Industries such as retail, payments and financial services have been the obvious targets for cybercriminals for many years, writes Jason Lane-Sellers, the president of the Communications and Fraud Control Association (CFCA) and the director of solution consulting at ThreatMetrix.
As a result, organisations in these sectors have usually had a greater responsibility to increasingly harden their defences. As the majority of cybercriminals will take the path of least resistance, they are broadening their horizons at a time when many sectors – including telecommunications – are embracing a higher degree of digital transformation, and therefore are likely to hold increasing amounts of valuable data. From TV and internet to mobile phones and services, the rapidly-evolving telco sector is creating rich opportunities for cybercriminals looking to make easy money and unfortunately company losses are building up.
According to industry estimates, the annual cost of telco subscription fraud could exceed US$12 billion in 2018 meanwhile other estimates say that it could consume between 3% to 10% of operators’ bottom lines—suggesting potential losses close to US$20 billion.
The accelerating digitalisation of services to meet the “want-it-now” demands of today’s telecom consumer, as well as booming smart phone adoption around the world are the key drivers. Ironically, the very same technologies fueling telecom growth in today’s digital age are also making it easier than ever for cybercriminals to scam operators and their customers.
The rise of subscription fraud
Subscription fraud involves using stolen identity credentials like names, addresses, credit card info, social security numbers, usernames and passwords – usually purchased on the dark web thanks to data breaches – to open up new accounts, or to take over existing ones and acquire premium hardware like expensive smartphones to sell online, and post-paid service contracts they’ll use or resell while defaulting on the bill.
Financial services and others have spent years tackling these types of scams, so are fairly well protected, however it’s still relatively new to operators. The difficulty lies in finding a way to verify the true identity of customers and block fraudsters, without creating even 10-seconds of added friction which will increase the risk of losing both current and prospective customers in such a hyper-competitive market.
Global warning to all telcos
There has been an 800% increase in cyberattacks since 2015 across all industries, according to the Q1 2018 Cybercrime Report from ThreatMetrix. For an industry that’s prioritising automation, digitisation and a streamlined customer experience through mobile and online channels, this has dire implications.
Attempted fraud is outpacing legitimate transactions growth by 83% compared to Q1, 2016. In fact, even when taking established online retailers with the hardened defences into account, ecommerce transactions are now ten times riskier than those in financial services – which doesn’t bode well for telcos.
Meanwhile, the boom in mobile adoption has created fertile ground for fraud attacks from across the globe. Within the first three months of the year, cybercriminals launched around one billion bots designed to test login credentials, a growing number of which were targeting telcos, which just goes to show the challenge the industry is up against.
Digital identity for detecting and blocking fraudsters
Digital identity solutions aim to help telcos detect and block fraudsters signing up for new accounts using stolen identities in real-time, without creating any friction for the consumer.
Global device intelligence and behavioural analytics are leveraged by operators in order to perform a real-time assessment of every customer interaction, including payment transactions and account creation. The most important factor of such a solution is having global, crowdsourced identity intelligence that draws data from thousands of companies across various industries worldwide. This enables the detection of cybercriminals using stolen identity information as fast as their first attempt to login or create an account.
Mobile services at risk
Despite subscription fraud now accounting for up to 35-40% of all fraud in the industry, attacking mobile services has an added appeal for fraudsters – it can provide a gateway to launch further attacks, including on mobile banking. When considering the rapid growth in mobile banking adoption worldwide, this has terrifying implications.
The rapid digital transformation of the telecommunications industry across the world has created ample opportunity for fraudsters to capitalise on a sector that has only recently had to deal with the likes of subscription fraud and account takeovers. The very tools that are causing the digital evolution of the industry are also providing the gaps in security that fraudsters are exploiting, therefore it is crucial that operators put adequate defences in place before the rising losses cause irreparable damage.
