This action might not be possible to undo. Are you sure you want to continue?
Billing Audit on a Mobile Operator— Call Detail Record
By Dale Johnstone and Ellis Chung Yee Wong, CISA, CFE, CISSP
call detail record (CDR) in the telecom sector is a file that contains information about voice calls. CDR files are used to help determine call rates and the calculation of billable amounts, such as international direct dialing (IDD) calls, as they contain information about source and destination identifiers, and the starting time and duration of calls. In spite of the emergence of new telecommunications technologies, i.e., from fixed line to mobile networks, the fundamental concept of and reliance on CDRs for rating and billing purposes remain more or less the same. In today’s mobile network, CDRs may contain information on more than one type of traffic, e.g., voice calls, video calls, Short Message Service (SMS) traffic and other data services. The change of business model in mobile network business, due to the new technology capabilities of third generation (3G) mobile networks, has shifted the importance from voice calls to other value-added content services. As a result, the formats and generation of CDRs have increased in terms of their complexity. According to a study1 on revenue loss in 2006 based on feedback from almost 100 telecom operators around the world: • Mobile operators have the highest average revenue leakage (14 percent) • Fraud (external, internal and by other operators) is the number one factor in losses; the average fraud losses have grown to 4.5 percent of revenue from 2.9 percent in the previous year In addition to fraud, three other sources of revenue leakage are discussed in the study: poor processes and procedures, poor systems integration, and problems associated with applying new products and pricing schemes. This article highlights some high-risk areas for potential CDR leakage or fraud in postpaid services, and explains how the potential losses can be identified. An overview of the billing process provides a basis for understanding, the major sources of CDRs are then identified, and finally the four distinct control areas designed to address revenue leakage that results from the processing of CDRs are presented.
Figure 1—Simplified Billing Process
CDRs From Providers/ Partners Voice CDRs
Mediation Data CDRs
partners (e.g., IDD unilateral/bilateral agreements and content services providers), roaming2 partners (data and/or voice), and Short Message Service (SMS) clearinghouses. These CDRs, unlike those generated internally, could be routed to either the mediation module for preprocessing or directly to the billing system. CDRs entering the billing engine first undergo the rating process; the actual billable amount is adjusted further according to the subscribed services and products.
Major Sources of CDRs
There are three major sources of CDRs: • Voice servers • SMS • Data services Voice Servers Mobile phone call conversation traffic (whether it is outgoing or incoming, and involves a fixed or mobile network) is deemed to pass through a key mobile network element known as a mobile switching center (MSC). Since the core function of an MSC is call routing, the raw CDR of a call is typically being collected, generated and maintained within the MSC. In a local call scenario, the traffic may be connected through the MSC to a public-switched telephone network (PSTN) for a fixed-line network or directly to an MSC of another mobile network operator. For an IDD call being made from a mobile phone, its traffic may be routed from an MSC to an international toll gateway (ITG) or other IDD services providers. The functions of an ITG are similar to an MSC in the maintenance of CDRs and call routing, except the former
A simplified billing process of a mobile operator is shown in figure 1. The raw CDRs generated from various network elements within the operator are sent to a centralized location, often referred to as a mediation module, for prebilling process. A prime function of the mediation module is to transform and clean raw CDRs and place them into a format acceptable by a billing engine. Apart from the internally generated CDRs, a mobile operator may also be required to obtain CDRs from its business
the mobile network operator can minimize both technical and business arrangements in operating SMS business. a mobile operator requires connectivity to other telecommunications providers when routing IDD calls through MSC/ITG and SMS through SMSC. multimedia messaging and corporate e-mail services Online services Payment services E-mail and picture messaging Short Message Service The CDR of an SMS is generated and recorded in a network element called a Short Message Service center (SMSC).is for IDD calls only. contingency requirements and availability of JOURNALONLINE . A mobile operator often connects to more than one counterpart for reasons associated with costing.5-gigabyte network architecture is the foundation for mobile operators that offer high-speed data services. Figure 5—A Simplified GPRS Network Diagram Data Services The Global System for Mobile Communication (GSM). a change in the charging terms. Information being used for data service billing purposes may include volume. Therefore. CDR reconciliation. An SMS clearinghouse provides dedicated routing paths for a mobile operator to send/receive SMS messages to/from other telecommunication operators. buffering and transferring CDRs to the mediation module of the billing system.. Figure 2 illustrates the flow of both local and international voice calls.e. has a maximum data speed of 9. Routing Path Selection As mentioned in the previous sections on voice services and SMS. Figure 5 is a simplified diagram of the GPRS architecture. The progression of GPRS infrastructure allows enhanced data rates for GSM Evolution (EDGE) technology to offer data rates up to 384 Kbps. Selected data services are listed in figure 4. whenever there is network activity on data being transferred.4 The information collected from the SGSN and the GGSN is first sent to a dedicated charging gateway (CG) prior to being forwarded to the mediation module. while a data rate up to 2 Megabits per second (Mbps) can be achieved in 3G mobile networks. creates a CDR. Typically. and types of content-related information. The CG makes a log entry. 2 Audit Considerations The major audit considerations for CDRs include routing path selection. applications. games and chatting Micropayment transactions Push mail. i. Figure 3—Illustration of SMS Routing Through an SMS Clearinghouse The packet-based data transmission nature of GPRS distinguishes the data services billing mechanism from voice services that are charged mainly on duration of calls and time of day. filtering rules maintenance and logical protection. demonstrating how CDRs are routed to the billing system. web mail. The main function of a CG is to collect CDRs from both the SSGN and GGSN. The General Packet Radio Service (GPRS) 2. usage sources of data services are recorded at the Serving GPRS Support Note (SGSN)3 and the Gateway GPRS Support Node (GGSN).6 kilobits per second (Kbps) and is based on circuitswitching technology. The SMSC provides a store and forward function delivering SMS messages to intended destination users when they are available. transmission start and end times. The SMS messages designated to networks of other fixed-line or mobile operators are routed to the respective SMS message partners or SMS clearinghouse(s) for further delivery. Figure 3 describes the SMS operation. Figure 2—Illustration of an Outgoing Call to Both Local and Overseas Destinations Figure 4—Typical Data Services Application Broadband access Description Video and audio streaming. a second generation (2G) network. an alteration in quality of service or if a data session ends. in terms of packet or byte count. web surfing and corporate virtual private network (VPN) services Banking. file download.
