Can you trust your integrator with Fraud Analysis?

As some of you know, over the past 9 months, I’ve been heavily involved in the establishment of Humbug. For those who may not know, Humbug is a Call Analytics and Fraud Analysis SAAS. Now, differing from many of the current telephony SAAS projects, we are not based on Amazon EC2 or some other public cloud infrastructure, we build our own cloud environment. Why do we build our own cloud? simple, we need to keep your data secured and confidential. At Humbug, we see ourselves as a cross between Google Analytics – in our ability to analyze and handle data and Verisign – in our security and confidentiality requirements and methodologies.

Question be asked, why do people trust Verisign to provide SSL certificates around the world. What makes Verisign’s CA better than a privately owned CA – the answer is simple, it’s a third party 2 entities can entrust at the same time. Humbug aims to provide the same lever of trust, simply because we regard your data as sacred and valuable.

Since about 2 months ago, we’ve been contacting various Asterisk integrators around the world, inviting them to evaluate Humbug services. Now, while some integrators and vendors were somewhat reluctant, others were more than happy to join. We now have over 250 monitored systems around the world, with system being monitored and analyzed in Israel, USA, UK, Brazil and more.

The thing that amazed me in regards to some of the integrators who decided not to participate was that they claimed: “we provide our customers our own brew of fraud analysis service, we don’t require your SAAS”. Now, while I can accept the fact that an integrator would offer such a SAAS as an in-house service, I can’t see why a customer would rely on these services. In my view, relying on your integrator to provide fraud analysis services is like relying on the integrator of your alarm system to provide hired guard services – it just doesn’t make any sense to me. Why doesn’t it make sense? in Hebrew we say: “Go prove that you have a sister”. Imagine that your PBX integrator offer you such a service, then, in some obscure manner, your PBX gets hijacked and you get slammed with 50K$ worth of phone calls to Somalia. Now, your integrator would say: “Hmmmmm… that’s odd, we didn’t even get those CDR events to our system… you really got hacked bad…” – sure, if you only rely on CDR records to do your analysis (which is what 99.9% of integrators do). There is much much much much more to fraud analysis than just CDR analysis – if it all began and finished with CDR analysis, then by far Cvidya, Verint, NICE and many others would have been made redundant.

Allowing your integrator to provide you with fraud analysis SAAS is like putting the fox to guard the hen house, when things louse up (and they may), he’s the first one to bail out saying: “It’s not my fault”.

Humbug takes a totally different approach to fraud analysis, specifically, in the way we regards the various PBX systems and integrators. We are vendor agnostic and integrator agnostic – we will provide you with the clear and concise information you require in order to make an educated decision as to how you were de-frauded (if de-frauded) and provide you a faster alerting and response time. Our recent adventures had lowered our fraud alert response time from 60 minutes, down to 14 minutes in some cases. Most fraud analysis system carry a 24-36 hour turn around time, by that time, you can be out of 50K$ – our aim is to lower that number to no more than a 100$ in the worst case. Ambitious? yes, down right crazy? probably so, but we always say: “Aim for the moon, you’ll land on a star!” – so we know we’ll get there.

Asterisk, Greed and Revenue Shares

Revenue sharing is one of the oldest methods of earning profits, actually, I believe it may just be right up there with trading of goods and food. For those of you not in the know, I’ll explain what revenue sharing is:

  1. A content provider wishes to distribute a certain type of content – charging for it.
  2. The content provider has not ability to charge the consumers directly, thus he partners with another party – the transport maintainer.
  3. The transport maintainer charges the consumer, while keeping a certain percentage in his pocket.
  4. Everybody’s is happy.

In general, this model works really well in many markets – specifically those that are driven by unique content – for example the mobile content market (ringtones, screen savers, games, apps) – the Apple App store is a wonderful example of how this works.

In the telecom industry, the revenue shares business is very common – however, in many cases it is highly guarded as a secret – main reason is that now one wants anybody else to know how they do it. This hiding of information, usually results in some problems – as when there is hiding of information, only those in the know are able to access it. Those in the know are called “mediators” or in Herbew “Machers”. In this entire ordeal, the mediator also takes a small percentage – leaving the content provider with slightly less. So, now it looks like this:

  1. A content provider wishes to distribute a certain type of content – charging for it.
  2. The content provider has not ability to charge the consumers directly, thus he contacts a mediator to find him a transport partner.
  3. The mediator engages the prospective transport maintainer.
  4. The transport maintainer charges the consumer, while keeping a certain percentage in his pocket and passing some funds to the mediator as well.
  5. Everybody’s is happy.

So, if everybody’s so happy – why am I bitching about it? very simple – people are Greedy and always want more – putting the entire model into a frenzy. In order to give an example, let’s imagine the following scenario:

  1. Company A provides IVR based content utilizing Asterisk server, connected to the internet.
  2. The mediator engages a premium number company, getting the total revenue of 0.08$ for every inbound minute of traffic.
  3. The premium number company leaves 0.01$ in its pocket and also pays the mediator a fee of 0.01$ per minute.
  4. The content provider gets 0.06$ of the 0.08$ – 75% of the net profit goes to the content provider.
  5. Content provider says: “Hell, I want the mediators 0.01$ as well, and I think the premium company should only get 0.005$, so I would get 0.075$ at the end”
  6. Content provider contacts the premium provider and starts complaining
  7. Premium provider negotiates and strikes a deal for 0.07 to the content provider, leaving the premium provider with 0.005$ and the mediator with 0.005$
  8. Premium provider says: “I’m not making enough money on this, actually, I’m loosing money – I’ll find a better alternative service for that access number”
  9. Premium provider asks mediator to bring in a new customer, providing similar content – mediator has sure incentive here
  10. Premium provider gets new customer and transfers the access number to the new customer – returning back to previous profits
  11. Original content provider is left with no profits and only greed in his hands
Screenshot of a GPL screensaver
Image via Wikipedia

