From time to time I stumble upon a discussion of what is more important, the RA/FM tool or the RA/FM know-how/consulting. Often people put words in my mouth and say, “Obviously because you work for a vendor you will say that the tool is the most important part because you are biased.” Once and for all, I want to clarify my opinion – “The idea that the only thing important in RA/FM is the tool or the know-how, expertise, etc, is completely irrelevant”. OK, this was a joke – I clearly do not think that way, and I really hope that nobody will quote the previous sentence without this one that clarifies it was a joke (and I can think of some people in our industry that might do it). Only the combination of knowhow, expertise (either internal or consulting), deep knowledge of the business, and an appropriate RA/FM tool can bring the full RA/FM value to the organization. A tool alone is not enough. Know-how or consultancy is not enough. The combination of all aspects is necessary. This is my real opinion! Let’s go to another field and make an analogy that clarifies it.

Let’s look at databases. We can all agree that there is a limit to what skillful DBAs and data analysts can do in Access. Access could be appropriate for low volumes of data, with certain volumes of data loading, query load, query complexity, and required performance. There is a limit to what can be done with Oracle’s Exadata or IBM’s Netezza, without competent DBAs or data analysts. Moreover, the more primitive the database is, the more skills and time will be required from the personnel to achieve similar behavior to a modern database. For example, mimicking partitioning behavior and performance in a pre-partitioning database, which can be done to a degree using tables and views, will be much more demanding to design and maintain, both in terms of skills and time, than doing it in a modern state of art database with built-in partitioning support. So speaking in the database universe, you need to have the know-how to decide what you need to do and how to do it in your database, and deploy it. You need the appropriate database tool and infrastructure. You do not need an Exadata machine if you are a small retail shop; an Access or a small cloud-based database solution might do. But, if you are a retail conglomerate, you need a strong database. Moreover, regardless of your size, you will aim to a “friendly” database that will permit your DBA and data analysts to do their job efficiently, not wasting time on technicalities that modern databases give out of the box.

Back to RA, the analogy is obvious; a great tool alone will not do the trick. On the other hand, deep knowledge or excellent consulting alone will not do the trick either. Balance is needed to achieve the best results. You need to understand your situation – do you need an Access or an Exadata database, do you need Access experts or Exadata experts to help you.  All these options exist in the RA/FM world. You can buy standalone, Telco-grade RA/FM tools. You can buy managed services and Cloud solutions. You can get consulting to tailor a solution for your exact needs, or you can use a more out of the box approach and adapt to what is in the box. All these options are appropriate and good in different cases; just please don’t say, “I will invest only in a tool or only in people / consultancy,” because it will lead to seriously suboptimal results.

So please don’t ask me again what is more important the people expertise or the tool. It’s like the song goes “Love and marriage go together like a horse and carriage”. Here you can listen to the song from the “Married … with Children” TV series opening.

Some facts:

• The new iPad has a 2048-by-1536 display capable of recording and playing video in 1080p HD resolution. Some of its models have 4G LTE connectivity as well.

• The combination of the New iPad with large amounts of data being transferred over 4G networks, and the motivation to do it (proliferation of video content, capability to play it at 1080p HD resolution), could result in customers draining the allowances of the most common monthly data plans in just minutes. E.g. a typical 10GB plan costing 80 USD could be drained by consuming 3-4 HD movies from iTunes (around 3GB per movie), and, after you consume your allowance you might be required to pay around 10 USD per gigabyte. So, for your next movie you will be required to pay, on top of the payment to iTunes, an extra of 30 USD. (see here, here and here for a detailed discussion)

• In fact, the temptation to consume large amounts of data, if price plans will be updated, could result in clogging 4G Networks (see this article that appeared in Technology review)

Certainly Apple’s New iPad is leading the herd, but obviously other tablets will follow with similar screens and similar data consumption capabilities and temptations.

So, how will this all evolve?

I can think of several scenarios:

Today, according to analysis by Localystics, only 6% of iPad App Sessions are made on cellular connections, and, according to a report by Chetan Sharma, “only 10% of the tablets (as of Q4 2011) were cellular activated”. So it might be that in the years ahead, tablets’ 3G/4G usage will remain, due to the network limitations and price plans, a niche… well, a big niche, but still a niche market. This will avoid many headaches from operators, but at the same time will limit their capability to gain from this market. I think that this scenario is unlikely, there will always a competitor aiming to gain market share by proposing a “make sense” data plan to tablet owners, and everybody else will have to follow.

