Online Telco Fraud Certification Training

Transcription

1 Online Telco Fraud Certification Training Telecom Fraud Academy 40-Hour Telecoms Fraud Training & Certification Event Telecom Fraud Academy September 2013 Monday - Friday / 4 hours per day Dubai: 3:30 PM - 7:30 PM Lagos: 12:30 PM - 4:30 PM Riyadh: 2:30 PM - 6:30 PM Cape Town: 1:30 PM - 5:30 PM Nairobi: 2:30 PM - 6:30 PM Learn more about GRAPA at SLOT A

2 GRAPA's Online Training Event for Fraud Professionals Certification Program Information Overview: GRAPA's Telco Fraud Specialist Training is a 40-hour class certification and workshop training event. Students will use GRAPA's online portal to complete each of the training classes to earn their certification. This event is designed to provide attendees with a new, innovative, and comprehensive approach to the professional practice of combating fraud in telecoms organizations as defined by the proposed GRAPA fraud standards, governance model, methodologies and framework. GRAPA's approach is exploit-library-driven, grounding fraud professionals in real-world risks and exposures. Program Objectives: Through step-by-step completion of the 40-hour course, this certification program will meet the following student learning objectives: Optimize your use of the FMS and add new categories of alarms for more comprehensive fraud protection Make the fraud protection and detection job more manageable Have more confidence that you are using the right techniques to defend your telco from major frauds Understand the biggest telecoms fraud risks, and build a strategy for end-to-end detection and deterrence Certification: Students who successfully complete the entire course (40 hours of training), pass certification tests, and have at least 6 months of verified work experience in telecoms to be awarded certification as a Telco Fraud Analyst (TFA). Who Should Attend: The primary audience for this Certification Training consists of telecoms fraud professionals. This includes those working with the fraud management system, internal auditors, forensic/investigative/law enforcement/legal professionals, logical and physical security specialists, finance and business risk professionals as well as key operational managers in sensitive domains (billing, network, accounting, sales, supply chain, procurement, etc.). Our Promise: Students who take the training seriously, participate enthusiastically in activities, and pass the certification exams will be able to perform all practical applications listed under each course description. Fraud Certification At-A-Glance Week 1 Units (4 hours each) Week 2 Units (4 hours each) Telecoms Fraud & Cyber Crime Standard Practices Fraud Management Systems & Criminal Forensic Systems Security Fundamentals for the Telecoms Voice Networks Security Fundamentals for Internet Networks Internet Cyber Crimes - Network Intrusion & Social Engineering Hacking Telecoms Systems - Network & Radio Side Intrusions Interconnect Settlement & Injection Frauds Interconnect Bypass, SIMBox & Diversion Frauds Roaming Fraud - IFRS, CAMEL & Credit Exploits Subscription Frauds, Customer Frauds & Credit Mgmt

3 TABLE OF CONTENTS Online Training Information p.01 p.02 p.03 p.03 p.04 p.04 p.05 p.05 p.06 p.06 p.07 p.07 p.08 p.09 p.10 p.11 The GRAPA Online Training & Certification Program The GRAPA Virtual Campus: Inside the Classroom Unit 1: Telecoms Fraud & Cyber Crime Standard Practices Unit 2: Fraud Management Systems (FMS) & Criminal Forensic Systems (CFS) Unit 3: Security Fundamentals for the Telecoms Voice Networks Unit 4: Internet-based Cyber Crimes - Network Intrusion & Social Engineering Unit 5: Security Fundamentals for Internet Networks Unit 6: Hacking Telecoms Systems - Network & Radio Side Intrusions Unit 7: Interconnect Settlement & Injection Frauds Unit 8: Interconnect Bypass, SIMBox & Diversion Frauds Unit 9: Roaming Frauds - IRSF, CAMEL & Credit Exploits Unit 10: Subscription Frauds, Customer Frauds & Credit Management GRAPA's FREE Online Training Weekly Previews FAQ: Your Questions Answered Why We Are Leaders About GRAPA

