It feels like I just wrote my 2012 predictions and we are already starting 2013. I guess it’s true that time flies when you’re having fun.

Two months ago I detected a problem; a discount that should have been applied to my account wasn’t. Further research revealed that they ceased to apply it 4 month ago (shame on me). I called several times and sent emails; they did not give me a satisfactory answer, so I escalated it to the manager. Eventually they reimbursed me and said that they will fix it immediately. I requested to get a printed statement showing the discount to which I am entitled and its expiration date. They send me the statement, but excluded the expiration date, saying that it expires in a year, but it is renewed automatically so I shouldn’t worry (ok, if I only had my towel I would not have panicked – please ignore this phrase if you are not familiar with the The Hitchhiker’s Guide to the Galaxy). In the process, since I was already on the phone with them, I negotiated some additional discounts. They did not give me all I requested, but I managed to get some extra discounts.

Some time went by and I checked once again what the status was. I had a nice printout stating my discounts, and, as you might guess, the discounts look nice on paper, but in reality they were not applied. Moreover, I was charged a sum for something I did not understand. Some extra calls, some extra emails, and it was finally resolved and I was reimbursed for the extra costs.

So why I am telling you this seemingly trivial story, we see many situations like this day after day and I wanted to emphasize how much it costs these companies; about 4 phone calls, answering about 6 emails, giving me extra discounts (which I wouldn’t have bothered to request if I didn’t have to call them in the first place – shame on me), the cost of correcting these problems in their IT systems, etc.

Oh, and by the way, I forgot to mention that this story is not about my CSP, it is about my bank. I am sure this would never happen at a CSP.

We won the TM Forum Distinguished Fellow Award. See here. Do not get me wrong, I did not adopt the majestic plural, the royal “we”. Yes, I personally did receive this award, of which I am very proud, but it really reflects the herculean job all us RA professionals, individuals, vendors, and CSPs did over the last decade; we transformed a concept, in which not many believed at the beginning, to a well defined discipline. I do not think that RA arrived at Nirvana yet, as there is still much to do, but we are certainly advancing in the right direction.

RA started more than a decade ago, but it was mainly a secret trade of just a few. About a decade ago people started to speak aloud about RA, but not everybody embraced it. I recall my first meetings with CSPs in which I heard things like, “Are you telling me that my Ordering/Billing/Inventory/Network/etc. configuration is not aligned with my Ordering/Billing/Inventory/Network/etc. and that because of that I am not charging correctly/overpaying? … this cannot be the reality, … and if that would be the reality then it means that I am not doing my job properly and I should be fired…”. As a short side comment, this is what I hear today when speaking with Utilities suppliers. A decade ago there was no well defined standard RA process, and we, the RA professionals, were striving to get the recognition that RA needs.

After a few years there were some very successful RA projects in the industry, most of them focused on “low hanging fruits” , high leakage detection, and high recovery, which was very appropriate for the epoch of the financial crisis. RA got some recognition, but it was not yet well established. People were wondering if RA would continue after the financial crisis. You heard things like, “OK now RA is needed, but soon the financial crisis will end, CSPs will go back to caring mainly about market share and less about revenues and margins, and then RA will cease to exist”. Oh, those lovely, naïve days. But CSPs realized that even in great economic periods, market share is not enough, leaving 1-15% of your revenues, depending which studies you were reading at the time, on the table, is just too much. So, RA continued to exist. A few years went by and the flat rate, all you can eat fashion arrived, and people said, “If everything would become flat rate then RA would disappear”. But the industry realized that there is much more to RA than just verifying the billing of CDRs, and also the flat rate fashion started to fade. So once again RA continued to exist. In parallel to all this,  RA became more and more established, and the RA team in the TM Forum was, and still is, the focal point of this process: RA process and information models definitions in the eTOM and SID, RA standard KPIs, RA maturity model, Inventories of typical Revenue leakages scenarios, RA related risks, controls, merging of enterprise risk management techniques into RA, numerous Catalyst projects that explored and tested new concepts in RA. Many of these new concepts are standard RA techniques today and much more was contributed by RA professionals to the TM Forum Frameworx.

I had and have the privilege to be part of all this, and I am very honored to be receiving our award, because I really believe that it is a well deserved award, that we all, as a community, earned for the fabulous work we all did together.

