Gabriele Lieser



Cyber security and fraud prevention are hard. IT professionals are bearing high-level responsibilities and need to stay up-to-the-minute informed about the latest threat vectors criminals are employing in the field. Fortunately, the GSMA already provides useful tools and information with the Fraud and Security Group (FASG) and documents on best practice countermeasures. Follow us into the realms of the GSMA and get valuable insight how they help the mobile industry advance.

Yes, cyber security and fraud prevention are hard. Analysts and investigators are expected to vigilantly gain and maintain control of their threat landscape. But too often, current tools require a lot of manual consolidation and integration of massive amounts of threat data into security technologies, teams and processes. MNOs would rather leave the people in charge to prioritize their efforts based on business criticality instead of shredding valuable time and slowing detection by manual work.

In RoamsysNext Insights our experts share their views on extensive industry topics and possible solutions we can offer.

For a long time, roaming was one of the leading fraud facilitators because of the time delay until the charging records arrived at the home network (from four hours up to three days). Luckily, compared to 20 years ago, fraud managers today have practically 100% visibility of roaming traffic as they can feed their FMS with data all available in the home network. Data feeds and call records from the visited network are no longer necessary.
However, there is no all-inclusive platform to gather international fraud intelligence, so limited visibility of global fraud trends inevitably takes its toll. In a constant tug-of-war, fraudsters take their jobs as seriously as we do, and, on a permanent basis, they are as creative and innovative as we are. MNOs are also often unable to put a stop to the craft due to the lack of or delayed cross-border jurisdiction and limited hours of operation whilst a lot of fraud occurs outside office hours.

Unsatisfactory but budget-friendly? How much longer?

Fraud drains operators of millions of dollars in annual revenue and, for a long time, writing-off the loss proved to be an unsatisfactory but budget-friendlier practice than identifying and prosecuting perpetrators.
However, the wind of change is blowing, and there is no time to lose. Increasing challenges due to global developments, fast-declining ARPU (Average Revenue Per User) and profit margins, rising costs and competitive surroundings call for more strategic and proactive leadership against fraud.

hand holding a compass showing the way forward


For more than 30 years now, the telecom industry has come together and, since 1995, the GSMA represents the interests of mobile operators to governments and institutions worldwide. More than 750 operators with almost 400 companies in the broader mobile ecosystem, including mobile phone and device makers, software companies, equipment providers and internet companies, as well as organisations in neighboring industry sectors belong to the GSMA. Besides managing industry programs in collaboration with its members, the GSMA also handles industry working groups dealing with roaming and interconnection, fraud and security, and intellectual property.

FASG (Fraud and Security Group)

The Fraud and Security Group (FASG) is an amalgamation of the Fraud Forum and Security Group working subgroups in GSMA. Increasingly, fraud and security issues for mobile operators intertwined and these synergies led to the creation of the FASG to tackle these issues in a more holistic way. The mission of the Fraud and Security Group is to provide expertise and drive the industry’s management of fraud and security matters related to mobile technology, networks and services. FASG meetings take place three times per year in combination with conference calls in between.
Key topics include protecting customers against fraud, detecting and preventing fraudulent access to mobile services, identifying abuses of service terms & conditions, fast identification of fraud committed while roaming, mobile operator brand and reputational protection, minimising wholesale risks to mobile operators, NFV (Network Functions Virtualization) security, LTE (Long Term Evolution) network configuration and roaming security, 5G (Fifth Generation) security, infrastructure security and testing, interconnect signaling security, mobile malware, mobile device and application security, IoT (Internet of Things) security, UICC (Universal Integrated Circuit Card) security.

Best practice countermeasures

One of the FASG’s many responsibilities encompasses the assessment of the global fraud and security threat landscape and the suggestion of best practice countermeasures including guidelines for implementing screening policies, for example. Although some of the guidelines are for confidential use only and restricted to GSMA members, some of them are shared with other types of stakeholders (e.g. regulatory authorities). The most used guidelines for cyber security and fraud prevention include:
GSMA FF.21: Fraud Manual
GSMA FS.07: SS7 and SIGTRAN (Signal Transport) network security
GSMA FS.11: SS7 interconnect security monitoring and firewall guidelines
GSMA FS.19: Diameter interconnect security
GSMA FS.20: GPRS Tunnelling Protocol (GTP) security
GSMA IR.82: SS7 security network implementation guidelines
GSMA IR.88: LTE and EPC roaming guidelines
GSMA IR.77: Inter-operator IP backbone security requirements
GSMA IR.67: DNS and ENUM guidelines for service providers & GRX and IPX providers
TS 33.117, TS 33.116 or TS 33.250: Security assurance on critical nodes