4 The GRAPA Online Training & Certification Program GRAPA: The Benchmark in World-Class Training & Certification for Telecommunications Risk Management Professionals Since 2007, GRAPA is the industry s best resource for the training and certification for: Revenue Assurance Professionals Fraud Management Professionals Finance Professioanals The GRAPA Training Advantage What will I get from this training? A new perspective on my role as a fraud and security specialist inside of telecoms A clear, 360 degree perspective on the full depth and breadth of Telcoms Fraud and Cyber Security Familiarity with best (and worst) practices from other practitioners around the world Hear from other practicing professionals about their experiences with fraud and cyber security issues A structured, repeatable, scientific approach to the practice of fraud management and cyber security in telecoms What will I learn about? GRAPA Standard Methodology for case management The key role of the Fraud Management System Better ways to get the entire organization involved in Fraud and Cyber Security efforts Industry standard KPI and Measurement techniques How will my job improve? More Confidence in myself and the job I'm doing Recognition of my expertise from my co-workers and peers Management recognition of my skills and knowledge level Proven techniques for the expansion of the scope of the Fraud Management Team Better understanding of my role in the overall organization What will my company gain? Better and more efficient Fraud Management operations Motivation and organization of the fraud and cyber security functions p. 01

5 GRAPA Virtual Campus: Inside the Classroom The Curriculum GRAPA s Online Training Programs were developed over years of experimentation and benchmarking. These exclusive programs have proven to be highly successful at notably increasing student s mastery of the curriculum s key concepts but that only happens when the program is followed as designed. Our unique style of teaching and the way courses are organized and presented evolved through much trial and error, but mainly through the experiences shared by our members. The Classroom Environment The key to GRAPA Online Training Programs is the learning environment. This is not a passive training video. Our classes are as close as possible to a one-on-one experience between the student and the teacher and interactions and observations of other students. Each session is effectively engineered to make the material both engaging and digestible. The Primary Goal GRAPA training courses cover an incredible amount of material with many complex and multidimensional topics. Student will learn the material and complete the program with a clear understanding of the concepts addressed and real-life solutions for resolving related issues on the job. Security & Integrity GRAPA training courses cover an incredible amount of material with many complex and multidimensional topics. Student will learn the material and complete the program with a clear understanding of the concepts addressed and real-life solutions for resolving related issues on the job. Non-Disclosure Agreement Students are required to sign a GRAPA Confidentiality Agreement which binds them and their companies to our nondisclosure policies. As most of our courses require additional security clearance, a background checks and use of both random and scheduled facial recognition of students will be implemented. Student & Computer Usage Student: A student is defined as one person, registered, and identified through an image procured via their webcam at the time of registration. A GRAPA student must also prove their employment at a legitimate telecommunication company and sign a GRAPA Confidentiality Agreement. Computer Usage: A student computer is to be used solely by that registered student throughout the training program. Sharing of a student computer (allowing others to watch along with you ), sharing GRAPA passwords or substituting another person in place of the student is not allowed. These student and computer usage policies are verified through random spot checks of facial recognition via the student's webcam. Facial recognition is authenticated against student images acquired at the time of registration. Student Authentication & Verification GRAPA s security measures include and require that the student s image be acquired at registration via their computer webcam. That student image will be matched daily with live webcam checks (scheduled and random) to verify daily attendance. IP reverse trace and webcam facilities checks will be used for location verification. Student computer must have a webcam active and available for viewing of their face and environment at all times during the training event. Student Authentication & Verification It is illegal to record, recreate or redistribute ANY GRAPA class recordings or GRAPA training material. GRAPA materials are intended for registered student viewing and participation only. Any duplication or distribution will be subject to legal prosecution. GRAPA Statements and Policies are designed to obtain the security clearance necessary to provide training for many of our larger telecoms customers while protecting the integrity of our programs for our regulators and audit firms, who both attend and certify our training environment. p. 02

