IoT Fraud

We are moving quickly towards a world where any device can connect to the Internet.

But there are plenty of opportunities for fraud.

The IoT Fraud Challenge

The rapidly growing IoT market is allowing them to secure steady cash flow with minimal added network inf rastructure costs. But this expansion has exposed the CSPs to new fraud threats

Embedded SIMs if left unattended for long periods, are susceptible to tampering. The large number of terminals makes them prone to DoS attacks, or being used to launch such attacks.

How do we solve this problem?

XINTEC’s IoT fraud detection solution mitigates these risks. The solution has two modules: IoT Known Behaviour module and IoT Unknown Behaviour module. Both these modules are built on XINTEC’s industry proven light-weight core and can instantly provide security against IoT threats.

IoT Known Behaviour Module

IoT devices often exhibit specific behaviours. These behaviours are encoded into profiles that encapsulate inter-device relationships, location, movement, and activity characteristics of the service.

XINTEC will monitor devices against these profiles to ensure they behave according to expectations. Any abnormal behaviour associated with a device or group(s) of devices will trigger alarms.

IoT Known Behaviour Module Example

An e-Bike fleet will accept financial transactions and report their location every few minutes over a data connection. They will operate within a limited area and only expect to achieve a reasonable maximum speed of 50km/h, for example. The embedded SIMs are fixed to a single e-Bike (meaning there is no change of the IMEI value) and communicate only with the operations support platform. The characteristics of the e-Bike fleet are encoded into a XINTEC profile.

The XINTEC platform monitors the activity of the bikes, raising alarms, e.g.:

• E-bike traveling above reasonable speed threshold indicating it may be carried in another vehicle

• E-Bike movement without associated financial transaction

• E-Bike failed to report location

• Data communication to unsupported APN

• Inappropriate use of communication service

IoT Unknown Behaviour Module

The second module learns from the behaviour of IMSI groups offering the same service. This module identifies anomalies in IMSI behaviour relative to its peers or anomalies of a group relative to other groups offering the same service.

The module uses advanced clustering algorithms. The module identifies outliers and cluster evolution. Outliers identify
individually compromised devices; monitoring cluster evolution helps identify mass compromises and quality issues.or being used to launch such attacks.

IoT Unknown Behaviour Module Example

The vehicles of a delivery fleet management service will exhibit groups of similar behaviour. According to the vehicle size, type, and base location the vehicles fall into clusters.

Each cluster might exhibit similar distance covered, number and length of stops, operating hours, etc. When an individual vehicle deviates from its cluster behaviour, perhaps it is rerouting to take on illicit cargo, taking more or longer stops, and adding distance.

This behaviour may be detected simply be monitoring deviations from individual normal behaviour, but clusters can identify when multiple drivers collude in these illicit operations as new clusters will evolve.