Category: Fraud Management

My first job with bell labs in 1985 was to work on an application called “automated building management”, a product for controlling the environment and security of large buildings. During an upgrade for a large corporation I trashed a rather sensitive memory board on the server and the application failed. That night the security guards guided hundreds of employees to their cars by flashlight as no one could remember where to find the light switch.

For many years I considered the staff of that building inept. How could they so easily lose control of the basic functions of the building? And then I discovered the Internet of things, smart devices, the smart home…

My first purchase was a Nest Smoke Detector that can email me when my house is on fire: presumably so I know there’s no point in coming home. I also bought the Nest Smart Thermostat because they could talk to each other – and you don’t want your smart devices to be lonely. The smoke detector (which is also a CO2 detector) can tell the thermostat to switch off the boiler if it detects carbon monoxide, which is actually quite clever.

Next, I spent 100s of pounds on smart light bulbs. I justified the purchase to Alison by saying we needed to learn this technology, or we wouldn’t know how to turn the lights on when we visited our grandchildren. At the time, we didn’t have any grandchildren, but you get the point. We don’t want to be behind our kids with technology.

Alison still believes these devices are there to spy on her… of course I spy on her, but that wasn’t the reason for buying them. My aim is simple: rather than having the smoke detector email me, it will ask the lights to light a red path to the back door and signal a smart lock to unlock the door. All that remains is to train Lottie (our dog) to follow the lights when they go red and open the door – then we won’t have to hide the matches when we go out for the evening without her.

I haven’t come close to my objective: Lottie has a real problem with the door handle. The real result is that I have lost control of our house…

I wasn’t home for the first incident, but Alison was. It turns out that the default position of my lights is on. In the past, if we had a short power cut in the middle of the night, we would be unaware until we saw the flashing clock on the cooker the next morning. Now, it turns out, when the power comes back on in the middle of the night, so do all the lights – full brightness – even the ones in the bedroom. Alison wasn’t pleased.

I relocated the bedroom lights, and, over time, Alison forgave me. But then, last Christmas, all the lights, everywhere in the house, randomly cycled through their colours. It took me most of the evening to find a cure. As it turns out I had programmed them, without realising, to do this when the space station flies over Houston. I’m sure this is useful to someone, but Alison didn’t see it that way.

I love technology, and I can see wonderful potential in smart technology. But in the home, most of these devices are just toys and they aren’t very smart… or maybe it’s me that’s not.

A work colleague recently asked me how fraud prevention grows alongside the evolution of technology. As a developer in a company offering a fraud management system, his interest was how we use new technology to improve our fight against fraud. In reality, it is usually the fraudster that is motivated by new technology and the fraud detection follows.

In my preteens in the UK, I learned how to make free calls from a coin-box by tapping the switch hook. When in-band signalling was introduced, a good whistler or a canary could make a free call, or you could use a Blue Box to generate the necessary signals more reliably. I wasn’t motivated by fraud: I was a lonely child, so it didn’t matter much whom I was connecting to. The “phone phreaks” making blue boxes weren’t motivated by fraud either, but new technology created opportunity.

Remember those manual switch boards operated by a nosey, condescending telephone operator like Ernestine (Lily Tomlin)? It was this primitive technology that motivated Almon Strowger to invent the automatic telephone exchange: not to improve efficiency, but because he believed the wife of his competitor (a telephone operator) was routing calls to her husband.

The electronic switch put paid to the unscrupulous telephone operator and out-of-band signalling put paid to the blue box (and probably a few canaries). But the opportunities for fraud grew with the technological evolution of the telephone network.

As PABX became more sophisticated, the switching environment was no longer protected by the telephone company, but in the hands of companies with no experience of telephony. Unaware of their need for rigorous security, PABX have long been a fruitful technology for fraudsters. You don’t have to wait long to hear about a new PABX hack and we’re still spending time looking for them.

Moving forward to more modern times, Voice over IP drove down the cost of building legitimate voice networks, but also provided the means for almost anyone to set-up as an operator to route traffic illegally, which sent us all looking for ways to identify SIM Boxes. One such method is to use test calls, which prompted fraudsters to use CDR analysis (the very domain of the FMS) to identify the test numbers.