Over the past 10 years, I’ve seen this vicious cycle happen over and over and over again, in various formats and scenarios – but always ending in the same outcome – the content provider always suffers. If you’re a content provider and you provide IVR based services, let the people that provide you the access make their cut and the people in the middle, without them, you will have a service with no access – which means no service at all. Don’t go about thinking you can keep all the profits to yourself, you will break the equilibrium of this business, and eventually, no one will want to do business with you.

Reblog this post [with Zemanta]

Open Source, Philanthropy and Asterisk

Tux, the Linux mascot

Image via Wikipedia

When I started using Open Source software, it seemed like all Open Source projects are driven by philanthropic agendas. We were all focused on “sticking it to the man” – showing all these would be software vendors that community driven projects can do just as well – if not better.

"When I was a child I spoke as a child I 
understood as a child I thought as a child; 
but when I became a man I put away childish 
things." - I Cor. xiii. 11.

Well, I’m not claiming that Open Source is childish – absolutely not, however, when you are a student you tend to look at things in one way, when you have a family to care for – you start looking at things differently. You remember these days in life when your dad said: “When you’ll have children you will understand” – well, now I do.

So, what am I rambling about exactly? I’ll tell you. The day before Passover I attended several meetings, which when I came back home had pissed me off immensely. I feel an urge to write all about these meetings, including who I met exactly, however – I won’t do that. However, I will give a rough idea of these.

Meeting 1 : A world recognized Mobile application player

I came into the meeting with this company, where the CTO of the company explained to me that they are looking to create an Asterisk based solution for their application’s users. My initial question was: how many users? what is your concurrency level? – The answer that I got was: “Oh, we don’t need something major, just a few lines of configurations in Asterisk config files in order to make this work”.

I left the meeting slightly pissed off, thinking to myself: “You bloody inconsiderate prick! You bring me to a meeting, spend my time – and then telling me that this is just a few lines of configuration. If it is that simple, why don’t you do it yourself? you have 20 developers in there, 4 IT people and god knows how many outsourced workers off-shore – if it was that simple, you would have done it already – so probably it isn’t – right?”

Meeting 2 : A well established IVR services vendor

The second meeting was with a well established IVR content vendor, this company runs around 16M minutes of inbound IVR traffic every month. They invited me in order to talk about expanding into new countries, wishing to get premium based access numbers in various countries. So, we started talking, and the guy indicates that he wants a certain kick-back payout, which I know is impossible – at least without charging the user more. Actually, the guy indicated that out of the interconnect fee, he wants to get almost 90% as a kick back.

Meeting 3 : A start up rendering IVR content

The third meeting was the most amazing one – these guys wanted to build an Asterisk system to server around 4000 concurrent channels – outsource the entire development to my company – and pay as a revenue share. When I asked for their business model, marketing plan, investors, profiles – I got a response of – we don’t yet have all of these, we only have an idea at this point that we want to implement.

Garage based companies are built by people who can do the work themselves, not the other way around.

Photograph of Mark Shuttleworth by Martin Schm...
Image via Wikipedia

At this point, you are probably asking yourself: “What does this have to do with the title?” – Well, all of these meetings had one thing in common. The people I met were under the impression that Open Source is some form of philanthropy. Or to be more exact, people who deal with the Open Source market are philanthropists. My question is this: “Why are we perceived as philanthropists? don’t we have families to care for? don’t we need to pay mortgages and bills just like everybody else?”. I guess when people read about the various Open Source entrepreneurs, such as Mark Shuttleworth – the immediately associate Open Source with Big Exists – this is not the case.

At some level, this is purely our fault – we educated people that Open Source is a highly economical methodology of solving technical challenges. No where along the way, had we educated the public that behind the model there are people, people who need to make a living.

If you are an Open Source consultant, developer, evangelist or just someone who may have an opinion on this, I’d love to read what you say.

Reblog this post [with Zemanta]

Call Analytics – Closed Alpha testing group

Well, it’s been almost a month since I’ve started writing about the humbug project. Now, it’s time to actually get you people involved, at least in the initial levels. We are looking to add 10 additional members into the humbug call analytics suite. Currently available analytics during the alpha testing is inbound call analytics.

Our aim is to gather as much information as we can and as much user requests as we can, humbug is a community oriented project, thus it relies on community oriented input and feature requests. Participating members will  be granted access to the humbug analytics portal, allowing them to gather statistical information regarding their inbound call hits and their top ten DID numbers – we are working on additional statistics. As new stats will become available, we’ll role those out into the service as soon as possible.

In order to participate in the closed alpha testing, please send an email to alphatest at humbuglabs.org, and we’ll send you a short piece of dialplan code to insert into your Asterisk server. Technically speaking, we’ll send you a short AGI command that looks like this:

exten => _X.,n,AGI(agi://somehost/DataReceiver,some_unique_ident)

The above line needs to be inserted into any place you would like to generate call analytics from. We’ll also enclose configuration steps for FreePBX (and other FreePBX compatible distributions). We are hard at work for creating a FreePBX integrated module, so you can do a one-click install.

Reblog this post [with Zemanta]