Tier-1 Global Service Provider, LATAM
This global communication service provider (Global CSP) operates mobile networks in numerous countries spanning multiple continents where mobile infrastructure often outpaces or eclipses fixed network infrastructure. To date, approximately 90% of their market comprises prepaid customers and 10% are postpaid.
Prepaid users are price-sensitive consumers and churn is a constant concern. In 2014, Global CSP was the first in the region to differentiate prepaid services by introducing packages that bundled prepaid usage allowances with unlimited (i.e., zero rated) use of popular social apps such as Facebook, WhatsApp, Line, and Twitter. Zero-rating is powered by Allot Service Gateway which monitors each free application and zero-rates its bandwidth consumption in real time so that it is not charged against the customer’s prepaid data allowance. In fact, zero-rated apps can still be used, even when the data allowance is used up. The “Free Social” prepaid plans were initially trialed in only one country. Uptake was immediate and the service became quite popular in a very short time, gaining market share and revenue for the operator. Following this success, zero-rated services were launched in other countries as well. As the “Free Social” prepaid plans gained traction, the global CSP began to notice network utilization statistics that did not make sense. When reconciling the subscriber usage volume reported by GGSN systems with the subscriber usage volume from the billing system, they noticed significant volume discrepancies. The exceptions indicated that some customers who had used up their prepaid data allowance were still accessing the Internet free of charge. Apparently, the system failed to redirect some prepaid customers to the service portal to top us their allowance. In some countries, the discrepancy was more than 10% of usage volume, which translated to revenue loss of hundreds of thousands of dollars per month. The global CSP needed to find out why this was happening and stop the revenue leakage.
Allot’s comprehensive PCC solution enables the global CSP countries to mitigate fraudulent use as it occurs, and to prevent it from happening in the future. Let’s take a closer look at the fraud scenarios and how they are stopped.
Captive portal domain forging. When prepaid data allowance is used up, customers are redirected automatically to a captive portal where they can top up their allowance or purchase a new data plan. Redirection to a captive portal requires permission for operational protocols such as DNS, ICMP, and DHCP as well as the portal itself to be accessed by the prepaid user. Customers were taking advantage of this permission policy in two ways: either to tunnel traffic through the permitted protocols, or to forge their domain to be the operator captive portal using an IP proxy so they could “fool” the system and bypass data charges. Using these methods, fraudsters could purchase the most basic pay-as-you-go data plan, use up the allowance, and continue to access data free of charge! The global CSP has successfully stopped the fraud by configuring Allot’s captive portal function to validate redirected traffic and verify that the destination IP host is indeed one of the authorized captive portal server IPs. Allot policy was used to put a bandwidth limit on DNS/ICMP/DHCP/Windows OCSP protocols so tunneling could not be used to bypass data charges.
Zero-rated domain forging: Users of the operator’s prepaid “Free Facebook” plan are redirected to a dedicated portal where they can access a limited set of Facebook features called “Free Basics.” Some customers were using VPN anonymity tools to spoof the domain of the destination host in the HTTP header, making it look as if they were going to the Free Basics domain. This trick enabled fraudsters to get to other destinations and avoid data charges. The global CSP now employs a User Defined Signature to validate the host and referrer in the HTTP header. In addition Allot policy is used to block VPN and anonymity applications that are being used to perpetrate fraud.
Allot Policy Control & Charging solution powered by Allot Service Gateway Tera and Allot SMP for application-based charging and fraud prevention.