FASG Chair David Rogers talks to members of the Fraud and Security Group about their backgrounds, careers, what brought them into the cyber security and fraud space and what advice they have for others who want to work in this world. In this interview, David talks to Katia Gonzalez, Head of Fraud and Security at BICS.
David: Thanks for taking the time to talk to us.
Could you tell us a little about your background?
After having graduated as a computer science engineer at a Spanish University, I spent some years in the supply chain sector before making the move to the telecom industry. I started working in Fraud Prevention and Security a little bit by accident, and I’m glad it happened.
How did you come to be involved in the mobile industry and more specifically in the area of fraud and security?
In the early 2000s, the mobile industry was booming, and I wanted to be part of it. After a few years working in the mobile business unit of the Belgian telecom incumbent operator Proximus (Belgacom at that time), I moved to the international wholesale carrier branch, BICS, to get a global view of the telecom business.
The interest in Fraud Prevention & Security came quite naturally:
Fraud was gaining traction as an increasing concern for operators and, at that time, there was no hint for a collaborative industry approach to fighting fraud. I have been trying to change this ever since. Wholesale carriers and IPX providers are essential when it comes to fighting fraud and developing security schemes.
This got well-understood quite quickly at BICS, and nowadays, the wholesale carriers are being more integrated both in fraud and security for the benefit of the telco ecosystem.
You are also involved in the I3Forum as Chair of the Fight Against Fraud workgroup. Could you tell us a little bit about that and the challenges you are taking on there?
I am lucky enough to be surrounded by a group of brilliant and motivated individuals that share a common goal: effectively fight fraud in a way that respects both the wholesale carrier and IPX provider business nature and provides tangible benefits to the industry.
Despite all this goodwill, it has been a long way to find the best approach and to agree on the implementation details of the solutions proposed as these touches the very core of our business and need investments.
It has also required perseverance to show the whole ecosystem that the proposals from i3Forum do benefit all the actors that genuinely wish to fight fraud.
It is very rewarding to work with this group of people, and I am proud of all our achievements.
Could you give some advice to people thinking of taking on leadership positions in this space or perhaps switching careers to fraud and security?
Be curious and do not be shy to ask questions and to bring out-of-the-box thinking onto the table.
There’s a lot on-the-build and it is the time for creativity!
This is in an ever-changing environment, with non-stop challenges where the outcome of any action (or lack of action ?) becomes immediately tangible: spam activity on subscribers, personal data leakage, revenue loss for operators, M2M transaction security breach, …
This is an environment that allows for the full expression of one’s capabilities.
And I can never say it loud enough: we need more women and more diversity in general!
How do you think the Covid-19 crisis is going to change the mobile industry’s approach to fraud and security management (if at all)?
We do not see an increase in the number of attacks, but what we do see is that the Covid-19 theme is exploited by criminals in their attacks to abuse individuals and businesses through spam and phishing attacks.
I believe that the Covid-19 crisis has accelerated the general awareness that fraud and security issues. It has also, once again, shown that criminals are incredibly fast and morph their tactics to exploit any situation in no time.
In a nutshell, we need resilient networks as well as efficient and flexible processes and firewalls.
What do think are the biggest fraud and security challenges facing the mobile industry in the next few years and how should we approach them?
From a technology perspective, 5G is expected to bring security by design, and this will be a big change. There is a lot of work being done throughout the industry to reach the right balance that will allow for a secured yet flexible & business-friendly ecosystem.
IoT and M2M interaction may increase the surface of the attacks, so it will be important to make sure we’re able to mitigate any fraud threat faster to avoid material impact. Speed and efficiency will be of the essence and again, IPX providers will have a key role to play in the ecosystem (eg. As authentication enablers).
Another area where we’re seeing improvements relates to the collaboration of the telco actors with law enforcement and NRAs. The level of collaboration varies from one region to the other, but there’s a general and very encouraging move that I believe will bring interesting benefits in the mid-term.
Exciting times ahead!
David: Thanks for sharing your insights Katia!
Katia: Thanks a lot for giving me the opportunity to do so ?
The FASG blog also aims to profile some of the people involved in our working group activities as part of our work to encourage participation in fraud and security in the mobile industry. Look out for more interviews in the future!
As Katia outlined, getting involved in mobile fraud management is typically not something that FASG members have prepared for with any formal training in this area. FASG provides its members, both new and experienced, with a forum to learn best practice and rapidly understand the latest fraud threats and variants, including those that have arisen due to Covid-19.
International transit carriers and IPX providers have an important role to play in managing mobile fraud and security. FASG is currently working with the i3Forum to investigate how CLI spoofing and other abuses of interconnect signalling can be globally addressed.
The fraud and security priorities that Katia has mentioned (5G security, IoT/M2M, law enforcement co-operation) are shared by many FASG members, and these subjects are frequently discussed at FASG meetings. 5G security in particular is a top priority for FASG, and the group’s 5G Security Task Force has several collaborative work items adopting the ‘secure by design’ approach.