A work colleague recently asked me how fraud prevention grows alongside the evolution of technology. As a developer in a company offering a fraud management system, his interest was how we use new technology to improve our fight against fraud. In reality, it is usually the fraudster that is motivated by new technology and the fraud detection follows.
In my preteens in the UK, I learned how to make free calls from a coin-box by tapping the switch hook. When in-band signalling was introduced, a good whistler or a canary could make a free call, or you could use a Blue Box to generate the necessary signals more reliably. I wasn’t motivated by fraud: I was a lonely child, so it didn’t matter much whom I was connecting to. The “phone phreaks” making blue boxes weren’t motivated by fraud either, but new technology created opportunity.
Remember those manual switch boards operated by a nosey, condescending telephone operator like Ernestine (Lily Tomlin)? It was this primitive technology that motivated Almon Strowger to invent the automatic telephone exchange: not to improve efficiency, but because he believed the wife of his competitor (a telephone operator) was routing calls to her husband.
The electronic switch put paid to the unscrupulous telephone operator and out-of-band signalling put paid to the blue box (and probably a few canaries). But the opportunities for fraud grew with the technological evolution of the telephone network.
As PABX became more sophisticated, the switching environment was no longer protected by the telephone company, but in the hands of companies with no experience of telephony. Unaware of their need for rigorous security, PABX have long been a fruitful technology for fraudsters. You don’t have to wait long to hear about a new PABX hack and we’re still spending time looking for them.
Moving forward to more modern times, Voice over IP drove down the cost of building legitimate voice networks, but also provided the means for almost anyone to set-up as an operator to route traffic illegally, which sent us all looking for ways to identify SIM Boxes. One such method is to use test calls, which prompted fraudsters to use CDR analysis (the very domain of the FMS) to identify the test numbers.
Is it technology that improves our ability to detect fraud or technology that provides the opportunity for fraud? I think both, but it is usually the fraudster that benefits first.