Is it technology that improves our ability to detect fraud or technology that provides the opportunity for fraud? I think both, but it is usually the fraudster that benefits first.

We have always been aware that while, as an industry, our Fraud and Risk Managers are performing risk reviews, and planning and sharing intelligence to try and stay one step ahead of the fraudsters, those we are planning strategies against (ie. the fraudsters), are doing the same to try and stay ahead of us.

Fraudsters know when a CSP has improved its prevention and detection techniques, and so will move on to an easier target. Eventually they will find it difficult to keep finding easier targets, so will be forced to change their operating methods to counter the defence mechanisms being implemented.

For years, committing International Revenue Share Fraud (IRSF) has been based on targeting destinations where the call termination rates are highest, to maximise the fraudster’s earnings. However, the industry generally has become a lot more effective at identifying inflated traffic to these high-paying destinations, and in most cases, IRSF to them can be detected early and blocked.Start editing the text…

This is causing fraudsters to re-think their strategy, and many are now directing their IRSF calls to destinations that have traditionally been considered low risk. Their view is obviously that it is now in their interest to focus on lower-paying destinations in the knowledge that the originating carrier will, in most cases, take longer to detect this activity. So these fraudsters will continue to make reasonable money.

Read the white paper on this topic and learn more about this change in the fraudster’s modus operandi, and what you can do as a CSP to keep a step ahead of the game once again.

In 2017 alone, the CFCA estimated that US$29 billion was lost due to telecom fraud. Telecom fraud is four times larger than credit card fraud, yet it’s less often discussed in the media. Telecom companies need to protect themselves through the use of reliable telecom fraud management solutions, if they want to avoid costly surprises for their customers. Most telecom companies will see some level of fraudulent traffic – whether they are able to identify this traffic will depend on the tools at hand.

The True Cost of Telecom Fraud

Telecom fraud occurs when malicious attackers take advantage of the telecommunications system to complete calls or transactions that benefit them financially. Methods of telecom fraud vary considerably across the world, though scams are most often perpetrated by highly organised criminals, operating either alone or in gangs.

For instance, a malicious attacker may entice customers to return a “missed call”, without the customer realizing that the number is a toll or premium number that will charge a significant amount of money to their bill or prepaid account. This is called a “Wangiri” fraud, a Japanese term that literally means one (ring) and cut.

In a security attack known as “phishing”, a fraudster will get access to a customer’s personal details to make purchases using their account, and subscribing to services without the customer’s knowledge. As individuals spend more time on their phones, using voice and data services, they become more vulnerable to these types of threats.

At a corporate level, malicious attackers may hack VoIP PBX systems to make long- distance calls, again to premium-rate numbers. The attackers could also take advantage of quirks in a telecommunications system to make it seem as though calls did not go through (by recording a false disconnection notice), while still charging for completed calls. Calls can be routed and transferred incorrectly, all of which lead to artificially inflated charges.

When telecom fraud does occur, someone has to pay – and often, that someone is the telecom company itself. Telecom companies can also lose money through wholesale interconnect charges, customer refunds, investigations, and additional customer support hours. Telecom companies may also eventually lose the faith of their customers, leading to fewer new customers and fewer customers retained.

Luckily, there are answers. Companies can reduce the cost of telecom fraud – and thereby improve their profitability – by avoiding telecom fraud altogether. This can be done with the help of an advanced telecom fraud management solution.

Mitigating Your Threats With a Telecom Fraud Solution

Using a telecom fraud management solution, your telecom business can prevent a significant fraud from taking place altogether — therefore potentially saving millions. A telecom fraud solution is able to automatically detect suspicious activity, making it easier for the organization to mitigate it before the damage is done. Some newer solutions are able to learn from past behaviours, identifying even threats that haven’t been seen before.

Many telecommunications businesses now use self-learning algorithms to identify the patterns on a customer’s profile. This is similar to fraud detection used for credit cards. With these patterns, the company can identify activity that seems strange for a customer, blocking suspicious payments and costly subscription fees. The smarter these algorithms are, the less likely they are to produce disruptive false positives.