6 Fraud Fundamentals & Management Unit 1 - Telecoms Fraud & Cyber Crime Standard Practices Industry Standard Approach & Methodologies This unit provides the student with a comprehensive overview of Telecommunications Fraud Management and Cyber Crime Prevention as unique disciplines. While most industries have a fraud management function and are vulnerable to cyber crime, the complex telecoms technologies, business models and operational environments require specialized Fraud Management and Cyber Crime professionals with unique skills and knowledge requirements. Discussion of GRAPA's standards-based framework and approaches to telecoms fraud management and cyber crime: the FISHbone methodology, Incident Management Lifecycle, Situational Profiling, Fraudster Profiling, Behavior Profiling, Juristictional analysis and others. Unit Learning Objectives Students who have the following specific training objectives should participate in this unit I want a consistent approach to finding and preventing frauds I want to perform fraud forensics in line with industry standard methods I want to improve my fraudster profiling techniques I want to better explain to management what it means to be a fraud professional and get more appreciation for the job I am doing I want to develop the skill set I need to be more successful at detecting and preventing frauds Unit 2 - Fraud Management Systems (FMS) & Criminal Forensic Systems (CFS) Maximizing Fraud Management System Value and Efficiency Learn the key functions and uses of fraud management and criminal forensic systems, what they are, how they are used, functionality, differences and comparisons between key vendors/software, how to buy a system, what to look for, how to benchmark different software/hardware configurations to fit your environment. Application of advanced methods to the running of a fraud management system, including the use of advanced statistical analysis, neural networks, regression analysis, as well as key considerations in calibrating alarms, balancing false positives with detection objectives, demarcating responsibilities and KPIs for fraud analysts. Setting requirements, using and maintaining criminal forensic systems, including databases of metadata, pen registers, CDRs, legal intercept/wiretap systems, etc. to answer law enforcement inquiries and assist in investigations of criminal and national security cases. Unit Learning Objectives Students who have the following specific training objectives should participate in this unit: I want to optimize my current fraud management system and set more alarms to find more frauds I want to know what to look for/requirements for a new FMS I want to utilize a data warehouse to generate alarms that my FMS cannot do I want to improve how I perform fraud forensics and feel confident that I am getting the best ROI for my FMS and Data Warehouse p. 03

7 Voice & Internet Frauds, Controls & Security Unit 3 - Security Fundamentals for the Telecoms Voice Networks (Pssst...You Cannot Secure Your Telco Without This Information) Get an overview of the OSS/Network environment specifically designed to meet the need of fraud and security professionals, as well as law enforcement, national security, judicial and regulatory personnel. Students will learn to deal with the technical environment from a business perspective, focusing on Authentication, Authorization and Accounting - specifically the production of transaction records and CDRs, as well as guarding against exposures in the physical and logical architectures Unit Learning Objectives Students who have the following specific training objectives should participate in this unit I want to stop theft of service on my voice network I want to stop fraudsters from taking advantage of my voice network I want to improve my techniques for finding the vulnerabilities in my network I want to understand how my organization's network can become a playground for fraudsters and how to improve security Unit 4 - Internet-based Cyber Crimes - Network Intrusion & Social Engineering Protecting Customers, Society and The Telco See how Fraudsters break into IP-based and cloud environments and how you can protect against it. Learn about phishing, zero day vulnerability attacks, VPN hacks, SQL Injection, Denial of Service Attacks, (windows, linux, website, , methods of incursion and fraud). See how fraudsters hack a PC, break a wifi encryption, and learn what you need to protect against it. Unit Learning Objectives Students who have the following specific training objectives should participate in this unit I want to stop fraudsters and hackers from taking advantage of my IP network I want to feel confident in the security I have built into my organization's Internet environment I want to improve my forensics techniques for finding the vulnerabilities in my IP-network p. 04

8 Network Protection & Cyber Crime Unit 5 - Security Fundamentals for Internet Networks IP Fundamentals for the Fraud Analyst This unit provides fraud, security and criminal investigation professionals with an overview of the fundamental principles of operation, security and protection of IP based and cloud services. This unit is prerequisite to anyone attempting to understand and secure Internet Services, GPRS, UMTS, LTE, IMS, Cable, Satellite, IPTV, VPN or any of the services based upon the IP architecture. This unit provides students with a comprehensive understanding of the practical implementation of AAA (authentication, authorization and accounting) controls for all IP environments. Unit Learning Objectives Students who have the following specific training objectives should participate in this unit: I want to understand enough about the new Internet-based technology that I can secure the IP network from major frauds I want to know the new fraud exposures that come with migrating to an Internet business model I want to secure the Internet network environments Unit 6 - Hacking Telecoms Systems - Network & Radio Side Intrusions Traditional Telecom Hacks & Modern Wireless Fraud Protection Learn how fraudsters perform theft of service, denial of service, and averse accessory fraud. See how they can manipulate internal reference data/databases and compromise junctions/gateways, tee-ins, and signal intercepts. Learn about breaking GSM encryption, SS7 traffic spoofing, SIM clones, handset attacks. Unit Learning Objectives Students who have the following specific training objectives should participate in this unit: I want to prevent theft of service and adverse accessory fraud in my organizations I want to understand how fraudsters can take advantage of my radio network and what controls I can put in place to prevent this activity I want to understand the details of the most costly Radio-side frauds and become my organization's expert for methods of detection and deterrence p. 05

