Carrier Billing Security Blog 2: Industry Best-Practice Solutions

Alex Radonjic

In the recent Rocco Direct Carrier Billing Vendor Performance Report 2018, 112 Mobile Network Operators from 91 countries were asked which requirements for them are the most important when choosing a Direct Carrier Billing Vendor. Beside Implementation Process, Business Focus, Direct Connectivity and many other, Security was by far the most important requirement. So, in the previous Blog post about Industry Challenges we went through the most common issues that MNOs are frequently facing. Therefore, in this one we will dive into the best industry practices on how to overcome them.

 

Industry best-practice solutions

Fraud Threat Score

This service keeps track of end-user's interaction/behavior with a particular page, then with the third-party partner’s predefined set of algorithms and machine learning, it gives it a score and based on that the service decides either to allow or deny the transaction. In a DCB world, in the ideal flow, that happens on a web page which is opened for an end-user, which asks him if he wants to make a payment, subscribe to a certain service or just clarifies if the user is absolutely sure he wants to proceed. The end-user needs to have some kind of interaction with that page, either one or two clicks. Those clicks, which pixel or set of pixels were clicked on, and the time the page was open before any click took place, are the types of interactions between a user and a particular page which are important inputs for this kind of a Security feature.

In order for this to work a JavaScript code must be implemented on the Confirmation page. That code consists of JavaScript functions which track webpage behavior of the end-user. For e.g. how long the page was loaded before the user's first click, did a person click after only 0.01 milliseconds, which is impossible to be achieved by a human being. Humans generally need around 2 – 5 seconds, mostly because they read the terms before clicking or are just checking what is on the page. Also, the JS functions check does the click originate always on the same pixel on that Confirm button, because it is highly unlikely that a person hits the same pixel every time it initiates a transaction. On the other side, an automatized app would hit the same pixel as it would know that the confirm button is placed there.

After the interaction, when someone finishes that step (for e.g. clicks “Pay” or “Subscribe”), already by then the JavaScript code has already sent the data to the service of the third-party partner. At that exact moment one asks the service to give the score of the previous user interaction and checks if that was a human-like behavior or a bot-like behavior. The service sends the score of the end-user's interaction quality, which can be: Fraudulent, Medium and Safe. Then the service decides either to let the transaction or block it. This service is mostly based on Machine Learning, which implies that the service learns about user's interaction behavior through time and it becomes better with time and usage.

 

Malicious App Detection

Whenever there is an interaction with a webpage one is always aware of the source of that interaction. Mostly because inside of that HTTP request of an interaction, there is a record of the source from which that request originated from. That parameter is called XFF (X-Forwarded-For - an HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer).

Based on this, one has a daily-updated database which is consisted of the list of all potentially harmful applications that were detected to have a fraudulent behavior. Therefore, the idea is to automatically block any app that is on that list. The list is updated frequently from a variety of sources, including industry collaborations, third-party partners and one’s direct monitoring.

 

From the industry knowledge, around 80% of these types of frauds are daily stopped with Malicious App Detection, whereas the other more refined 20% is stopped with Fraud Threat Score. All in all, the combination of Security features is what is needed in order to fight the ever-sophisticated attacks, which directly leads to keeping safe both the end-users, as well as the MNOs. On the other side, it means there will be significantly less complaints, avoided bad-dept and prevented user churn, and ultimately DCB reputation would be improved, meaning it will lead DCB one step closer to becoming a mainstream payment method.