In many markets today, cellular data is a commodity; the customers do not perceive a real differentiator in terms of quality of the network, so it is mostly a price war. New bottlenecks in the networks might transform the situation into a quality war, which might give opportunity to charge more, but not excessively, accordingly to the quality of the network or service provided on top of the network. This might be a temporal opportunity for certain CSPs, but history has taught us that in the telecommunication market, this is normally a temporary situation.

Obviously new price plans will evolve; tiered data allowances, policy based charging e.g. charge differently according to the congestion of the network at a certain time, self provisioning of ad-hock data and quality allowances, etc. These plans will not be easy to implement with “old” BSS systems and will require obtaining and managing information from new data sources. This will require more investment in BSS and OSS systems. Moreover, there will be a need to give the customers tools to follow-up and understand how they are charged, and for what; this is not so trivial – just giving the user a list of thousands of data sessions with URLs and Kb downloaded from each will not do the trick.

So far I wrote about cellular networks, but the impact will also be felt on home networks in which a family with 4-5 bandwidth-hungry devices working in parallel will suffocate the wire line internet connection and, obviously, the WiFi hotspots as well.

What does this all mean for Revenue Intelligence?

Today in many places, Revenue Assurance does not work hard on verifying data consumption measurement and reporting accuracy. Yes, most of the data plans these days have limitations, but the limitations are appropriate to the data needs of users, so over–the-limit charging is not deeply analyzed by RA. Billing verification of policy-based charging is also not at the center of interest for a typical RA department. Fraud today is rarely committed to obtain illegal advantage over data consumption plans. With the new reality, data transportation might be in the center of the CSPs operation revenues and growth. Remember, it is not just the tablets, but also the Smartphone, that will become more data hungry, so all these new realities will be at the center of tomorrow’s leakages and Fraud. Revenue Intelligence departments could wait until losses become big and then attack the problem, or, as I always recommend, they can be proactive and put the necessary controls and mechanisms in place today in order to protect the new growth engines as they become more and more important.

The weather is nice… the tsunami is on its way

I am sure you all know the joke about the gentleman that decided to jump from the roof of a 100-story skyscraper. As he was passing the 50th floor, someone leaned out and yelled, “How’s it going?”. So far, so good,” answered the gentleman.

This bears similitude to the status of Fraud Management. The CFCA reports that ”annual fraud losses are $40.1 Billion (USD) down 33% from the CFCA’s 2008 survey1 and equivalent to its 2003 estimate.” The top five fraud loss categories according operator input to the CFCA are: Compromised PBX/Voicemail Systems, Subscription/Identity Theft, International Revenue Share Fraud, By-Pass Fraud, and Credit Card Fraud, pretty much the same as in past years.

So apparently, like the gentleman said, “So far, so good.” The amount of fraud impact is decreasing; I do not think that it is due to a reduction in fraudulent activity, so I will give the credit to more industry awareness and better FM systems. Moreover, apparently there are no new high impact types of fraud, so we can continue to deal with fraud types that are well known to us.

Lovely, but… new technologies, e.g. NFC, new business models, e.g. Mobile money, and the proliferation of Smartphones prone to Malware attacks, are creating, alongside with new opportunities, immense new threats. Answering these threats requires preparation; first to understand them, then to be able to detect, monitor and stop them, and ultimately to prevent them.

Traditionally there has been a clear separation between Fraud Management and security, looking at the list of threats such as malware, identity theft, and hijacked transactions, I expect that in 2012 this separation will become blurry, and much more cooperation at the level of the organization, and with processes and tools, will have to occur.

One fraud area that has been neglected by fraud management departments is internal fraud (including dealers and affiliates). Internal fraud causes huge damages, both direct financial damages, and damage to reputation. The market conditions will not permit to continue overlooking internal fraud. I expect that in 2012 internal fraud will be much more of a central focus in FM departments.

We are standing on the shore, the weather is great, the sea is calm, but many miles away the tsunami already started. We, as FM professionals, need to understand the situation and then take the necessary measures. As you can see from CFCA report, 2011 was still the year in which we enjoined the nice weather and calm waters. I am not sure if 2012 will be the year in which the tsunami will arrive, but I am pretty sure that 2012 will be the last opportunity for CSPs to prepare. Those who are not prepared on time will have to spend the following years improving their damage control skills.

I hope that everybody had a great 2011, and I wish everybody an even greater 2012.

More of the same … revolution

My 2011 forecast was titled, “The Beginning of the Revolution”. I spoke about the RA market developing and embracing new models. And yes, the revolution has begun. Not everybody likes it, yet it is here to stay, and personally, I think it is great.