Improving Profitability With a Telecom Fraud Solution

As discussed, telecom fraud itself is expensive, and a telecom fraud solution can help you mitigate threats. In so doing, telecom fraud solutions improve profitability in three major ways:

1. Mitigating direct costs:
There are direct costs of telecom fraud. Telecom companies will often need to audit and review their systems, and update their software, hardware, and business processes. Companies may also find themselves needing to reimburse customers for fraudulent charges, or absorbing costs that were fraudulently relayed across their system. All of this is going to lead to additional expenses.

2. Customer retention and brand reputation: 
If a telecom company experiences enough fraud, it will get low marks from its customers and may not be able to retain customers. Customers will not trust a company that often falls prey to fraud, and they will not want to continue using a company on which they have experienced fraudulent transactions or charges.

3. Reduced labour and troubleshooting costs:
Telecom fraud management solutions are able to automatically enforce many security protocols, thereby reducing the amount of time that administrative personnel and IT teams need to spend tracking down and mitigating threats. Telecom companies may be able to reduce their internal IT staff by using automated fraud detection solutions for mundane and routine tasks.

Whether your telecom company is large or small, it’s probably already the target for malicious attackers. The time to begin protecting yourself and your business is now. 

August is known to be the busiest month out of the year for telecommunications fraud, as criminals take advantage of summer plans and holidays. This summer is likely to bring with it a host of new exploits and attacks – and you must assume that your company will be targeted. This summer telecom operators should spend their time bolstering their security efforts, through the adoption of increased technology and awareness training.

Roaming Fraud is on the Rise

Telecommunications fraud is not isolated to any particular network or country. Telecommunications services are now truly global, with new regions continuously opening up – and with them, new avenues for fraud. Telecom operators are already preparing for changes in EU data roaming rules and higher-risk roaming, additional telecommunications services, increased numbers of telecommunications devices, and seasonal increases of telecommunications fraud along with declining revenues due to the impact of other disruptive technologies such as OTT.

The Internet of Things has substantially changed the landscape for telecom service providers, with a multitude of devices now having the ability to initiate or facilitate fraudulent and malicious attacks. As network activity increases overall throughout the world, so too does the number of fraud attempts, and the number of telecommunications fraud vectors. Changes in roaming rules are already responsible for increased levels of fraud as consumers become less vigilant about managing their own charges and fraudsters exploit the new fraud opportunities these changes have provided them with.

But that’s not all – telecommunications fraud also tends to go up during the holidays and summer. With more people traveling and being active, there are more opportunities for fraudulent charges. This is especially true when customers are abroad or making plans to go abroad. Many known fraud attempts involve connections on an international level, and these can be some of the most costly to contend with.

With all that in mind, how can telecom operators combat the rise of telecommunications fraud? By creating a comprehensive telecom fraud management strategy. Telecom providers need to prepare now for the risks that are certain to come.

Taking Steps to Minimize Telecom Fraud

Telecommunications fraud is frustrating to the consumer and costly for the service provider. Telecom operators must take steps to minimise fraud if they want to protect their revenue and provide the best customer experience.

A solid telecom fraud management strategy consists of two parts:

An automated fraud solution: All operators must have a comprehensive fraud solution, which will automatically detect and mitigate the signs of fraud across their network. It is not always possible for a human agent to identify these signs, and consumers will often be unaware that fraud has occurred on their account until well after. Automated fraud solutions are able to do the work of many people, automatically scanning for and identifying potentially malicious actions. Even better, these fraud solutions are able to scale up easily, thereby allowing the telecom service provider to grow without an increase in security risk

Improved training and awareness: Telecom service employees must be trained to properly identify the signs of fraud and to escalate to a supervisor when needed. Though many fraud attempts will be detected by the automated fraud solution, there are types of fraud that can occur at the service, customer, and employee level. These types of fraud are often “social engineering” attempts, which employees must be able to recognize and respond to.

Some actionable steps telecom operators can take to avoid fraud this summer:

1. Reduce the lag between when calls are made and when these time stamps are logged, to combat International Revenue Share Fraud (IRSF) in particular – a type of fraud that involves generating traffic to expensive international revenue share numbers.