9 Interconnect & Bypass Frauds Unit 7 - Interconnect Settlement & Injection Frauds PBX, Trunk Group, Tap-In, Collusion Securing the Interconnect Environment In this unit we examining key operational, commercial and technical security concerns in the interconnect/long distance/international calling environment. We review how partners, internal fraudsters, and professional criminal gangs exploit the complexity of the technical and commercial environment to defraud the telco, potentially leading to large cash losses within very short windows of time. Even more frightening, thse often go undetected for months or years. Unit Learning Objectives Students who have the following specific training objectives should participate in this unit I want to stop my organization from getting hit with a major Interconnect Fraud I want to make sure my interconnect environment has the controls in place to protect against major fraud exploits I want to be confident that my organization has strong fraud defenses against PBX and Trunk Group Frauds Unit 8 - Interconnect Bypass, SIMBox & Diversion Frauds Traffic, Piracy, SS7 Hack, Wangiri Fight Traffic Piracy Detailed coverage of how interconnect traffic is diverted and hijacked in order to deprive operators of legal revenue. Special focus of SIMbox detection and prevention, as well as identifying key culprits and means of addressing bypass in a rationalized, cost-effective way. Discussion of other forms of traffic piracy, including spoofing of SS7 traffic, A-num scrubbing, etc. used to defraud operators. Unit Learning Objectives Students who have the following specific training objectives should participate in this unit: I want to understand how my traffic is diverted from my network and how to secure my interconnect environment I want to know how to modify FMS alarms to more quickly and accurately find cases of Bypass Fraud I want a cost effective solution to addressing Bypass & SIMBox frauds I want understand how fraudsters hack my SS7 network and utlize controls to prevent these attacks p. 06

10 Interconnect & Bypass Frauds Unit 9 - Roaming Frauds - IRSF, CAMEL & Credit Exploits Securing the Roaming Environment In this unit we tackle frauds in the roaming environment. Often extremely costly, these are some of the most complicated frauds in one of the most complex telecoms Lines of Business - especially those that have to do with the use of premium rate numbers or International Revenue Share Fraud (IRSF). Extensive focus on other roaming frauds involving partner mis-conduct and evolving frauds exploiting vulnerabilities in the prepaid CAMEL roaming architecture. Unit Learning Objectives Students who have the following specific training objectives should participate in this unit I want to make sure I am not missing large roaming frauds that could occur in my organization I want to understand how fraudsters commit IRSF and premium rate fraud so I can build a strategy to defend against these exploits I want to know how to leverage logical security standards to add an additional layer of security around my CAMEL roaming environment Unit 10 - Subscription Frauds, Customer Frauds & Credit Management This Represents 80% of Most Fraud Analysts' Time and Attention! Understand how fraudsters exploit customer identities, trick point of sale staff, generate false traffic, run premium rate exploits, perform call sells, and more. Learn the controls needed at the Point of Sale, in Network, at Billing, and over Marketing for new rate plans to prevent these fraudulent activities. Also, learn to utilize a fraud management system and fraud data warehouse to detect these frauds early. Learn the credit management lifecycle and the critical role of the FMS in containing credit risk and preventing bad debt (including leased line frauds). Unit Learning Objectives Students who have the following specific training objectives should participate in this unit I want to set better alarms to catch and prevent customer credit frauds I want to improve my ability to detect premium rate exploits I want to understand what I can do to stop major corporate frauds before they occur I want to know what patterns I should look for to catch point of sale frauds more quickly p. 07

