Industry Trends: Waging War on Frauds of the Future
Michelle L. Hankins
09/01/2001
One thing can be said about fraud: it keeps pace with the industry. “Once we get a step ahead with fraud prevention measures,” says Per Hjerppe, senior consultant with Ericsson, “they still figure out what to do next.”
In recent years, senior managers weren’t too concerned about containing losses—they were swimming in pools of success. Now the successes have peaked, and the managers are wondering how they can squeeze a few extra dollars out of their expenses to get some profitability out of their companies, notes David Nussenbaum, CEO of FML Americas. This is particularly true in the areas of revenue assurance and fraud reduction.
As fraud techniques are constantly evolving, providers must wage a dual attack by protecting both the front and back office. On the front end, they must keep fraudsters off the networks. And they must keep improving defenses in the back office to detect the ones who slip through the provisioning cracks.
Kate Strong, product marketing manager for Lightbridge, estimates that 4 to 6 percent of a carrier’s revenue is lost to fraud each year. And this figure, she says, could be understating the issue.
According to the Forum for International Irregular Network Access, a group of telecom fraud experts, telecom revenue lost at the hands of organized crime rings totals about $55 billion.
One reason for such high losses is that “fraud tends to go where the value is,” according to Peter Mason, revenue assurance manager at Intec Telecom Systems. “Somebody is not going to defraud a telco and then call local numbers once a week,” he says. “If you’re going to risk being caught, you are generally going to try to get free calls to either high-tariff destinations or you’re going to try to sell high-tariff destinations by selling people illegal calls.”
In addition, criminals who defraud telco networks often find it easy. They have no geographic limitations, Mason says: “Somebody in New York can defraud somebody in Australia in real time, so really, the cards are stacked in favor of the fraudster.”
Next-generation technologies also add to security threats. With service advancements also comes fraud, and hence revenue setbacks. So in the game of cat and mouse, who stands to win—providers or fraudsters?
Subscription Fraud
Behind Door No. 1 has always lurked subscription fraud. It is not new, but it is stronger than ever, say industry experts. “It is low-tech and it’s easy—and it doesn’t show up automatically on the fraud management systems the way a clone does, or the way calling card theft might,” Nussenbaum says.
“One of the fastest growing crimes in the United States is identity theft, and identity theft is the cornerstone of subscription fraud,” says Strong. In fact, subscription fraud is the fastest growing type in the industry. In 1996, she estimates, the split on fraud was about 70 percent technical and 30 percent subscription fraud. By 2000, however, those numbers, Strong believes, had reversed—with 70 percent now being attributable to subscription fraud. This, she says, is due in part to the tools built that have been able to detect and halt various technical frauds.
Subscription fraud, once on the network, is extremely difficult to detect. Typically it takes six months for a provider to uncover it—usually when an unpaid bill goes to collections, says Nussenbaum. But there are some techniques for detection.
Lightbridge has designed a product to keep risks off the network at the point of sale. With its profiling capabilities, it checks whether a subscriber has been a bad debt or has been cut off from a carrier, and whether the address is verified. Yet Strong comments that providers must be careful: sometimes it is difficult to tell whether a user is an actual fraudster or was just hung up in bad debt.
Because fraudsters often illegally use someone’s personal details to obtain service, they usually call the service provider before the first bill is due to change their mailing address and thus prevent the actual person from finding out about the illegal use of their information. Lightbridge designs its product so that such changes within 30 days of service initiation deliver a high-level alert to a fraud investigator.
Strong says it is typical for swindlers to recycle information used in these instances. “They will use a certain element, a certain street location, a certain telephone; they may have certain names they tend to go back to,” she says. In these instances, a provider would benefit from a database that contains suspect information, matches it to actual events and triggers an alarm when matches are detected.
A Bottomless Bag of Tricks
In reality, stealing a person’s identity or personal information is simple. Fraudsters can steal a PIN number just by looking over someone’s shoulder, then sell the phone access on the street corner.
Fraud can also pervade the network, says Intec’s Mason. For example, switching signals can be manipulated to obtain free service, commonly know as boxing fraud. In some parts of the world, signals are still used on the voice channel to instruct the switch. This allows manipulation of the tone generation equipment using special equipment.
One area where fraud is often overlooked is in prepaid services. Because the prepay option refers to paying prior to use, many assume fraud is not prevalent in this area, but industry experts assert to the contrary.
Ericsson’s Hjerppe cites one instance where prepay distributors claimed they had sold services to 12,000 subscribers. The distributor was trying to rack up the commission given for the sale of prepaid services.
Corporations at Risk
Businesses are susceptible to fraud when phone hackers break into and manipulate their systems. “People still use auto dialers in some cases—machines that are programmed to go and dial corporate numbers until they denote a private exchange and then try all the extensions on a private exchange,” Mason says. He explains that these systems will explore numbers at random because sequential numbers are generally picked up by fraud systems.
Each time the machine detects a modem, it records the number and drops the line and moves on. “They’ll use a corporation’s phone system to scan hundreds and thousands of numbers for additional modem connections,” says Tim Belcher, CTO of RipTech. When the fraudster goes onto his auto dialer he will have a list of modem numbers that he can then try to use to obtain a login prompt.
“I believe this abuse occurs quite often [and is] undetected by corporations, because it appears as noise on their phone bill that is not being examined in the necessary way to catch this type of activity,” Belcher says. “Some customers have found that type of abuse through exorbitant fees or through massive increases in their phone bill, and then they trace it back. Very rarely do corporations catch it while it’s being done. They usually catch it from audit records.”
