Fraud Risk Modelling: Requirements Elicitation in the Case of Telecom Services

@inproceedings{Yesuf2017FraudRM,
  title={Fraud Risk Modelling: Requirements Elicitation in the Case of Telecom Services},
  author={Ahmed Seid Yesuf and Lars Wolos and Kai Rannenberg},
  booktitle={IESS},
  year={2017}
}
Telecom providers are losing tremendous amounts of money due to fraud risks posed to Telecom services and products. Currently, they are mainly focusing on fraud detection approaches to reduce the impact of fraud risks against their services. However, fraud prevention approaches should also be investigated in order to further reduce fraud risks and improve the revenue of Telecom providers. Fraud risk modelling is a fraud prevention approach aims at identifying the potential fraud risks… 

Using Fraud Patterns for Fraud Risk Assessment of E-services

TLDR
This paper analysed real fraud incidents from an e-service domain – Telecom, and identified six fraud patterns, which are recurrently used to commit fraud, and showed their applicability to fraud risk assessment.

MP-RA: Towards a Model-Driven and Pattern-Based Risk Analysis of e-Service Fraud

TLDR
A framework for a Model-driven and Pattern-based Risk Analysis of e-service fraud (MP-RA), which aims to increase understanding of the target of assessment (ToA) by representing using graphical models, identify potential threat scenarios from the perspective of fraudsters using existing threat models and estimate the damage of threat scenarios for the main actor by which the analysis is intended for.

Fraud Detection Call Detail Record Using Machine Learning in Telecommunications Company

TLDR
The K-Means algorithm is obtained to show a better accuracy value to model fraud on telecommunications CDR compared to DBSCAN, and machine learning with unsupervised learning techniques are used.

References

SHOWING 1-10 OF 22 REFERENCES

A Review of Risk Identification Approaches in the Telecommunication Domain

TLDR
This paper investigates the classifications of the RI approaches from the literature written on the telco and other related domains, and investigates the research trends in the last 16 years when Telecom risks are evolving and the revenue loss of Telecom operators is largely affected.

Security Requirement Engineering at a Telecom Provider

TLDR
Well-integrated into the development process SKYDD has proven to simplify security requirement gathering, reduce lead times and provide consistent requirements across different projects and project organizations, much of this due to the fact that the method is designed to be used by non-security experts.

Value-Driven Risk Analysis of Coordination Models

TLDR
This paper proposes guidelines for deriving a value model from any coordination process model and shows how this approach can be used to identify possibilities of fraud offered by a coordination process, as well as quantify the financial impact of known fraudulent processes.

Subscription fraud prevention in telecommunications using fuzzy rules and neural networks

Fraud in mobile networks

Service Security Requirement Profiles for Telecom: How Software Engineers May Tackle Security

TLDR
The paper suggests the usage of a business oriented security requirement profiles containing information security, privacy, fraud/abuse, resilience and assurance requirements, and the creation process for such reusable and adaptable profiles.

Survey of fraud detection techniques

TLDR
The goal of this paper is to provide a comprehensive review of different techniques to detect frauds and present a survey of current techniques used in credit card fraud detection, telecommunication Fraud detection, and computer intrusion detection.

Classification, Detection and Prosecution of Fraud on Mobile Networks

TLDR
This paper provides an overview of fraud classification, detection and prosecution in the mobile domain, by dividing frauds into one of four groups, namely Contractual fraud, Hacking fraud, Technical fraud and Procedural fraud.

Fraud in roaming scenarios: an overview

TLDR
The major concerns regarding such security threats are presented, and a classification for this type of attack is proposed, highlighting the necessity for the different players involved to take joint action.