How to conduct an automated fraud assessment of a value model

The e3tool software contains several examples of e3value models. In this tutorial, we will use the flat-rate service provision as a running example. A flat rate, also referred to as a flat fee or a linear rate, is a pricing structure that charges a single fixed fee for a service, regardless of usage (https://en.wikipedia.org/wiki/Flat_rate).
A simple value model of a flat-rate telephony contract can be found under the “Examples” menu.

Step 1: Create an e3value model

Fraud assessment requires a value model of the networked business model being assessed. Please refer to the tutorial on constructing value models for a brief introduction to the main concepts and basic model editor functionality.
Profitability and net present value analyses can be run on an e3value model (both available in the Tools menu). After the business model is fully understood, the next step is to assess the risk(s) that not all actors behave as expected.

Step 2: Generate and compare fraud scenarios

Clicking the “Fraud Generation” button in the Tools menu will open up a new window and automatically load the current model as a basis for fraud assessment. The fraud assessment module is able to generate potential fraud scenarios based on this model and some fraud generation settings

The main actor represents the actor in the model whose point of view we are taking (I. E. The only trusted actor), also called the Target of Assessment or ToA. Selecting the main actor is needed to define the concept of hidden transactions, introduced below, and to assist with ranking the possible fraud models according to the potential loss for the ToA.
A need to be parameterized. This is the need whose occurrence range will be used on the x-axis of the profitability charts. Furthermore, the average gain or loss across this range is used as the basis for sorting on gain or loss.
An occurrence rate interval for the selected need.

For this tutorial, launch the fraud generation module while having the “flat-rate” example open. Select “Provider A” as the main actor and the “Call” as the need to be parameterized. In the occurrence, range fields enter the estimated number of calls per month, e.g. 1-500. Finally, press the Generate button.
A list of generated scenarios appears in the center of the window. These scenarios are combinations of potentially fraudulent deviations: hidden transactions, non-occurring transactions, and collusions. A sub-ideal model may contain any number of hidden transactions and non-occurring transactions but only one collusion. The number of actors colluding is configurable. For more details on how scenarios are generated refer to the in-depth description of the e3fraud module.

Step 3a: Sort, filter and group fraud scenarios

Fraud causes a disruption in the financial result of one or more the actors involved.
This means that a fraud scenario should cause (1) a loss for the main actor and/or (2) a gain for some other actor.
As such, the tool allows ranking and filtering based on:

Loss, defined as the negative difference between the financial result of the main actor in the ideal case versus the sub-ideal case
Gain, defined as the positive difference between the financial result of any actor except the main actor in the ideal case versus the sub-ideal case

Furthermore, results can be grouped based on who is colluding with who.
Since each group is ranked independently, this allows investigating the riskiest way each pair or group of actors can collude.
For more details on how scenarios are sorted refer to the in-depth description of the e3fraud module.

Step 3b: Visualize and analyze fraud scenarios

Clicking on a scenario in the list will display its profitability chart as well as a preview of its value model.

The profitability charts (bottom-right) show how the evolution of the fraud and can be used to compare fraud scenarios with each other as well as with the ideal case, constructed in Step 1.
The preview (bottom-left) shows how the fraud impacts the original value model:
- Value transfers which do not take place and are marked using dashed lines. In the highest rated fraud scenarios of the flat rate example, the “Subscription Fee” transfer does not take place.
- Hidden transfers occurring between secondary actors, not involving the ToA and are marked using dotted lines. In the highest rated fraud scenario of the flat-rate example, a “Revenue Share” is being paid out by Provider B to User A for each call received.
- Colluding actors, which act as a single actor, pooling their budgets. This is represented using red highlighting. In the top rated fraud scenario of the flat-rate example, User A and User B are colluding.

These visualizations can be used to quantitatively assess and compare the impact of the risk (in terms of loss for the ToA), the likelihood of the risk (in terms of gain for secondary actors) as well as the evolution of these factors across a given usage range.

Step 3c: Edit fraud scenarios

Double-clicking the preview of any fraud scenario’s will open it in the editor. Here, the fraud models of fraud scenarios can be customized.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.