This should be well documented.. for example. ITG. In this respect. web server. HLR and VLR maintain a list of authorized subscribers admissible to a mobile operator’s infrastructure.g. SMS clearinghouses. SMSC. accessible by subscribers of a mobile operator. firewalls. a change in charging mechanism by a content service provider. Furthermore. CG. At the host level. volume of data in content services.g. roaming. CDR Reconciliation CDRs between various network elements and billing engines should be compared and reconciled on a regular basis. SSGN. trunk assignment according to a different pricing zone).. GGSN.e. duration of service. and trunk ID (e. • System interfaces control of key network elements (e. is the most important factor to ensure that appropriate and complete information is delivered to the billing engine for rating and calculation. the CDRs among the network elements within a mobile operator are required to be reconciled. together. an operator might want to maintain a versatile routing-path-selection procedure. and intrusion detection/prevention systems. for the service type to be mapped accurately against the corresponding rate plan for correct billing. • Appropriateness and timeliness of CDR reconciliation testing. The scope of the test should be extensive in terms of the coverage and range of service agreed to by the internal parties and external counterparts. Figure 6 identifies typical network elements involved in the CDR reconciliation process. and any modification on the system interface should be approved adequately. CG.5 A mobile operator’s reconciliation process must be adaptable enough to accommodate the complexity of technology and the need for prompt response to emerging business requirements.. calling number). mediation module.services within particular regions. which can assist in lowering the running costs wherever possible. 3 . such as types of service (e. Some common observations that coincide with the findings from the study8 introduced previously are described in figure 7. ring tone server. roaming partners. SMSC. It is. source and destination (e. SMS.. In addition. a replacement of a network element with that of a different manufacturer. Due to strong competition within the telecommunications industry. content server origination and format are expected to be compatible with defined business requirements. content service providers and mobile virtual network operators (MVNOs). including other telecom carriers. programming of conditions according to predefined business requirements found in the mediation module. data).. an auditor should determine the adequacy of change controls over filter rules and the retention management process of the CDRs prior to being filtered for future verification and/or regulatory purposes. or newly imposed pricing schemes of the IDD service carriers could all have various degrees of impact on reconciliation controls. e. the reconciliation of CDRs is complicated. therefore. GGSN. sorting of records by service type. duration. ITG. e. so an inspection of the integrity of the database and its modification process would be a useful task to perform. may require inspection of program logic and a determination of whether the programs would have any adverse effect on information. commencing time and end time. i. SMS server Internet Protocol (IP) router.e. This is necessary to maintain the integrity and independence of the verification of CDR entries. collection of CDRs from web content servers. Filtering Rules Maintenance The correctness of filtering rules. The CDRs’ JOURNALONLINE Conclusion and Summary An audit on the billing (i. An auditor should be aware that. Dynamic Host Configuration Protocol (DHCP) servers. To this extent. availability and protection of an audit trail. wireless access point (WAP) server. home location register (HLR)6 and visitor location register (VLR)7 from unauthorized access and/or configuration change. SSGN. IP switch. • Alignment of business arrangements associated with CDR generation and collection establishments. billing engine. domain name service machines. identification of called and calling parties.g. CG. an auditor could explore internal control questions (ICQs) related to the routing-path-selection criteria controls in making a change. An assessment of filtering rules. called number. Figure 6—Network Elements for CDR Reconciliation Service Type Voice SMS Data Typical Network Elements MSC. an auditor may access the adequacy of protection on critical network elements including ITG. Auditors are expected to conduct in-depth reviews and analysis on CDRs. IP address. possible to find mobile operators accepting a certain level of discrepancy/loss in their CDRs instead of extending resources and efforts to ensure the necessary controls. The mobile operator is required to settle and approve CDRs with its business partners. and validity of business arrangements with the counterparts. to identify any discrepancies. typical information technology (IT) audit tasks could be carried out on network routers and switches. In evaluating potential revenue leakages or frauds that arise from deficiencies in the CDR reconciliation process. base station SMSC.. It is necessary.g. an auditor might examine the following areas: • Segregation of duties between the operation of the network infrastructure and the reconciliation process. voice.. leading to the prevention of revenue leakages. A new type of service offering. therefore.g. a delay in the scheduled delivery of CDR files from roaming partners. MSC. CDR) of a mobile operator is not a trivial task because of the diversity of technology and number of manual and automatic processes involved..g. MSC. GSGN. Logical Protection The evaluation of network-level logical controls can be focused on the data services’ infrastructure. SGSN. and. mediation module). It can be seen from figure 6 that many network elements are involved in data services.
