Académique Documents
Professionnel Documents
Culture Documents
Rating
Billing Engine
SMS CDRs
partners (e.g., IDD unilateral/bilateral agreements and content services providers), roaming2 partners (data and/or voice), and Short Message Service (SMS) clearinghouses. These CDRs, unlike those generated internally, could be routed to either the mediation module for preprocessing or directly to the billing system. CDRs entering the billing engine first undergo the rating process; the actual billable amount is adjusted further according to the subscribed services and products.
Billing Process
A simplified billing process of a mobile operator is shown in figure 1. The raw CDRs generated from various network elements within the operator are sent to a centralized location, often referred to as a mediation module, for prebilling process. A prime function of the mediation module is to transform and clean raw CDRs and place them into a format acceptable by a billing engine. Apart from the internally generated CDRs, a mobile operator may also be required to obtain CDRs from its business
JOURNALONLINE
is for IDD calls only. Figure 2 illustrates the flow of both local and international voice calls. Figure 2Illustration of an Outgoing Call to Both Local and Overseas Destinations
Short Message Service The CDR of an SMS is generated and recorded in a network element called a Short Message Service center (SMSC). The SMSC provides a store and forward function delivering SMS messages to intended destination users when they are available. The SMS messages designated to networks of other fixed-line or mobile operators are routed to the respective SMS message partners or SMS clearinghouse(s) for further delivery. An SMS clearinghouse provides dedicated routing paths for a mobile operator to send/receive SMS messages to/from other telecommunication operators. Therefore, the mobile network operator can minimize both technical and business arrangements in operating SMS business. Figure 3 describes the SMS operation. Figure 3Illustration of SMS Routing Through an SMS Clearinghouse
The packet-based data transmission nature of GPRS distinguishes the data services billing mechanism from voice services that are charged mainly on duration of calls and time of day. Information being used for data service billing purposes may include volume, in terms of packet or byte count; transmission start and end times; applications; and types of content-related information. Typically, usage sources of data services are recorded at the Serving GPRS Support Note (SGSN)3 and the Gateway GPRS Support Node (GGSN).4 The information collected from the SGSN and the GGSN is first sent to a dedicated charging gateway (CG) prior to being forwarded to the mediation module. The CG makes a log entry, i.e., creates a CDR, whenever there is network activity on data being transferred, a change in the charging terms, an alteration in quality of service or if a data session ends. The main function of a CG is to collect CDRs from both the SSGN and GGSN, buffering and transferring CDRs to the mediation module of the billing system. Figure 5 is a simplified diagram of the GPRS architecture, demonstrating how CDRs are routed to the billing system. Figure 5A Simplified GPRS Network Diagram
Data Services The Global System for Mobile Communication (GSM), a second generation (2G) network, has a maximum data speed of 9.6 kilobits per second (Kbps) and is based on circuitswitching technology. The General Packet Radio Service (GPRS) 2.5-gigabyte network architecture is the foundation for mobile operators that offer high-speed data services. The progression of GPRS infrastructure allows enhanced data rates for GSM Evolution (EDGE) technology to offer data rates up to 384 Kbps, while a data rate up to 2 Megabits per second (Mbps) can be achieved in 3G mobile networks. Selected data services are listed in figure 4.
2
Audit Considerations
The major audit considerations for CDRs include routing path selection, CDR reconciliation, filtering rules maintenance and logical protection. Routing Path Selection As mentioned in the previous sections on voice services and SMS, a mobile operator requires connectivity to other telecommunications providers when routing IDD calls through MSC/ITG and SMS through SMSC. A mobile operator often connects to more than one counterpart for reasons associated with costing, contingency requirements and availability of
JOURNALONLINE
services within particular regions. Due to strong competition within the telecommunications industry, an operator might want to maintain a versatile routing-path-selection procedure, which can assist in lowering the running costs wherever possible. In this respect, an auditor could explore internal control questions (ICQs) related to the routing-path-selection criteria controls in making a change, availability and protection of an audit trail, and validity of business arrangements with the counterparts. CDR Reconciliation CDRs between various network elements and billing engines should be compared and reconciled on a regular basis, to identify any discrepancies, leading to the prevention of revenue leakages. Figure 6 identifies typical network elements involved in the CDR reconciliation process. Figure 6Network Elements for CDR Reconciliation
Service Type Voice SMS Data Typical Network Elements MSC, ITG, base station SMSC, SMS server Internet Protocol (IP) router, IP switch, SSGN, GGSN, CG, web server, wireless access point (WAP) server, ring tone server, content server
origination and format are expected to be compatible with defined business requirements, e.g., collection of CDRs from web content servers. System interfaces control of key network elements (e.g., MSC, ITG, SMSC, SSGN, GSGN, CG, mediation module). This should be well documented, and any modification on the system interface should be approved adequately. Filtering Rules Maintenance The correctness of filtering rules, i.e., programming of conditions according to predefined business requirements found in the mediation module, is the most important factor to ensure that appropriate and complete information is delivered to the billing engine for rating and calculation. It is necessary, for example, for the service type to be mapped accurately against the corresponding rate plan for correct billing. An assessment of filtering rules, such as types of service (e.g., voice, SMS, roaming, data), volume of data in content services, duration, source and destination (e.g., IP address, called number, calling number), commencing time and end time, and trunk ID (e.g., trunk assignment according to a different pricing zone), may require inspection of program logic and a determination of whether the programs would have any adverse effect on information. Furthermore, an auditor should determine the adequacy of change controls over filter rules and the retention management process of the CDRs prior to being filtered for future verification and/or regulatory purposes. Logical Protection The evaluation of network-level logical controls can be focused on the data services infrastructure, accessible by subscribers of a mobile operator. To this extent, typical information technology (IT) audit tasks could be carried out on network routers and switches, firewalls, domain name service machines, Dynamic Host Configuration Protocol (DHCP) servers, and intrusion detection/prevention systems. At the host level, an auditor may access the adequacy of protection on critical network elements including ITG, MSC, CG, mediation module, GGSN, SGSN, SMSC, billing engine, home location register (HLR)6 and visitor location register (VLR)7 from unauthorized access and/or configuration change. An auditor should be aware that, together, HLR and VLR maintain a list of authorized subscribers admissible to a mobile operators infrastructure, so an inspection of the integrity of the database and its modification process would be a useful task to perform.
