Category: (4) eTOM Process Type
Process Identifier: 1.7.2.3.2.2
Original Process Identifier: 1.3.2.3.2.2
Maturity Level: 4
This process is the ongoing activity of investigating, diagnosing, and implementing controls to both prevent fraud and minimize existing fraud impacts.
Fraud Analysis is comprised of a series of sub processes that act as guidelines for activities conducted by the analysis team. Each sub process is part of a linear flow that also includes feedback into action and support processes, as described below. 1. Alarm Assessment: As data processing triggers alarms of suspected fraud, the assessment activity is the first point at which initial triage of the alarm(s) is conducted. During the assessment, the analyst should determine, based on business rules, the initial validity of the alarm, a priority of the alarm (based on value, affected systems, or other criteria), and the appropriate team that would need to address the alarm (e.g., billing, wholesale partner, network, etc.). 2. Alarm Investigation: Once initial assessment has occurred, the alarm is then forwarded to an investigation activity that typically begins as an internal function. During investigation additional data may be accessed, scope of the issue may be ascertained, and an overall understanding of the issue will need to be achieved before determining whether the issue is, in fact, fraud. During this process initial actions may be invoked (e.g., disrupted service) to prevent further loss/risk prior to customer contact and/or fraud determination work. 3. Contact Customer: Once internal investigations have gathered all information available, a customer contact may be necessary to understand customer intention, validity of the subscriber, etc. This is the final process performed prior to reaching a fraud decision. If no customer is directly involved, this step may not be necessary (e.g., Dealer Fraud, Internal Fraud). 4. Fraud Determination: Once all information is collected from internal and external investigations, a fraud determination is made. If the decision is that the issue is not fraud, all investigative materials and findings are then passed onto the Fraud Actions process (1.2.3) for closure, and the Support process (1.3.3) for enhancement of rules and configurations to possibly avoid recurrence of this alarm condition. If the decision is that the issue is, in fact fraud, similar subsequent activities will occur: First, the issue is referred to the Fraud Actions (1.2.3) process to properly handle actions to stop the fraud, initiate collections and legal actions, etc. Second, all investigative materials and findings are then passed onto the Support process (1.3.3) for enhancement of rules and configurations to hotlists, blacklists, and any refinement needed to possibly capture the issue more rapidly. 5. Recording and Reporting: After the determination is made as fraud or not fraud, activities associated with the analysis are finally passed into recording of actions, and reporting of recoveries, time to capture and correct, and preventative actions now in process.
Reserved for future use.
Reserved for future use.
Reserved for future use.
Reserved for future use.
Reserved for future use.
Reserved for future use.
This was created from the Frameworx 16.0 Model