. © 2008 ISACA. or the editors of this Journal.. auditing. resulting in lost revenue • (The following does not have a direct relationship with leakage due to CDR.. in particular. reprint or republication. e.g. manufacturing.isaca.Figure 7—Sources of Revenue Leakage and Observation High-risk Areas Contributing to Revenue Leakage Poor processes and procedures Common Observation Lack of/incomplete documentation: • Routing path selection. He maintains active memberships with a number of international standards bodies. IT security. and maintains necessary routing information to tunnel the data traffic to the SGSN. MSC. permission must be obtained in writing from the association. such as the Internet. Operator Attitudes to Revenue Management Survey 2007. to minimize the number of control points) • Inadequate planning in deployment/replacement of new technology. and first and last page number of each article. defense. risk assessments and investigation. Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. entitles one to receive an annual subscription to the Information Systems Control Journal. It also performs functions including tracking a mobile device location.com/ roaming/index. HLR. abusing the use of testing SIM cards) • Selection of business partners • Business partners/customers of similar services.subexazure. telecommunications and manufacturing. He can be reached at elliswong@hangseng. and from opinions endorsed by authors’ employers.. www. 27 Congress St.) Business rules could not be enforced on the billing system due to a technical reason or a poor business decision. international mobile subscriber identity (IMSI). As an information security evangelist with more than 20 years of professional information security management and IT experience. 8 Op cit. CISSP is an IT audit manager in Hang Seng Bank of HSBC Group. Send payment to the CCC stating the ISSN (1526-7407).g. volume. external system interfaces are customized on an individual basis. Mass. configuration and audit trail • Filtering rule programming and specification • Infrastructure diagrams detailing the inflow and outflow of traffic • Logic on billing process Inadequate process: • Approval of change in configuration (e. as opposed to a more unified approach. For other copying. Instead. system interfaces. a voluntary organization serving IT governance professionals.johnstone@pccw. are maintained by other means instead of the billing system. For a subscriber to be entitled to a free handset. Promotion programs. He can be reached at dale. finance. Salem. date. an MVNO has a business arrangement with traditional mobile operators (e. Poor systems integration Problems associated with applying new products and pricing schemes Endnotes Subex Azure. or access other services when traveling outside the geographical coverage area of the home network. Subex Azure 6 Dale Johnstone is the chief security consultant for the Risk Management Group of PCCW Ltd.. i. but the HLR is located elsewhere. for a flat fee of US $2. VLR) • Control over testing process (e.org 2 .50 per article plus 25¢ per page. ITG. service restrictions. 3 SGSN is the node within the GSM infrastructure that sends and receives packet data to and from the mobile stations and keeps track of the mobile devices within its service area. www. by means of using a visited network. Johnstone has been involved in various industry sectors including government.g. www.gsmworld.shtml. for example. Ellis Chung Yee Wong.com. leading to additional workloads (e.g. Opinions expressed in the Information Systems Control Journal represent the views of the authors and advertisers. that supersedes the existing pricing arrangement. routing path. He has focused on such areas as IT operations. CFE.. he/she must fulfill the minimum contractual period. 7 VLR is a database that contains temporary information about the mobile subscribers who are currently located in a given SMSC service area. transportation and telecommunications. including finance.. but with different technical arrangements (e. 5 MVNO is a mobile operator that does not own any radio frequency spectrum and usually does not maintain a mobile network infrastructure. or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited. 01970. law enforcement.. 4 GGSN is the node that interfaces to external public data networks. 1 HLR is a database that maintains mobile subscriber information.e. permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC). He has experience in a number of industries. to photocopy articles owned by ISACA.com 2 According to the GSM Association. send and receive data. Information Systems Control Journal does not attest to the originality of authors' content. Copying for other than personal use or internal reference. CISA.g. They may differ from policies and official statements of ISACA and/or the IT Governance Institute® and their committees. the early cancellation of a contract would not be detected. service subscription information. business rules.g. Information Systems Control Journal is published by ISACA. additional programming efforts required to convert CDRs of new brand/type equipment to a format acceptable by the existing billing process) • A newly imposed pricing scheme.com. Where necessary. user verification and collection of information for billing. however. Membership in the association. All rights reserved. those who process both the radio frequency and infrastructure) to buy minutes and services of use at a discount to sell to its own customers. “roaming” is the ability for a cellular customer to automatically make and receive voice calls.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.