch here !

Stand on Guard this Canada Day

July 1st is Canada Day ! For me it will always remain Dominion Day but for you young’uns Happy Canada Day ! A day to celebrate this wonderful country of ours.

It is an unfortunate fact that the hackers of the world like to plan their attacks on public holidays when network supervision may not be at its highest. On top of that we are still in the fight against COVID-19, and the criminals have escalated their attacks. Furthermore, our friends south of the border will be celebrating their Independence Day on Saturday, July 4 which gives them even more incentive to be out in force.

Please remember to be vigilant this Canada Day and guard access to your switches.

AurorA has to deliver any traffic that is sent to it , so you are responsible for any unauthorized access to your network. AurorA will pass on any alerts that it gets of suspicious traffic patterns. AurorA has also implemented automatic blocking of B numbers once we detect a suspicious fraudulent traffic pattern in an attempt to minimize losses. Also we have also implemented blocking of entire routing destinations after a threshold is breached to further protect you, our customers, from these criminals and mitigate the damage.

Make no mistake, these frauds are perpetrated by criminals; sometimes organized crime, sometimes terrorist groups looking to raise funds for their causes.

Have a safe and happy holiday. Thank you for choosing AurorA and trusting us with your international traffic.
Timo Vainionpaa

RAG London Online 2020: Day 2

The sponsors of RAG London 2020
Thanks to the sponsors of RAG London Online 2020 for the free event

Today was the second and final day of the Risk and Assurance Group (RAG) London conference. Due to the ongoing global pandemic it was turned into a virtual online conference. The sessions began at 7:30 AM London time (2:30 AM in Waterloo) but I listened to the whole event from start to finish for the second day in a row.

Today there was a superb real-life session on assuring network assets from Optus, one on revenue protection and maximization for pay-TV providers, Rating Reconciliation, RAG Online Learning Courses and Risk Management in Other Industries (retail, utilities, financial services and charities). The bulk of the remaining sessions, though, were related to fraud management in various forms. These were the meat, the substance I was craving when I decided to attend the conference.

A lot of modern voice calls are now placed using the SIP protocol ; IP, 4G LTE, 5G, OTT apps and all modern PBX all rely on SIP. SIP calls are a combination of two elements, a signalling stream and an RTP stream. As part of the signalling, a log-in and password accompany every call. Hackers have latched on to this to hijack SIP calls and steal those credentials. This is now the main vector for PBX hacking to do IRSF. The TL/DR is if you are using SIP (and we all do) then no one is 100% safe and we need to be very vigilant.

There were two panels discussing various aspects of fraud management . One was about integrating Test Calls into an assurance strategy to find issues that might go unnoticed if we just focus on CDR reconciliation. The other panel looked at the rise in SIM swap fraud during the pandemic , OTT bypass fraud (or OTT hijack might be a better description) via Viber, Off-net bypass, Refile and SIM box detection.

Then there was a session on IRSF (International Simple Resale Fraud); Wangiri (one ring) is one form of it, hijacked PBX’s are another and is the one I see more commonly with my customers. Kenneth Mouton outlined three tactics to provide protections; i) setting traffic limits ii) Databases (of numbers to block) iii) Analytics (CDR vs Signalling, AI/ML vs rule based) . He also ran through five myths about IRSF and proceeded to debunk them

  • – “Subscriber pays” is a myth
  • – “You can fix problem 1” is a myth
  • – “IRSF is only about Premium Numbers” is a myth
  • – “IRSF/Wangiri is high volume in a short period” is a myth
  • – “RAFM Managers know IRSF” is a myth

There is enough substance here (and my notes are copious) that I plan on writing a few more detailed blog posts in the near future. For sure at least one just on SIP and another just on IRSF.

Those are just some of the over-arching themes from over ten hours of superb content. If you missed it and are interested , some of the videos will be posted on the RAG website here.

I would like to thank the hosts Eric Priezkalns, Rachel Goodin and Tony Sani for putting on a great virtual conference. I would like to thank all of the speakers and all of the sponsors. And I would like to thank RAG, for bringing together over 2,000 people in telecom revenue, risk and business assurance from around the world (93 countries !) in a free to attend event.

I so look forward to the next RAG event, hopefully it will be a live one. The content of the virtual event was superb but I miss the networking part of the conference and the chance to chat face-to-face with like minded professionals. Here is hoping we can meet in person again soon.