21 Nov 2018
In the recent Rocco Direct Carrier Billing Vendor Performance Report 2018, 112 Mobile Network Operators from 91 countries were asked which requirements for them are the most important when choosing a Direct Carrier Billing Vendor. Beside Implementation Process, Business Focus, Direct Connectivity and many other, Security was by far the most important requirement. So, in the previous Blog post about we went through the most common issues that MNOs are frequently facing. Therefore, in this one we will dive into the best industry practices on how to overcome them.
Industry best-practice solutions
Fraud Threat Score
This service keeps track of end-user's interaction/behavior with a particular page, then with the third-party partner’s predefined set of algorithms and machine learning, it gives it a score and based on that the service decides either to allow or deny the transaction. In a DCB world, in the ideal flow, that happens on a web page which is opened for an end-user, which asks him if he wants to make a payment, subscribe to a certain service or just clarifies if the user is absolutely sure he wants to proceed. The end-user needs to have some kind of interaction with that page, either one or two clicks. Those clicks, which pixel or set of pixels were clicked on, and the time the page was open before any click took place, are the types of interactions between a user and a particular page which are important inputs for this kind of a Security feature.
Malicious App Detection
Whenever there is an interaction with a webpage one is always aware of the source of that interaction. Mostly because inside of that HTTP request of an interaction, there is a record of the source from which that request originated from. That parameter is called XFF (X-Forwarded-For - an HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer).
Based on this, one has a daily-updated database which is consisted of the list of all potentially harmful applications that were detected to have a fraudulent behavior. Therefore, the idea is to automatically block any app that is on that list. The list is updated frequently from a variety of sources, including industry collaborations, third-party partners and one’s direct monitoring.
From the industry knowledge, around 80% of these types of frauds are daily stopped with Malicious App Detection, whereas the other more refined 20% is stopped with Fraud Threat Score. All in all, the combination of Security features is what is needed in order to fight the ever-sophisticated attacks, which directly leads to keeping safe both the end-users, as well as the MNOs. On the other side, it means there will be significantly less complaints, avoided bad-dept and prevented user churn, and ultimately DCB reputation would be improved, meaning it will lead DCB one step closer to becoming a mainstream payment method.