From time to time I stumble upon a discussion of what is more important, the RA/FM tool or the RA/FM know-how/consulting. Often people put words in my mouth and say, “Obviously because you work for a vendor you will say that the tool is the most important part because you are biased.” Once and for all, I want to clarify my opinion – “The idea that the only thing important in RA/FM is the tool or the know-how, expertise, etc, is completely irrelevant”. OK, this was a joke – I clearly do not think that way, and I really hope that nobody will quote the previous sentence without this one that clarifies it was a joke (and I can think of some people in our industry that might do it). Only the combination of knowhow, expertise (either internal or consulting), deep knowledge of the business, and an appropriate RA/FM tool can bring the full RA/FM value to the organization. A tool alone is not enough. Know-how or consultancy is not enough. The combination of all aspects is necessary. This is my real opinion! Let’s go to another field and make an analogy that clarifies it.

Let’s look at databases. We can all agree that there is a limit to what skillful DBAs and data analysts can do in Access. Access could be appropriate for low volumes of data, with certain volumes of data loading, query load, query complexity, and required performance. There is a limit to what can be done with Oracle’s Exadata or IBM’s Netezza, without competent DBAs or data analysts. Moreover, the more primitive the database is, the more skills and time will be required from the personnel to achieve similar behavior to a modern database. For example, mimicking partitioning behavior and performance in a pre-partitioning database, which can be done to a degree using tables and views, will be much more demanding to design and maintain, both in terms of skills and time, than doing it in a modern state of art database with built-in partitioning support. So speaking in the database universe, you need to have the know-how to decide what you need to do and how to do it in your database, and deploy it. You need the appropriate database tool and infrastructure. You do not need an Exadata machine if you are a small retail shop; an Access or a small cloud-based database solution might do. But, if you are a retail conglomerate, you need a strong database. Moreover, regardless of your size, you will aim to a “friendly” database that will permit your DBA and data analysts to do their job efficiently, not wasting time on technicalities that modern databases give out of the box.

Back to RA, the analogy is obvious; a great tool alone will not do the trick. On the other hand, deep knowledge or excellent consulting alone will not do the trick either. Balance is needed to achieve the best results. You need to understand your situation – do you need an Access or an Exadata database, do you need Access experts or Exadata experts to help you.  All these options exist in the RA/FM world. You can buy standalone, Telco-grade RA/FM tools. You can buy managed services and Cloud solutions. You can get consulting to tailor a solution for your exact needs, or you can use a more out of the box approach and adapt to what is in the box. All these options are appropriate and good in different cases; just please don’t say, “I will invest only in a tool or only in people / consultancy,” because it will lead to seriously suboptimal results.

So please don’t ask me again what is more important the people expertise or the tool. It’s like the song goes “Love and marriage go together like a horse and carriage”. Here you can listen to the song from the “Married … with Children” TV series opening.

Some facts:

• The new iPad has a 2048-by-1536 display capable of recording and playing video in 1080p HD resolution. Some of its models have 4G LTE connectivity as well.

• The combination of the New iPad with large amounts of data being transferred over 4G networks, and the motivation to do it (proliferation of video content, capability to play it at 1080p HD resolution), could result in customers draining the allowances of the most common monthly data plans in just minutes. E.g. a typical 10GB plan costing 80 USD could be drained by consuming 3-4 HD movies from iTunes (around 3GB per movie), and, after you consume your allowance you might be required to pay around 10 USD per gigabyte. So, for your next movie you will be required to pay, on top of the payment to iTunes, an extra of 30 USD. (see here, here and here for a detailed discussion)

• In fact, the temptation to consume large amounts of data, if price plans will be updated, could result in clogging 4G Networks (see this article that appeared in Technology review)

Certainly Apple’s New iPad is leading the herd, but obviously other tablets will follow with similar screens and similar data consumption capabilities and temptations.

So, how will this all evolve?