people finding their way on a map

There’s a lot of work to do, let’s get to it

The recommendation documents mentioned above are living documents that evolve with the latest attacks and threat landscape. However, they are updated perhaps once or twice a year. In defending networks and subscribers from the latest attacks, operators must use current intelligence to feed into their processes and systems.
Already today, our tools simplify and validate the correct configuration of every roaming relevant network element. This helps MNOs to block any unwanted or unauthorized traffic with very little effort. It certainly is an easy-to-use application to increase efficiency, transparency, and enhance resource management, and we continuously optimize our applications to serve our customers even better. Likewise, we are increasingly keeping an eye on upgrading security aspects. Since we are experienced in developing the InfoCentre RAEX Tools application on behalf of the GSMA, our tools are fully compliant to GSMA requirements and can be most easily implemented and aligned to your specific needs. Talk to us, we will listen to you.

Gabriele Lieser joined RoamsysNext in 2020 as Customer Success Manager to strengthen the bonds with our increasing number of customers and to support the marketing team. Gabriele has a strong background in corporate sales. She studied at the Universities of Trier (Germany) and Manitoba (Canada) and is incorporated in the RoamsysNext Client Service team.

“The team is a crucial asset”

It has been an exciting year for RoamsysNext. And as 2023 is coming to an end, we took the opportunity to talk with CEO Michael Grasmück about the past year, the growing team that becomes more and more international, and the comeback of an industry institution.

Reporting at a glance: The RoamsysNext Dashboards

The RoamsysNext tools offer many reporting functionalities of which the dasboards play an important role. Learn more about using them in practice to identify bottlenecks, visualize your team's performance and bring a smile to your management's faces.

How to Stay Secure

What can MNOs do to stand up to the ever-growing tide of telecom fraud and protect their assets? Stay alert, use great tools, collaborate with other market players, and take the fight to the fraudsters.

Telecom Fraud Hurts

Telecom fraud is a rapidly growing area that has serious effects on national critical infrastructure (civil, healthcare, energy, agriculture...) and wider industrial processes.

  • RMX_Insights_Template21

How to Choose a Signaling Firewall Wisely

In times of global turbulences and increasing fraud attacks the decision for a sophisticated signaling firewall becomes more and more a priority. Some general considerations help to narrow down the choice.

Two-Factor Authentication rules!

For some time now, we have introduced 2FA and have contributed our share to provide more secure access to our tools. Norbert Becker, Head of Software Development, picks up the thread and provides engaging insights into his area of responsibility.

  • RoamsysNext Insights - Wholesale Roaming Manager

Introducing: The RoamsysNext Wholesale Roaming Manager

The RoamsysNext Wholesale Roaming Manager provides powerful collaboration and reporting tools for all roaming partner relationships by converging everything from service openings to the user’s roaming footprint, test SIM cards and tariffs, document and contact management.

We’re in this together

In the second part of our interview with Alexandre De Oliveira, POST Luxembourg Cyberforce, he highlights major pain points in fraud detection and stresses the importance of global information sharing via the GSMA T-ISAC initiative.

Mastering today’s Fraud Landscape

Learn how Alexandre De Oliveira’s team at POST Luxembourg Cyberforce is mastering today’s fraud landscape with penetration tests, security assessments, the Telecom Intrusion Detection System (TIDS) and the Telecom Security Scanner (TSS).

How to avoid configuration errors

Hardening the network is a good way to get configuration errors under control. Introducing smart firewall rules and consistently updating these rules can be very time-consuming, but it’s a crucial measure to be taken.

  • RoamsysNext Insights 9: Interview with Hendrik Hoehndorf

Making a Stand against Fraud

In an insightful interview, our CTO, Hendrik Hoehndorf, speaks about further GSMA initiatives on fraud detection and prevention such as the MISP (Malware Information Sharing Platform) and T-ISAC (Telecommunication Information Sharing and Analysis Centre).

  • RoamsysNext Insights

Let’s talk about data quality

Most fraud and security issues are caused by misconfigured network nodes. This article shows, how RoamsysNext treats this problem on their quest for data quality.