Fraud Management System — A highly optimised data model allowing rules evaluation on rolling 90 days CDRs with in SLA of 30 mins
Introduction
At Airtel, we have developed a cutting-edge, highly optimised platform designed to swiftly identify potential fraudsters, enabling proactive measures to prevent significant revenue leakageWith a daily volume processing of approximately 20 billion CDRs (Call data records), our platform leverages advanced tech stacks, including AbInitio, Spark, Kafka, Presto, Hive, Tableau, Service Now, and Java, to ensure efficient and effective fraud detection and prompt action.
Different types of Frauds:
1. ISD Fraud — The misuse of International Subscriber Dialling (ISD) calls through excessive and unauthorised usage, leading to potential financial losses.
2. IR Fraud — It involves unauthorised or fraudulent use of mobile services (voice, sms or data) while traveling abroad, often resulting in substantial financial losses for the service provider or the subscriber.
3. Simbox Frauds — It involves the use of illegal equipment called “simboxes” to route international calls as local ones, bypassing regular international call charges and causing revenue losses for telecom operators.
4. Wangiri Frauds — A type of phone scam where fraudsters make short, missed calls to a large number of phone numbers, aiming to entice recipients to call back premium-rate numbers, resulting in inflated charges.
Capturing of Frauds:
Frauds are effectively identified by closely examining and analysing users’ calling patterns.
Broadly, fraud detection employs one of the following methods to capture and address fraudulent activities:
1. Usage crossing a predefined threshold value
2. Usage showing a predefined pattern
3. Calls to a suspected country (Single CDR fraud)
Requirement
We had a critical requirement to capture various frauds happening in the real word using our fixed line and postpaid products, as quick as possible to save revenue losses to Airtel.
Prior a team of 40 resources was doing this manually, because of which latency to identify the frauds was high and coverage of different types of frauds was very small.
After understanding the business problem, below requirement was defined for the platform:
1. To capture a fraud within 30 mins of incident.
2. End to end tracking of all the cases raised.
3. Single window to analyse the fraud.
4. Configurable rules
5. Reporting of tickets raised
Solution
Architecture Diagram:
1. To capture a fraud within 30 mins of incident
This was the biggest engineering problem to be solved in this platform. As data volume to be checked was very high. There are around 6 billion voice CDRs and 9 billion data usage CDRs per day. To identify any kind of fraud, platform has to read all of these records, filter/transform as required and aggregate to identify total usages.
Fraud Analysts have defined different rules on threshold values on daily usage, weekly usage and monthly usage of customer. In the traditional method, to capture monthly frauds, system will have to run aggregate on 180(30*6) billion records, which is next to impossible even with very high cores processors.
To solve this, we used the concept of “Primitive feature engineering vector”. These vectors store aggregated data of our sources at very small granularity i.e. every 15 mins. Four of these 15 mins vector than combines together every hour to publish hour vectors and similarly daily and weekly vectors.
Fraud engine runs on these vectors and pick data from vectors related to the granularity of rules.
With the help of these vectors we were able to solve the first pointer of requirement i.e. identifying the fraud within 30 mins of the incident.
2. End to end tracking of all the cases raised
We used service now to provide resolution to this second ask. System got integrated with service now and for each identified fraud case, an incident gets raised on Service Now with uniquely identified ticket ID, short and long description, assignee team and other information like start time, category, sub category etc.
These tickets have different stages like To Do, In Progress, Resolved, On Hold, Closed. These stages help in identifying state of tickets raised at any moment of time. The tickets hold information about audit info of different stages, action taken on it, comments/info associated with ticket etc.
3. Single window to analyze the fraud
Since any possible fraudulent case will have a very thin line of differentiation, if we compare it with the actual usage pattern of our High Value customers. Hence, to filter out premium customer’s from the identified list of fraudsters, analyst needs different kind of attributes like user’s billing/payment patterns, outstanding and unbilled amounts, Age on Network, his type, VIP flag, past tickets history, last 90 days CDRs etc.
Having this all information of fraud cases in single window will help analyst to take quick decisions and closing the tickets in quick span. We have created Tableau dashboards using Presto connection to show this information in real time.
4. Configurable rules
Analysts have to change their rules time to time based on the feedback received from past tickets and change in usage pattern of fraudsters. Hence, Airtel business requested for a platform with a provision to configure/update the rules without any code change/deployment cycle.
This platform has provided the facility to the user to update the rules in SQL format in the configs file. Every time the rule engine runs, it fetches the latest enabled rules defined by the users.
We have a future plan to create a repository of all the rules defined with last 12 months history.
5. Reporting of tickets raised
We used Service Now to facilitate this. Service Now tool give this functionality to create different types of reports with the data.
We created hourly reports of open tickets, day wise trend of tickets opened/resolved/closed/on hold, daily reports showing number of open/closed tickets, resource wise tickets trend etc.
Conclusion
Airtel Fraud Management System is a powerful platform to help fraud analyst to capture frauds with streamline operations, high efficiency, and more accuracy. Analysts save time and reduce errors with the help of Service Now ticketing a single window dashboard. Additionally, features such as reporting and auto assignment of tickets helps managers to make informed decisions and improve performance.