I can think of several scenarios:

Today, according to analysis by Localystics, only 6% of iPad App Sessions are made on cellular connections, and, according to a report by Chetan Sharma, “only 10% of the tablets (as of Q4 2011) were cellular activated”. So it might be that in the years ahead, tablets’ 3G/4G usage will remain, due to the network limitations and price plans, a niche… well, a big niche, but still a niche market. This will avoid many headaches from operators, but at the same time will limit their capability to gain from this market. I think that this scenario is unlikely, there will always a competitor aiming to gain market share by proposing a “make sense” data plan to tablet owners, and everybody else will have to follow.

In many markets today, cellular data is a commodity; the customers do not perceive a real differentiator in terms of quality of the network, so it is mostly a price war. New bottlenecks in the networks might transform the situation into a quality war, which might give opportunity to charge more, but not excessively, accordingly to the quality of the network or service provided on top of the network. This might be a temporal opportunity for certain CSPs, but history has taught us that in the telecommunication market, this is normally a temporary situation.

Obviously new price plans will evolve; tiered data allowances, policy based charging e.g. charge differently according to the congestion of the network at a certain time, self provisioning of ad-hock data and quality allowances, etc. These plans will not be easy to implement with “old” BSS systems and will require obtaining and managing information from new data sources. This will require more investment in BSS and OSS systems. Moreover, there will be a need to give the customers tools to follow-up and understand how they are charged, and for what; this is not so trivial – just giving the user a list of thousands of data sessions with URLs and Kb downloaded from each will not do the trick.

So far I wrote about cellular networks, but the impact will also be felt on home networks in which a family with 4-5 bandwidth-hungry devices working in parallel will suffocate the wire line internet connection and, obviously, the WiFi hotspots as well.

What does this all mean for Revenue Intelligence?

Today in many places, Revenue Assurance does not work hard on verifying data consumption measurement and reporting accuracy. Yes, most of the data plans these days have limitations, but the limitations are appropriate to the data needs of users, so over–the-limit charging is not deeply analyzed by RA. Billing verification of policy-based charging is also not at the center of interest for a typical RA department. Fraud today is rarely committed to obtain illegal advantage over data consumption plans. With the new reality, data transportation might be in the center of the CSPs operation revenues and growth. Remember, it is not just the tablets, but also the Smartphone, that will become more data hungry, so all these new realities will be at the center of tomorrow’s leakages and Fraud. Revenue Intelligence departments could wait until losses become big and then attack the problem, or, as I always recommend, they can be proactive and put the necessary controls and mechanisms in place today in order to protect the new growth engines as they become more and more important.

The weather is nice… the tsunami is on its way

I am sure you all know the joke about the gentleman that decided to jump from the roof of a 100-story skyscraper. As he was passing the 50th floor, someone leaned out and yelled, “How’s it going?”. So far, so good,” answered the gentleman.

This bears similitude to the status of Fraud Management. The CFCA reports that ”annual fraud losses are $40.1 Billion (USD) down 33% from the CFCA’s 2008 survey1 and equivalent to its 2003 estimate.” The top five fraud loss categories according operator input to the CFCA are: Compromised PBX/Voicemail Systems, Subscription/Identity Theft, International Revenue Share Fraud, By-Pass Fraud, and Credit Card Fraud, pretty much the same as in past years.

So apparently, like the gentleman said, “So far, so good.” The amount of fraud impact is decreasing; I do not think that it is due to a reduction in fraudulent activity, so I will give the credit to more industry awareness and better FM systems. Moreover, apparently there are no new high impact types of fraud, so we can continue to deal with fraud types that are well known to us.

Lovely, but… new technologies, e.g. NFC, new business models, e.g. Mobile money, and the proliferation of Smartphones prone to Malware attacks, are creating, alongside with new opportunities, immense new threats. Answering these threats requires preparation; first to understand them, then to be able to detect, monitor and stop them, and ultimately to prevent them.

Traditionally there has been a clear separation between Fraud Management and security, looking at the list of threats such as malware, identity theft, and hijacked transactions, I expect that in 2012 this separation will become blurry, and much more cooperation at the level of the organization, and with processes and tools, will have to occur.

One fraud area that has been neglected by fraud management departments is internal fraud (including dealers and affiliates). Internal fraud causes huge damages, both direct financial damages, and damage to reputation. The market conditions will not permit to continue overlooking internal fraud. I expect that in 2012 internal fraud will be much more of a central focus in FM departments.