11 GRAPA's Online Training FREE Previews One-Hour Complimentary Look Inside GRAPA's Virtual Classroom Join us for a complimentary preview of GRAPA's world-class online training! Periodically, we open our doors to those who want to see for themselves what GRAPA's Online Training looks like from the inside. If you, your team members or colleagues are contemplating pursuit of GRAPA certification or desire to learn more about this cost-effective way to train and certify in telco fraud or telecoms revenue assurance, attend one of these exclusive previews! Visit our webpage for the next scheduled preview date and time: ra-academy.org/revenue_assurance_courses/online-free-preview.html Join in... Here's what to expect inside the free online preview: Meet-&-Greet: introduce yourself and meet fellow colleagues from around the world Meet the Instructor Introduction to the Curriculum About this Program Key Program Ingredients Outline of the Class Special Tuition Discount Offer for Attendees! GRAPA Virtual Campus: How it Works Proven GRAPA Virtual Campus Teaching Approach: A convenient and focused training environment for student and manager Engage with Others Interaction is critical, but only when you want it. The GRAPA online training program allows students to decide how much interaction they want with instructors and peers. Comfortably Structured Our curriculum is comfortably structured for easy consumption. Students can readily absorb the information, keep pace and progress competently. The GRAPA Virtual Campus training delivers clear objectives, deadlines and deliverables - easy for students to know how they are doing. Instant Tracking The online grading and progress reports keep managers and students up-to-date on progress and any issues that might need to be addressed. Too Busy to Attend a Class? We Help Students "Find the Time" Sessions are scheduled live, just like a real classroom. Live sessions are organized into four-hour lecture units per day. This is the best way for people to cover the material quickly, and to interact with the teacher and other students along the way. p. 08

12 FAQ: Your Questions Answered Payment Terms, Special Discounts and Enrollment How Often Are the FREE Online Training Previews Held? Free previews are scheduled randomly for both our Revenue Assurance and Telecoms Fraud certificaton programs. Watch our website for dates and times: What does it Cost to Get My GRAPA Telecoms Fraud Certificate? GRAPA training is priced at $100 per class hour, but to make it affordable for your company, we offer a variety of discount programs: Standard GRAPA Discounts for 2013 Take advantage of a wide variety of training discounts! Students can mix and match any number of the programs listed below. Contact your Member Manager to see how many you can combine and get world-class trainng at your best price. But please note, these discounts do not apply if you choose the "Special Intro" discount for class preview attendees as stated above. - Bring a Buddy - Line of Business - Birds of a Feather -Regional - Early Payment - VIP - Alumni - Preferred Customer - Early Bird Registration -Standard Discounts Valid through: 30 August 2013 How to Pay for GRAPA Online Training Payment Options: We accept Electronic Funds Transfers (EFT) as well as VISA ~ Master Card ~ American Express Payment Terms: Unless company credit has been established, tuition is due in full by registration cut-off date. To apply for credit terms, please contact GRAPA's Finance Department at [email protected]. Students will not be allowed admission to the class unless full payment, a Purchase Order or official Letter of Intent is received. How to Enroll Enrolling for your GRAPA training is easy! Just contact your Member Manager who will guide you through the process of gathering the required attendance information and testing your computer equipment to assure that your online experience is the best it can be. From there, you will need to attend the Meet & Greet online session we hold the week prior to each training event. This helps you to know what to expect on the day class begins and for us to make sure your computer equipment is working correctly. I Want More Information About GRAPA You can read what our GRAPA Graduates have to say about how our training helped them improve their performance on the job and further their careers on our Alumni pages located on each of our academy websites: www. ra-academy.org and Visit our sites for more information about GRAPA or contact your Member Manager today! p. 09