Standardization

RA is being more and more standardized, and what better way to see it than to see that people are writing posts about over-standardization of RA. Who would have dreamed just 3-4 years ago that RA would be accused of having too much standardization? Standardization is good! Standardization is not intended to hinder creativity or ingenuity. Quite the opposite, standardization prevents wasting energy trying to re-invent the wheel. It permits us to direct our creative energy and time to expand into new frontiers. Think of Star Trek; instead of “boldly going where no man has gone before” in each episode the Enterprise would return to solve the same problem they already solved last week. It would be quite boring and tedious. Standardization promotes and directs creativity to where it is really needed.

Combining Risk Management and RA

For many years, each RA project started with a Risk Assessment, and, in most cases, the risk part was forgotten after the initial set of controls (in the RA sense) was selected. In 2010, the TM Forum released the first version of the Revenue Assurance Risk Coverage Model (back then it was called “RA Coverage model”). Since then a second version was released and a risk based approach was incorporated into the RA management life cycle, not just at its beginning, but as an integral part. This offers huge benefits to mature, RA-wise operators. In my meetings in 2011, I encountered many operators that were using or in the process of adopting and adapting this approach; some of them influenced by the material we developed at the TM Forum, others by developing similar methodologies in parallel (a strong indication   of the real need). The combination of Risk Management and RA is here to stay.

Quantification of the impact of RA

Almost every RA project department has to report what it contributes to the company. Some people think it is inappropriate, but I fail to understand why. Due to the lack of standardization RA professionals had to work hard, again and again, to create the metrics to show their contributions. This year, a lot of work has been put into creating a standard methodology. Last year I thought that this work would be concluded by 2011, but it did not; it is scheduled to be concluded in 2012 with a new set of recommendations by the TM Forum. The large number of people and companies that are taking part in this effort is a strong indication of the real need and expected adoption. Just to emphasize, the intention is not to develop a magic formula that will tell you how much RA contributed to a CSP, but to develop a set of well defined metrics, that can, and should be interpreted and given different levels of importance according to the realities of the different CSPs.

So, what I expect that will happen in 2012 is just more of the same…revolution. More standardization, more adoption of Risk based RA, better defined methods of impact measurements. Yes, in 2008 all this was still science fiction, and in 2012 it will simply be a continuation of the revolution that started in 2011.

I hope that everybody had a great 2011, and I wish everybody an even greater 2012.

Carrier IQ’s recent story is well known by now; the security researcher, Trevor Eckhart’s findings indicated that Carrier IQ’s device management software, which is pre-installed by several CSPs in different devices, collects a variety of information including logging user keystrokes (see his video here), and may send some of this sensitive information to CSPs.

Here you can find more information on how Carrier IQ functions on devices

Of course, there is a lot of controversy not only about the implications, but also about the facts themselves.

Carrier IQ claims:

“Our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video” …

“Consumers have a trusted relationship with operators and expect their personal information and privacy to be respected.  As a condition of its contracts with operators, Carrier IQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers’ networks or in our audited and customer-approved facilities”.

In an interview, Andrew Coward, Carrier IQ VP of marketing, says that the alleged log file shown in Trevor Eckhart’s video is unrelated to Carrier IQ and is due to a glitch in the handset manufacturer configuration (according to the Verge HTC). Dan Rosenberg, a security expert, supports this claim.  I am certainly in no position to decide what the reality is; is it just a glitch by HTC, or a common practice? However, it seems that the following points are agreed, as summarized by the Verge:

“It’s also important to note that CIQ’s software is still, in fact, listening to both keystrokes and SMS messages on many devices, though CIQ claims it does not log, store, or transmit them.”

“You should still be aware that CIQ does keep a temporary log file of its own. CIQ implied that it is stored in a specialized part of the phone’s memory and stated outright that it is not stored in plain text.”

And Dan Rosenberg adds that Carrier IQ keeps:

“logs full URLs with query parameters and other data of this nature”

From my narrow Revenue Intelligence perspective I have two unanswered questions: Was this data sent also while roaming, and, if so, who paid for it? It may very well be a very small amount of data, yet I personally would hate to pay for it. The second question is what was the amount of security applied to Carrier IQ log data? Did fraudsters and malware mange to take advantage of this data, e.g., could a malware instead of doing complex activities, just read the data from Carrier IQ logs? I do not yet know the answer to these questions, but they are certainly bothering me.