We are standing on the shore, the weather is great, the sea is calm, but many miles away the tsunami already started. We, as FM professionals, need to understand the situation and then take the necessary measures. As you can see from CFCA report, 2011 was still the year in which we enjoined the nice weather and calm waters. I am not sure if 2012 will be the year in which the tsunami will arrive, but I am pretty sure that 2012 will be the last opportunity for CSPs to prepare. Those who are not prepared on time will have to spend the following years improving their damage control skills.

I hope that everybody had a great 2011, and I wish everybody an even greater 2012.

More of the same … revolution

My 2011 forecast was titled, “The Beginning of the Revolution”. I spoke about the RA market developing and embracing new models. And yes, the revolution has begun. Not everybody likes it, yet it is here to stay, and personally, I think it is great.

Standardization

RA is being more and more standardized, and what better way to see it than to see that people are writing posts about over-standardization of RA. Who would have dreamed just 3-4 years ago that RA would be accused of having too much standardization? Standardization is good! Standardization is not intended to hinder creativity or ingenuity. Quite the opposite, standardization prevents wasting energy trying to re-invent the wheel. It permits us to direct our creative energy and time to expand into new frontiers. Think of Star Trek; instead of “boldly going where no man has gone before” in each episode the Enterprise would return to solve the same problem they already solved last week. It would be quite boring and tedious. Standardization promotes and directs creativity to where it is really needed.

Combining Risk Management and RA

For many years, each RA project started with a Risk Assessment, and, in most cases, the risk part was forgotten after the initial set of controls (in the RA sense) was selected. In 2010, the TM Forum released the first version of the Revenue Assurance Risk Coverage Model (back then it was called “RA Coverage model”). Since then a second version was released and a risk based approach was incorporated into the RA management life cycle, not just at its beginning, but as an integral part. This offers huge benefits to mature, RA-wise operators. In my meetings in 2011, I encountered many operators that were using or in the process of adopting and adapting this approach; some of them influenced by the material we developed at the TM Forum, others by developing similar methodologies in parallel (a strong indication   of the real need). The combination of Risk Management and RA is here to stay.

Quantification of the impact of RA

Almost every RA project department has to report what it contributes to the company. Some people think it is inappropriate, but I fail to understand why. Due to the lack of standardization RA professionals had to work hard, again and again, to create the metrics to show their contributions. This year, a lot of work has been put into creating a standard methodology. Last year I thought that this work would be concluded by 2011, but it did not; it is scheduled to be concluded in 2012 with a new set of recommendations by the TM Forum. The large number of people and companies that are taking part in this effort is a strong indication of the real need and expected adoption. Just to emphasize, the intention is not to develop a magic formula that will tell you how much RA contributed to a CSP, but to develop a set of well defined metrics, that can, and should be interpreted and given different levels of importance according to the realities of the different CSPs.

So, what I expect that will happen in 2012 is just more of the same…revolution. More standardization, more adoption of Risk based RA, better defined methods of impact measurements. Yes, in 2008 all this was still science fiction, and in 2012 it will simply be a continuation of the revolution that started in 2011.

I hope that everybody had a great 2011, and I wish everybody an even greater 2012.

Carrier IQ’s recent story is well known by now; the security researcher, Trevor Eckhart’s findings indicated that Carrier IQ’s device management software, which is pre-installed by several CSPs in different devices, collects a variety of information including logging user keystrokes (see his video here), and may send some of this sensitive information to CSPs.

Here you can find more information on how Carrier IQ functions on devices

Of course, there is a lot of controversy not only about the implications, but also about the facts themselves.

Carrier IQ claims:

“Our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video” …

“Consumers have a trusted relationship with operators and expect their personal information and privacy to be respected.  As a condition of its contracts with operators, Carrier IQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers’ networks or in our audited and customer-approved facilities”.

In an interview, Andrew Coward, Carrier IQ VP of marketing, says that the alleged log file shown in Trevor Eckhart’s video is unrelated to Carrier IQ and is due to a glitch in the handset manufacturer configuration (according to the Verge HTC). Dan Rosenberg, a security expert, supports this claim.  I am certainly in no position to decide what the reality is; is it just a glitch by HTC, or a common practice? However, it seems that the following points are agreed, as summarized by the Verge:

“It’s also important to note that CIQ’s software is still, in fact, listening to both keystrokes and SMS messages on many devices, though CIQ claims it does not log, store, or transmit them.”