13 Why We are the Leaders in Training Telco Professionals Around the Globe Join the leading provider of fraud-focused certification training events. Featuring exclusive presentations, real-world examples of procedures, solutions, and strategies that have effectively reduced fraud issues for telcos around the world. After three years of providing best-in-class certification and training workshops to hundreds of telecoms risk professionals around the globe, we are pleased to announce our improved course offering. Depth of knowledge The topics and examples are narrow and deep rather than broad and vague, presenting you with focused, highly targeted information that adds real value. Tailored content Training is adjusted to align the needs of the students to the available material. Students are asked to fill out GRAPA Benchmark Surveys to determine the level and nature of the training required. The survey results help us determine how well you know your own systems, and provide clues about what you need help with. The principles and practices taught are also applied to cable, satellite, wireless voice, SMS, MMS, IPTV, and MMDS with equal conviction, detail, and effectiveness. Relevancy Class material is based on the foundations of GRAPA. GRAPA members from every geography, type of carrier, major type of technology, and carriers of all sizes review and approve these standard approaches. The material serves as the foundation for an industry standard approach that is applicable to everyone, and yet easily focused to the needs of specific subaudiences. Based on real-world situations The majority of the training is experiencebased standard practices in revenue assurance, harvested from the many revenue assurance professionals who participate in practices surveys, strategy sessions, and other information-sharing events. Clear, specific deliverables are provided that apply to real-world situations. The material is never based on speculation, guesses, or unvalidated information. Interactive The workshops are more than lecture sessions. RAA classes are participative and interactive and students are expected to proactively join in discussions, problem solve, and fill out benchmarks. Attendees have opportunity for much interaction with the instructor and other students. Lunch and breaks are devised to facilitate more intimate conversation. Professional development Students master vocabulary needed for creating a sense of professional identity and opportunities with other likeminded people in the industry that share common goals and issues. Louis Khor, known for his energetic, lively and enthusiastic presentations on Revenue Assurance and Fraud at industry events and conferences, brings that same motivational style to teaching what he loves most helping telecoms revenue professionals understand how uniquely positioned they are to affect the ongoing success and profitability of their organizations. Rob Mattison is a world-renowned expert in telecommunications and the revenue assurance industry He has 20+ years of hands-on industry experience. He is President of GRAPA and author of The Revenue Assurance Standards Edition, and of The Telco Revenue Assurance Handbook, which has become the authoritative guide for RA Managers at telecom firms around the world. Pamela Noriega has been GRAPA's Regional Chairperson for Latin America since Her background includes extensive experience is Finance, Risk Analysis and Project Management in several industries, including Banking and Telecommunications. She is the lead faculty for the South American region, and provides GRAPA Training in both English and Spanish. Detecting and deterring fraud with proven techniques and strategies p. 10

14 About GRAPA The Telco Fraud Academy is the exclusive fraud training organization of GRAPA. GRAPA has over 5000 registered members and has distributed more than 3500 copies of its 2009 standards book. The Telco Fraud Specialist curriculum is the Telco Fraud Academy's latest offering, providing revolutionary and relevant material. By offering events that combine benchmark development, sharing of standard practices and approaches, as well as delivery of workshops, the Telco Fraud Academy provides a unique and powerful venue for deployment of standard practices and rapid integration of those practices into the participating telco environments. We have conducted our training programs for dozens of carriers and services providers around the world. Our workshops are offered in public venues (attended by delegates from many operators and services providers, which promotes the sharing of practices) as well as onsite for a private, more personalized and focused training for a company s staff. Some of what makes our training so unique: 1. Based entirely on the GRAPA standards of professional revenue assurance practices 2. Taught by Louis Khor, Director of Research at GRAPA and the chief architect of GRAPA's Telco Fraud Certification Program 3. Focused heavily on practical experience, not theory Visit our website to read some great reviews from students who have attended our training: We schedule courses and venues based on demand, so please be sure to tell us if you are interested in a particular class and location. We only move forward with our planning if there is enough interest. To make these trainings happen we need commitment from a minimum number of delegates. Please refer to our website for specific policies. Telecom Fraud Academy For the most up-to-date list of upcoming events please visit our website: Telecom Fraud Academy Telco executives rave about the courses. "The course exceeded my expectations. I learned many methods to apply in the detection and control of fraud and revenue assurance. I am glad I participated in this course and I hope to apply every concept in my job. Thank you so much." Fraud Analyst, Honduras "Being recognized and certified by a well-respected group like GRAPA is really something very inspiring to continue my endeavor and passion in the field of protecting telcos in revenue leaks and frauds. GRAPA training and certification is a MUST to ALL Revenue Assurance and Fraud Management Professionals working in the Wireless as well in the Wireline Telco. This is, I think, the best organized body where professionals can acquire continuing learning in Revenue Assurance and Fraud Management." Senior Specialist-Financial Audit, Philippines Tel Fax [email protected] p. 11