It can be seen from figure 6 that many network elements are involved in data services, and, therefore, the reconciliation of CDRs is complicated. In addition, the CDRs among the network elements within a mobile operator are required to be reconciled. The mobile operator is required to settle and approve CDRs with its business partners, including other telecom carriers, SMS clearinghouses, roaming partners, content service providers and mobile virtual network operators (MVNOs).5 A mobile operators reconciliation process must be adaptable enough to accommodate the complexity of technology and the need for prompt response to emerging business requirements. A new type of service offering, a change in charging mechanism by a content service provider, a replacement of a network element with that of a different manufacturer, a delay in the scheduled delivery of CDR files from roaming partners, or newly imposed pricing schemes of the IDD service carriers could all have various degrees of impact on reconciliation controls. It is, therefore, possible to find mobile operators accepting a certain level of discrepancy/loss in their CDRs instead of extending resources and efforts to ensure the necessary controls. In evaluating potential revenue leakages or frauds that arise from deficiencies in the CDR reconciliation process, an auditor might examine the following areas: Segregation of duties between the operation of the network infrastructure and the reconciliation process. This is necessary to maintain the integrity and independence of the verification of CDR entries. Appropriateness and timeliness of CDR reconciliation testing. The scope of the test should be extensive in terms of the coverage and range of service agreed to by the internal parties and external counterparts. Alignment of business arrangements associated with CDR generation and collection establishments. The CDRs
JOURNALONLINE
Endnotes
Subex Azure, Operator Attitudes to Revenue Management Survey 2007, www.subexazure.com 2 According to the GSM Association, www.gsmworld.com/ roaming/index.shtml, roaming is the ability for a cellular customer to automatically make and receive voice calls, send and receive data, or access other services when traveling outside the geographical coverage area of the home network, by means of using a visited network. 3 SGSN is the node within the GSM infrastructure that sends and receives packet data to and from the mobile stations and keeps track of the mobile devices within its service area. It also performs functions including tracking a mobile device location, user verification and collection of information for billing. 4 GGSN is the node that interfaces to external public data networks, such as the Internet, and maintains necessary routing information to tunnel the data traffic to the SGSN. 5 MVNO is a mobile operator that does not own any radio frequency spectrum and usually does not maintain a mobile network infrastructure. Instead, an MVNO has a business arrangement with traditional mobile operators (e.g., those who process both the radio frequency and infrastructure) to buy minutes and services of use at a discount to sell to its own customers.
1
HLR is a database that maintains mobile subscriber information, e.g., international mobile subscriber identity (IMSI), service subscription information, service restrictions. 7 VLR is a database that contains temporary information about the mobile subscribers who are currently located in a given SMSC service area, but the HLR is located elsewhere. 8 Op cit, Subex Azure
6
Dale Johnstone is the chief security consultant for the Risk Management Group of PCCW Ltd. As an information security evangelist with more than 20 years of professional information security management and IT experience, Johnstone has been involved in various industry sectors including government, defense, law enforcement, finance, manufacturing, transportation and telecommunications. He maintains active memberships with a number of international standards bodies. He can be reached at dale.johnstone@pccw.com. Ellis Chung Yee Wong, CISA, CFE, CISSP is an IT audit manager in Hang Seng Bank of HSBC Group. He has focused on such areas as IT operations, IT security, auditing, risk assessments and investigation. He has experience in a number of industries, including finance, telecommunications and manufacturing. He can be reached at elliswong@hangseng.com.
Information Systems Control Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the Information Systems Control Journal. Opinions expressed in the Information Systems Control Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors employers, or the editors of this Journal. Information Systems Control Journal does not attest to the originality of authors' content. 2008 ISACA. All rights reserved. Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, Mass. 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25 per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited. www.isaca.org