“You should still be aware that CIQ does keep a temporary log file of its own. CIQ implied that it is stored in a specialized part of the phone’s memory and stated outright that it is not stored in plain text.”

And Dan Rosenberg adds that Carrier IQ keeps:

“logs full URLs with query parameters and other data of this nature”

From my narrow Revenue Intelligence perspective I have two unanswered questions: Was this data sent also while roaming, and, if so, who paid for it? It may very well be a very small amount of data, yet I personally would hate to pay for it. The second question is what was the amount of security applied to Carrier IQ log data? Did fraudsters and malware mange to take advantage of this data, e.g., could a malware instead of doing complex activities, just read the data from Carrier IQ logs? I do not yet know the answer to these questions, but they are certainly bothering me.

“What you don’t know won’t hurt you” might be correct in some situations, however, I am a big believer that, in business in general, and in Revenue Intelligence in particular, “If you can’t measure it you can’t manage it”. Measuring is essential to run our Revenue Assurance and Fraud Management activities.

Measuring can be overwhelming. Having too many Metrics, KPIs, and KRIs might result in the typical “not seeing the forest for the trees”. Let me select between having 2000 strategic level KPIs that give me 99% of the picture to having 20 KPIs that give me 85% of the picture, and I will always select the 20 KPIs. However, selecting a small set of KPIs that gives a large part of the picture is nontrivial. In the field of Revenue Assurance (RA) the TM Forum RA team did this work for you, and it offers a small set of strategic Revenue Assurance Standard KPIs (RASK).

In the last version of RASK (GB941-A version 3.5), two new KPIs for measuring overbilling were added. I consider this an important addition; from my point of view overbilling is more dangerous for the CSPs than under-billing. In under-billing you know exactly the amount you lost, in overbilling you are exposed to high penalties, loss of reputation, regulatory sanctions, etc., so the addition of these two new KPIs closes the gap in the previous version of RASK.

Having the right Metrics/KPIs and using them internally is important, but not enough. An important benefit of using RASK is the ability to benchmark with other CSPs that use exactly the same metrics. A recent survey, which included both TM Forum members and non-members, showed that 25% of the participating CSPs use RASK.

The TM forum provides the appropriate environment and performs yearly studies on RASK. Participants submit data using a web interface, and are also able to use the web interface to query their performance versus the rest of the industry or versus relevant segments (e.g., by CSP size or region). Even though this approach is very successful, it has some limitations. Submission of the data requires collecting it manually from several systems, calculating the actual values, and posting them manually. Manual work means dedicating resources for doing it and susceptibility to manual calculation errors. The result is a yearly report, not something live that is always up-to-date, and the comparisons reports are not visible in the “regular” operational system, dashboards, or reports. The TM Forum recently launched its Business Metrics Automation program. The idea is to enable operational tools (e.g. RA tools), to collect the metrics, report them automatically on a monthly basis to the TM Forum servers (highly secured), and to retrieve and query the industry information directly from the “regular” operational tool.

BMA is an important development for RA practitioners as it automates the calculation of RASK in existing RA tools, reducing the day to day effort needed for the calculations. It permits the user to automate the data submission and it will permit (in its next version) the retrieval of industry data from the TM Forum servers. The impact of the reduced required resources will be an increase in the RASK adoption, giving the industry data even more value. You can read more about BMA here.

Ending with a quote which is sometimes attributed to Albert Einstein and other times to William Bruce Cameron “Not everything that counts can be counted and not everything that can be counted counts”. I agree. It is difficult to disagree with Einstein, even though CREN reported that they were able to “generate” neutrinos that were faster than the speed of light which will require modification in the Einstein Theory, but this is another story. Back to our quote; please do not misinterpret it. There are things that count very much  and can be counted in our profession, so make sure you count/measure them. There are also many things that can be counted/measured that are irrelevant or have marginal importance to us, the Revenue Intelligence professionals. RASK helps to distinguish between these two groups, and BMA helps us to take more advantage from RASK with less effort.