2. Broaden the scope of the fraud monitoring function. Fraudsters adapt their own modus operandi to counter common prevention and detection strategies that they know telecom operators will implement. A good example is country or range blocking. In February 2017, 42% of all International Premium Rate (IPR) test numbers advertised related to the top 10 fraud destinations. In July 2018, the top 10 destinations only account for 23% of the IPR test numbers advertised. There are now over 220 countries and territories being advertised as revenue share destinations, so monitoring only high-risk destinations is no longer effective.

3. Install an early detection service for Wangiri fraud (“one ring and cut”) – particularly fraud that diverts traffic illegally or “cons” users into returning missed calls to high termination rate destinations.

4. Implement and maintain a detection service for SIM Box Fraud, which is a type of fraud that involves using the internet to terminate calls on local SIM cards to sell international minutes.

5. Only resell minutes to reputable parties to combat “arbitrage,” the practice in exploiting settlement rates between countries for a profit.

6. Use monitoring equipment to detect more complex types of fraud such as OTT hijack attacks, or hacks into VoIP systems.

Though fraud attacks are going to be increasing through the summer, they aren’t going to go away once the holidays are done. Due to the IoT, new regulations, and the general increase in global traffic volumes, fraudulent attacks are going to be an ever-increasing threat. Businesses must take action now if they want to prepare themselves and prevent the possibility of a costly fraud attack.

If you want to learn more and minimize your fraud risk, reach out to XINTEC today.

Irrespective of a communication providers’ size, a CFO or Finance Director’s nightmare is to have to explain to his executive team, to his shareholders, to his/her own customers, even the general public in some instances, why they didn’t detect an ongoing financial loss or couldn’t prevent a sudden fraud hit.

The increase in scale and complexity of fraud types around the world creates situations of genuine uncertainty for operators and in turn, their financial controllers. No operator wants to constantly face the threat of being attacked by fraudsters and of having hundreds of thousands or even millions of dollars wiped off their bottom line in a single incident.Yet we see this happening, a lot.

But what price is worth paying to stay protected from financial losses?

Smaller Operators more at risk

Losses directly attributable to fraud and revenue leakage can range from 0.5% of gross revenues all the way up to 15% in certain cases, according to a Gartner report. International Revenue Share Fraud, the deadliest of all fraud types, costs the industry in the region of $6.1bn a year, roughly 20% of all estimated communication fraud.

Although the types of financial risk to which operators are exposed are essentially the same, owing to the global nature of telecommunications, the smaller operators are at a clear disadvantage when it comes to managing risk and preventing major losses. They simply don’t have the experience, the maturity, or the resources to get losses fully under control.

Whether traditional MNO, VoIP, fixed-line carrier or MVNE/MVNO, the price point at which they should seek to acquire loss prevention technology or related services is a critical deciding factor. So, the case for simple and cost-effective tools to de-risk their business becomes a compelling one. There has never been a better time to promote a low-cost technology proposition to the global telecommunications market, even for incumbent operators seeking to drive down supplier costs.

At XINTEC we can help de-risk a business in a very simple and cost-efficient way with a suite of products that are flexible, adaptable, quick to install, and able to deliver measurable results fast.  

Roaming revenues have been declining for several years now, and some CSP’s have realised that being accepted as a preferred roaming partner in their home country can generate important revenue to replace that lost through declining outbound roaming settlements.

A HPMN will normally have a choice of several VPMN’s in most countries their customers will roam to, and they have the ability to steer their customers towards a preferred VPMN when roaming. The decision on which roaming partner will be selected as their preferred VPMN will be based on a number of factors, for example NRTRDE compliance, network quality, inter-operator tariff (IOT) discount agreements, etc.

In most countries now, the services provided by all VPMN’s is reasonably consistent, so a service differentiator should be explored to provide an additional level of service not offered by the other in-country CSP’s. A relatively simple value add is to evaluate NRTRDE-OUT records for visiting roamers and provide immediate advice to the home network of any obvious fraud or misuse. While it is accepted that (in most cases) NRTRDE records will be delivered to the home network within 60-90 minutes, the earlier suspicious activity is notified, the sooner financial loss can be avoided.

