FASG (Fraud and Security Group)
The Fraud and Security Group (FASG) is an amalgamation of the Fraud Forum and Security Group working subgroups in GSMA. Increasingly, fraud and security issues for mobile operators intertwined and these synergies led to the creation of the FASG to tackle these issues in a more holistic way. The mission of the Fraud and Security Group is to provide expertise and drive the industry’s management of fraud and security matters related to mobile technology, networks and services. FASG meetings take place three times per year in combination with conference calls in between.
Key topics include protecting customers against fraud, detecting and preventing fraudulent access to mobile services, identifying abuses of service terms & conditions, fast identification of fraud committed while roaming, mobile operator brand and reputational protection, minimising wholesale risks to mobile operators, NFV (Network Functions Virtualization) security, LTE (Long Term Evolution) network configuration and roaming security, 5G (Fifth Generation) security, infrastructure security and testing, interconnect signaling security, mobile malware, mobile device and application security, IoT (Internet of Things) security, UICC (Universal Integrated Circuit Card) security.
One of the FASG’s many responsibilities encompasses the assessment of the global fraud and security threat landscape and the suggestion of best practice countermeasures including guidelines for implementing screening policies, for example. Although some of the guidelines are for confidential use only and restricted to GSMA members, some of them are shared with other types of stakeholders (e.g. regulatory authorities). The most used guidelines for cyber security and fraud prevention include:
GSMA FF.21: Fraud Manual
GSMA FS.07: SS7 and SIGTRAN (Signal Transport) network security
GSMA FS.11: SS7 interconnect security monitoring and firewall guidelines
GSMA FS.19: Diameter interconnect security
GSMA FS.20: GPRS Tunnelling Protocol (GTP) security
GSMA IR.82: SS7 security network implementation guidelines
GSMA IR.88: LTE and EPC roaming guidelines
GSMA IR.77: Inter-operator IP backbone security requirements
GSMA IR.67: DNS and ENUM guidelines for service providers & GRX and IPX providers
TS 33.117, TS 33.116 or TS 33.250: Security assurance on critical nodes