What strategies should operators adopt to prevent telecoms fraud?
$38 billion. That’s how much telecoms fraud is costing the industry annually. Scams that originated from calls initially took the form of impersonators. But, says Graham Moore, product director at Telsis, over time as technology evolved – so did the perpetrators.
Today operators have to deal with increasingly sophisticated forms of telecoms fraud that is difficult to detect and prevent.
Hello, is it me you are looking for?
Interconnect agreements and international trading agreements are making it simple for criminals to receive their ill-gotten gains. One of the most serious and common types of telecom scams is International Revenue Share Fraud (IRSF). That’s when fraudsters make calls to international numbers and receive the revenues from those calls.
Revenues are obtained from the operator as part of a revenue share agreement or by hijacking the interconnect. Criminals favour IRSF as it is cross-border fraud. So, it is very difficult for payments to be stopped and for law enforcement agencies to co-ordinate efforts to disrupt the racket.
These are some of the common methods used to perpetrate IRSF:
- PBX hacking: New IP PBX phones offer an array of functions for enterprises, including remote management. However, poor passwords, software bugs and weak dial-in PIN codes make it all too easy for hackers to infiltrate and make calls.
- IP Device hacking: Criminals exploit home routers and poor security on WiFi connections etc. to hack devices and commit IRSF.
- Subscription fraud: Criminals use fake or stolen identities to obtain post-paid SIM cards. Sometimes dealers too have been in tow with fraudsters. This type of fraud can be exacerbated by using the card whilst roaming and initiating multiparty conferencing as it can take a considerable amount of time to detect the fraud.
- Stolen devices: The industry has taken steps to act fast and shut down stolen devices. Yet, criminals often target tourists as they could be unfamiliar with local law enforcement procedures.
- Account takeover: Fraudsters use methods such as phishing and masking their identity to hack VoIP accounts. They then lock the user out of the account and start making fraudulent calls.
- One ring: This is also known as Wangiri. Fraudsters trick consumers to calling a premium rate number. They do this by spoofing their CLI – the number that identifies the caller. They ring once and leave a missed call. Consumers ring back thinking it’s a genuine missed call. The fraudster then plays a ring tone to prolong the duration of the call – to maximise charges to the premium number.
Off the hook and scot-free
Some network operators detect fraud by performing retrospective statistical analysis of their Call Detail Records (CDRs). CDRs contain the communications data that pass through the network. It is historic information that operators use to detect scams when call volumes to certain destinations increase.
It can identify unusual call patterns such as a spike in overnight calls from a customer or identify unusual patterns of overlapping calls (for example multiparty conference calls). Once a fraud has been detected, operators can then configure their network to block subsequent calls.
CDR analysis is useful to block fraud – but that’s only after the scam has occurred and losses have been incurred. It’s a reactive approach.
Calling time on fraud
What’s more some CDR analysis tools used by operators process data only a few times a day and take several hours to detect fraud. This results in criminals being able to perpetrate their scam for a longer period of time without being noticed – especially when it is combined with roaming.
Even when a CDR highlights an incident, the processes of blocking fraud on the network requires manual input. This can be cumbersome and time consuming. That’s particularly damaging when it happens out of office hours.
Shrewd fraudsters have even modified their modus of operandi. As it takes longer for the operator to manually block fraud when it happens outside normal working hours, fraud peaks during evenings and weekends. To fight fraud effectively, CDR-based analysis tools just don’t cut the mustard. The industry needs to outfox the fraudster.
To stay one step ahead of scammers, fraud management tools are starting to integrate with network systems to automate the process of blocking fraudulent calls. Unlike CDR which looked at historic data, operators need technology that work in real-time. It needs to record details of call setups, durations and simultaneously perform lightning fast analysis of those calls to block and prevent IRSF from happening in the first place.
For Mobile Virtual Network Operators (MVNOs), fighting fraud can be especially challenging. That’s because they lack access to the network to gather valuable data. MVNOs who are subjected to subscription fraud can run up significant charges before detecting the fraud. And losses are compounded by the use of multiparty calling when each SIM can make up to six simultaneous calls. For an MVNO operating on low margins, fraud can be devastating.
To detect fraud, MVNOs need Near Real Time Roaming Data Exchange (NRTRDE) records. This data provides the insight required for the network provider to block any SIM cards that fail fraud checks.
Stop fraud in its tracks
Fighting fraud isn’t easy. It is estimated that fraud as a whole costs the UK up to £193 billion (US$ 241.64 billion) a year. And telecoms fraud is a microcosm of the global fight against fraud. Speed and collaboration is key when fighting any type of scam. Telecom network providers, MVNOs and industry associations must work swiftly, together and share information such as blacklisted numbers and intelligence on scams to minimise fraud losses.
Rather than waiting for the fraudster to strike first, operators must outflank them. CDR-based tools that only act after the crime has been committed feels like a ‘crying over spilt milk’ approach. It is not fit for purpose to meet today’s multi-device always-connected telecoms industry. Operators must take pre-emptive action and proactively block fraud. It might sound clichéd but time is money and every second counts when it comes to fighting fraud.
The author of this blog is Graham Moore, product director, Telsis
Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus