1. Regional Telecommunications Workshop on FMRANS 2015 Presentation

2. ISSUES TO BE COVERED IN THE DISCUSSION  Fraud management and Revenue Assurance o Our Understanding of the subject matter o The Practice o Case studies o Lessons  Cyber Security o Our Understanding of the subject matter o The Practice o The environment o Lessons Learnt

3. ISSUES TO BE COVERED IN THE DISCUSSION Cont.…  Network Security o Our Understanding of the subject matter o The Practice o Case studies o Lessons

4. REVENUE ASSURANCE OUR UNDERSTANDING REVENUE ASSURANCE:- Is the use of data quality and process improvement methods to improve profits, revenues and cash flows without influencing demand KEY ISSUES  Use of data quality (Data gathering becomes an issue)  Process Improvement (Value chain)  Aimed at improving profits, Revenue and Cash flows  Without influencing Demand

5. TOOLS, HARDWARE AND SOFTWARE CONFIGURATION  Fraud Management system. IPProbes connected to the IP network (near real-time) IProbes- connected to the SS7 for real-time monitoring of PSTN (near-real-time)  Audit Analysis tools o ACL Analytics o IDEA Analytics o Excel platform for following up on trends and patterns.

6. FMS IN PRACTICE/ TOOLS, HARDWARE AND SOFTWARE CONFIGURATION  Collision and Velocity Rules (To monitor time and space inconsistences for the Wireless Voice network e.g. CDMA)  Behaviour Analysis Rules- to monitor radical changes in usage profile  Profile Rules to monitor “under the radar attacks” that occur over time  Real-time Rules to monitor calls as they occur (e.g. monitoring fast and furious frauds)  Multi-Service Rules (to monitor voice, ADSL on one subscriber)  New Subscribers Rules- to monitor behaviour of new clients

7. FRAUD INCIDENCES/ CASE STUDIES CASE 1: HACKING OF CUSTOMER IPBX  With the development of technology clients regardless of which service is engaged they are moving to IP-PBX.  IP based PBX have shown that they are vulnerable and susceptible to hacking considering that they are on line.  As technology is adopted clients are not taking adopting appropriate countermeasures with speed and this has resulted in hacking taking place.  The attacks are then picked through everyday profiling activities done for traffic directed to hot destinations.  The responsibility to ensure that last mile equipment connected is safe and free from any cyber vulnerabilities rests with clients who in most cases engage 3 rd parties for installations.

8. Fraud Reporting  There is a robust whistle blowing facility rewarding up to $2500 for major proved issues;  There is a Revenue Assurance Unit continuously profiling possible fraudulent activities;  There is a Forensic Services unit following up on areas of high fraud risks; and  Periodic Internal Audit Reviews REPORTING GOVERNANCE  All incidents investigated are then communicated to the Board through the Audit Committee of the board with clear action plans.

9. RESPONSE Inbuilt risk management in the revenue assurance field by;  Identify each system  What can go wrong/ how can the system be manipulated  How do you deal with the risk/ possible risk/ opportunity.  You can then develop the rule in the system/ use other means to verify the existence of the problem;  Come up with treatment strategies in consultation with responsible person, then  Monitor and evaluate for effectives.

10. CYBER SECURITY OUR UNDERSTANDING Cyber security refers to the technologies and processes designed to protect computers, networks and data from unauthorized access, vulnerabilities and attacks delivered via the Internet by cyber criminals. KEY ISSUES  Technologies designed to protect computers, networks and data  Processes designed to protect computers, network and data ;  Vulnerabilities and attacks delivered via the internet..

11. CYBER SECURITY- THE ENVIRONMENT  Over the past few months there has been an increase in cyber attacks/ online hacking locally and internationally.  Hackers typically steal an internet/ computer user’s information for various reasons including to commit fraud  In Zimbabwe, an average of 12 companies per month are subject to some form of cyber attack with the most common type of attack being website defacements.

12. PRACTICE The following approach has been adopted in dealing with Cyber attacks :-  Form part to the national team formulating cyber security policy and laws ( Draft stage)  Developed Cyber Security framework and Cyber Security Response Plan.  Carry out vulnerability assessments to ensure corrective action is taken.  Scan the international, Regional and National Cyber attacks with a view to understanding the method of operation. www.zone-h.orgwww.zone-h.org  Match method of operation to our own systems to ensure proactive action is taken.  Awareness training to members of staff.

13. PRACTICE

14. NETWORK SECURITY ISSUES Service uptime is affected by network vandalism as a result of  Criminal elements  Damage by other operators as they increase their network infrastructure.

15. COUNTER MEASURES  Have installed real time alarm systems on vulnerable route;  Established armed security reaction teams;  Continue to engage our industry counter parts on vandalism taking place during trenching;  Have intensified the reaction strategy with high prosecution success rate taking advantage of the newly enacted criminal law amendment Act that has a mandatory sentence of 10 years.  Carrying out awareness campaigns

16. Lessons  IP platforms have brought new threats to operations for operators.  Fraud cuts across networks  As organisations we are moving slowly in building capacity to deal with new and emerging threats.

17. Thank You