Tier-1 Global Service Provider, LATAM


Global CSP Grabs Mobile Data Market-Share with Zero-Rated Apps while Preventing Fraud and Revenue Leakage

About Tier 1 Global Service Provider in LATAM

This global communication service provider (Global CSP) operates mobile networks in numerous countries spanning multiple continents where mobile infrastructure often outpaces or eclipses fixed network infrastructure. To date, approximately 90% of their market comprises prepaid customers and 10% are postpaid.

The Challenge

Prepaid users are price-sensitive consumers and churn is a constant concern. In 2014, Global CSP was the first in the region to differentiate prepaid services by introducing packages that bundled prepaid usage allowances with unlimited (i.e., zero rated) use of popular social apps such as Facebook, WhatsApp, Line, and Twitter. Zero-rating is powered by Allot Service Gateway which monitors each free application and zero-rates its bandwidth consumption in real time so that it is not charged against the customer’s prepaid data allowance. In fact, zero-rated apps can still be used, even when the data allowance is used up. The “Free Social” prepaid plans were initially trialed in only one country. Uptake was immediate and the service became quite popular in a very short time, gaining market share and revenue for the operator. Following this success, zero-rated services were launched in other countries as well. As the “Free Social” prepaid plans gained traction, the global CSP began to notice network utilization statistics that did not make sense. When reconciling the subscriber usage volume reported by GGSN systems with the subscriber usage volume from the billing system, they noticed significant volume discrepancies. The exceptions indicated that some customers who had used up their prepaid data allowance were still accessing the Internet free of charge. Apparently, the system failed to redirect some prepaid customers to the service portal to top us their allowance. In some countries, the discrepancy was more than 10% of usage volume, which translated to revenue loss of hundreds of thousands of dollars per month. The global CSP needed to find out why this was happening and stop the revenue leakage.

Allot Solution

Originally, in addition to Allot Service Gateway, the different countries deployed Allot Smart Data Source in order to obtain accurate data records so they could analyze usage trends and online behavior that would help them identify different market segments and refine their zero-rated services offerings accordingly. Now they employed Allot Smart Data Source to discover why the redirect to captive portal wasn’t working as expected. A focused investigation revealed that some users were engaging in fraudulent practices that enabled them to bypass the top-up and other terms of use.

Allot’s comprehensive PCC solution enables the global CSP countries to mitigate fraudulent use as it occurs, and to prevent it from happening in the future. Let’s take a closer look at the fraud scenarios and how they are stopped.

Captive portal domain forging. When prepaid data allowance is used up, customers are redirected automatically to a captive portal where they can top up their allowance or purchase a new data plan. Redirection to a captive portal requires permission for operational protocols such as DNS, ICMP, and DHCP as well as the portal itself to be accessed by the prepaid user. Customers were taking advantage of this permission policy in two ways: either to tunnel traffic through the permitted protocols, or to forge their domain to be the operator captive portal using an IP proxy so they could “fool” the system and bypass data charges. Using these methods, fraudsters could purchase the most basic pay-as-you-go data plan, use up the allowance, and continue to access data free of charge! The global CSP has successfully stopped the fraud by configuring Allot’s captive portal function to validate redirected traffic and verify that the destination IP host is indeed one of the authorized captive portal server IPs. Allot policy was used to put a bandwidth limit on DNS/ICMP/DHCP/Windows OCSP protocols so tunneling could not be used to bypass data charges.

Zero-rated domain forging: Users of the operator’s prepaid “Free Facebook” plan are redirected to a dedicated portal where they can access a limited set of Facebook features called “Free Basics.” Some customers were using VPN anonymity tools to spoof the domain of the destination host in the HTTP header, making it look as if they were going to the Free Basics domain. This trick enabled fraudsters to get to other destinations and avoid data charges. The global CSP now employs a User Defined Signature to validate the host and referrer in the HTTP header. In addition Allot policy is used to block VPN and anonymity applications that are being used to perpetrate fraud.


  • Differentiate prepaid services and establish a migration path to postpaid services.
  • Stop revenue leakage caused by fraudulent use of zero-rated services.


Allot Policy Control & Charging solution powered by Allot Service Gateway Tera and Allot SMP for application-based charging and fraud prevention.


  • Differentiate prepaid service
  • Increase service uptake
  • Prevent charging fraud
  • Stop revenue leakage