“What you don’t know won’t hurt you” might be correct in some situations, however, I am a big believer that, in business in general, and in Revenue Intelligence in particular, “If you can’t measure it you can’t manage it”. Measuring is essential to run our Revenue Assurance and Fraud Management activities.

Measuring can be overwhelming. Having too many Metrics, KPIs, and KRIs might result in the typical “not seeing the forest for the trees”. Let me select between having 2000 strategic level KPIs that give me 99% of the picture to having 20 KPIs that give me 85% of the picture, and I will always select the 20 KPIs. However, selecting a small set of KPIs that gives a large part of the picture is nontrivial. In the field of Revenue Assurance (RA) the TM Forum RA team did this work for you, and it offers a small set of strategic Revenue Assurance Standard KPIs (RASK).

In the last version of RASK (GB941-A version 3.5), two new KPIs for measuring overbilling were added. I consider this an important addition; from my point of view overbilling is more dangerous for the CSPs than under-billing. In under-billing you know exactly the amount you lost, in overbilling you are exposed to high penalties, loss of reputation, regulatory sanctions, etc., so the addition of these two new KPIs closes the gap in the previous version of RASK.

Having the right Metrics/KPIs and using them internally is important, but not enough. An important benefit of using RASK is the ability to benchmark with other CSPs that use exactly the same metrics. A recent survey, which included both TM Forum members and non-members, showed that 25% of the participating CSPs use RASK.

The TM forum provides the appropriate environment and performs yearly studies on RASK. Participants submit data using a web interface, and are also able to use the web interface to query their performance versus the rest of the industry or versus relevant segments (e.g., by CSP size or region). Even though this approach is very successful, it has some limitations. Submission of the data requires collecting it manually from several systems, calculating the actual values, and posting them manually. Manual work means dedicating resources for doing it and susceptibility to manual calculation errors. The result is a yearly report, not something live that is always up-to-date, and the comparisons reports are not visible in the “regular” operational system, dashboards, or reports. The TM Forum recently launched its Business Metrics Automation program. The idea is to enable operational tools (e.g. RA tools), to collect the metrics, report them automatically on a monthly basis to the TM Forum servers (highly secured), and to retrieve and query the industry information directly from the “regular” operational tool.

BMA is an important development for RA practitioners as it automates the calculation of RASK in existing RA tools, reducing the day to day effort needed for the calculations. It permits the user to automate the data submission and it will permit (in its next version) the retrieval of industry data from the TM Forum servers. The impact of the reduced required resources will be an increase in the RASK adoption, giving the industry data even more value. You can read more about BMA here.

Ending with a quote which is sometimes attributed to Albert Einstein and other times to William Bruce Cameron “Not everything that counts can be counted and not everything that can be counted counts”. I agree. It is difficult to disagree with Einstein, even though CREN reported that they were able to “generate” neutrinos that were faster than the speed of light which will require modification in the Einstein Theory, but this is another story. Back to our quote; please do not misinterpret it. There are things that count very much  and can be counted in our profession, so make sure you count/measure them. There are also many things that can be counted/measured that are irrelevant or have marginal importance to us, the Revenue Intelligence professionals. RASK helps to distinguish between these two groups, and BMA helps us to take more advantage from RASK with less effort.

You can get Frequent Flyer Miles for free by buying actual 1 dollar coins at their nominal value. The US Mint is selling $1 Coins at cost and offering free shipping. You can buy the coins using a credit card that accumulates Frequent Flyer Miles. Basically, you can buy 500 coins worth a total of 500 USD, pay 500 USD using your credit card, and accumulate miles.
Read the rest of this entry »

I read with great delight an article in which Lee Scargall and David Stuart described how they used the TM Forum’s RA methodology, the RA Maturity Model (GB941 addendum B) and the Leakage Framework (GB941 addendum D), to add over $50 million to the bottom line of Qtel in the first year of their 3-year RA program. Read the rest of this entry »

Last week I attended the TM Forum team action week in Paris. Great event, we had plenty of interesting discussions in the RA team.  One of the sessions was about the calculating the impact of RA activities. Basically we looked at different scenarios in which a leakage occurred, was detected and was partially recovered. We were a bunch of RA specialists, many of us doing this as their day-to-day activity, we analyzed about 12 scenarios. Each of the participants was asked to calculate what the worth of each of the scenarios was, and later we compared and analyzed the different results. Read the rest of this entry »

Last year I gave my RA forecast for the first part of the decade – we still have 4 years to see if it was accurate. Do not expect too much, I predict that like most of the forecasts, last years will not be too accurate. (Reminds me of the famous liar paradox, “This sentence is false”.) Read the rest of this entry »