The opportunity to add value in this way will be limited as more operators implement VoLTE. Since VoLTE is an all IP Network, the VPMN has no visibility of voice traffic originated via S8HR VoLTE roaming. While there are only an estimated 600 operators currently fully operational with VoLTE, it will take some years before there is a full transition from Circuit Switched (CS) to VoLTE.

Offering roaming partners some additional value now by reviewing their NRTRDE-OUT records is a sound strategic move to establish a trusted relationship which could then continue as the networks transition from CS to VoLTE and secure ongoing roaming revenues.

In September last year, the CFCA published the findings of its latest fraud loss survey revealing that Telecom Fraud has cost the industry an estimated $29.2bn in 2017, which comprises 1.27% of total global telecoms revenue. The good news is that while this is a better result than the previous 2015 survey, the bad news is that fraud remains one of the biggest revenue risks to operators globally, with IRSF in particular remaining the most prevalent type of fraud attack experienced.

What is also becoming clear is that the smaller Tier 2 and Tier 3 Operators and MVNOs suffer the greatest threat from fraudsters, and in many cases are at an even greater risk of fraud than their larger competitors.

Why is this?

Well, reported incidents consistently show that even over short time periods fraud attacks can result in losses of hundreds of thousands, or in extreme cases, millions of dollars to an Operator or MVNO. While fraud losses at this level are significant for any Operator, many larger Tier 1 players can manage the impact of them. However, an incident on a similar scale targeting a smaller Operator is likely to result in a more serious financial impact, sometimes taking years to recover from.

This is where third-party providers can play a crucial supporting role in helping smaller Operators build a stronger resilience against fraud and greatly reduce the impact that fraud attacks are having on their revenue and reputation. We have outlined the top 5 reasons why our customers are now looking externally for telecom fraud management in tackling fraud across their network.

1. Costs

Traditional fraud systems for Tier 1-type operations have been designed with large databases and complex network infrastructures and as such are normally expensive, difficult to install and maintain and requiring resource intensive support.

Smaller Operators and MVNOs do not generally have the infrastructure, resource or available skills sets to manage such solutions, and although scaled down options are being made available; these often still have high total cost of ownership (TCO) impacts.

2. OperationsEstablishing an effective and efficient fraud operation within a small Operator can be a challenging task. Smaller providers tend to be restricted in the number of resources they can make available and even then, often lack sufficient skilled expertise in the Fraud and Revenue Assurance area. Without access to fundamental knowledge of the Telco operational architecture, data structures, services and operational threats, it is almost impossible to implement an effective operational infrastructure to provide adequate protection against fraud.

Secondly, due to the constantly changing technology environment we work in, our industry risk profile is changing almost month on month. So many of the outdated and manual approaches to revenue risk management are simply no longer practical. Similarly, many in-house developed systems which may have been ‘fit for purpose’ for specific revenue risk management issues when implemented, will have become difficult to maintain and adapt to today’s constantly changing risk environment.

3. Technology

The issue of technical architecture is one of the biggest challenges for smaller Operators wanting to establish effective risk management practices. Advancing technology in a competitive marketplace can present obvious difficulties for smaller Operators and MVNOs competing with the larger providers, but it also presents an internal challenge in establishing optimal operations.  

4. Functional Capability

If the Operator decides to self-build an operational solution capability, there are many factors to consider, and significant risks to take into account.

Firstly, finding the appropriate resource internally to create and manage any reporting or alerting infrastructure is difficult, especially with clashes of priorities and responsibilities. Even in situations where this resource is available, development of the appropriate controls, monitoring or reporting can be limited due to lack of knowledge of the issues or understanding of the mechanisms needed to achieve the goal.

Secondly, if an operator does manage to establish a simple self-built control or reporting system, the lifecycle of such a system is limited, as risks change and develop over time, and constant management and updating of such solutions are needed.

5. Knowledge Sharing

As everyone knows, two heads are better than one and organisations that have both in-house and third-party fraud detection capabilities are the ones proved as being most effective at preventing fraud attacks on their networks. Third-party vendors dedicated to fraud are at the coalface of this battle, staying up to speed with the latest industry trends, and often in cases, getting ahead of fraudsters across the globe.