Another type of corporate-aimed fraud is directed at companies that offer a dial-in capability into their private exchange for telecommuters and business travelers. When the user reaches a voice mailbox, they can dial a PIN and get dial tone, and can then dial out through the phone extension, often from anywhere in the world. While they may pay for the local segment, they don’t pay for the international outbound segment, and if their voicemail is a free phone call number then they don’t pay anything. “People who commit telephone fraud don’t pay anything, so they are very fond of breaking into free voice mail numbers, cracking the PIN and then dialing out at the corporation’s expense,” Mason says.
“We’ve seen cases where hackers have actually broken in through the Internet and taken control of dial-out facilities or modem banks, and actually, through the Internet, dial out and use the phone systems as well,” Belcher adds.
One recent case involved a small real estate company, Gerry Murphy Realty, and AT&T. The real estate company was the target of phone hackers who used its system to call international destinations to a total sum of $90,000. AT&T offered a settlement of $45,000. AT&T spokesman David Arneke comments, “We made a settlement offer, and they refused.” The case was then sent before the FCC.
Arneke said AT&T monitors international calls looking for suspicious patterns. In this case, AT&T blocked the company’s calls for 48 hours, yet the hackers still used the systems. “Customers are responsible for calls made on their lines. If someone hacks into your voice mail, your phone line or your PBX, it’s your responsibility to stop it,” Arneke says.
Corporate fixed-line phone systems and data connections are not all that are at risk. Companies that employ wireless networks as well are facing security threats and hence are open to fraudulent activity. Unlike wired networks, wireless networks offer applications that may yield great opportunities for intrusions. Fraudsters can tap wireless network radio signals to invade corporate data and unleash viruses. With a growing effort to provide mobile applications and services to high-value business customers, the possibility for hackers to infect these networks and gain illegal access or steal information is high. Users often transmit proprietary corporate data through these channels, so the need for protection is critical.
The Enemy Within
One problem that carriers are facing increasingly is internal fraud. Someone on the inside may have the know-how to delete call detail records or change bills. A switch technician may configure the switch so that it doesn’t charge friends and family. “In telecom it’s just so easy to fiddle around with things to poorly configure systems,” says FML Americas’ Nussenbaum.
“I’ve heard stories from several carriers that they are getting hit from within,” says Strong at Lightbridge. This is why it is critical to have security measures in place both inside and out. Cutbacks and consolidations are compounding the problem. “You have a lot of angry, disgruntled people who recognize that the entity that they’ve been loyal to for so many years is either getting rid of them or is not the same entity. … There’s outright hostility and retaliation toward [what they regard as] an unfair dismissal,” Nussenbaum says. Other cases involve individuals who lose loyalty to the firm and in the final months of work collude with a fraud ring or professional thieves on the outside.
“Fraudsters are so sophisticated,” notes Strong, “they are actually sending their own people in to be hired into the customer care and billing departments and as network operators, so they can compromise and set things up from within.”
Ericsson’s Hjerppe says he knows of instances where even cleaning crews at provider sites have worked on behalf of fraudsters, dialing up premium service numbers and leaving phones off-hook dialed to these numbers all night. Further, RipTech’s Belcher says he knows of employees leaving modems hooked up at their desks to bypass corporate network security perimeters.
Another problem that begins within is outsourced phone support. Often, Belcher says, a company will configure the system so that an outside company can manage its services. “If those phone numbers are discovered by hackers, often they can break right into the PBX,” he notes.
Global Roaming
While wireless carriers are now putting a lot of effort into halting subscription fraud, international roaming is one area where carriers are relatively wide open. “We have seen in the GSM environment some problems with people playing around with SIM cards and handsets, and somehow getting through and getting access to the network in a roaming environment before the home carrier catches up with them,” Nussenbaum says. Especially if someone has illegally obtained access to the network via subscription fraud, a visitor location register querying the home location register would likely be told the user is valid, and hence allow network use.
Hjerppe warns, “If you have fraudulent users getting approved as a user with international roaming, because it takes time to get the billing data back from overseas, an operator can run up real high losses if they are not careful.”
Theoretically, with international roaming, someone could take out a wireless subscription in New York and sell it overseas without intention of paying the bill.
Nussenbaum says, “If you’re going to let people roam all over the world, you’ve got to be able to look at their traffic on a reasonably timely basis. … You can’t bank on the roaming carrier to do proactive fraud management on your customer’s activity on their network.”
HNC Software’s RoamEx product sends call detail records (CDRs) from the roaming carrier to the customer’s home carrier in near real-time, so that a provider can monitor usage while a subscriber is using a roaming partner’s network. This immediate visibility of roaming usage gives fraud managers a one-up when monitoring their networks for illegal usage.
Currently, about 95 percent of all U.S. wireless carriers employ RoamEx, according to HNC spokesperson Patrick Hoss. Hoss states that 100 percent of Mexico’s carriers are using the system.
HNC won its first European contract for the product in July with max.mobile, a Deutsche Telekom group wireless carrier.
IP Fraud
IP networks open countless opportunities for fraud. “There’s going to be more incentive for an already robust criminal activity to find ways to make money off of this,” Lightbridge’s Strong says.
Inherently, IP fraud is often harder to track. Whereas in a traditional environment a circuit is allocated during a call, in IP networks packets of information move through varying pathways before reaching their destination. “Without a circuit,” says Mason, “it is much more difficult to do an audit. You don’t know where packets are. You don’t know which machines they are going through. You don’t know who controls those machines. You don’t know who is archiving information you send on those machines.”
In addition, the IP world in based on open, well-documented public specifications. “In the IP environment, there are many millions of people who are very clever at manipulating IP and UNIX systems, because they are open protocols,” Mason says. “They are all very well documented, and there are terabytes of information on the Internet about how these systems work—and there’s terabytes of software that is designed to break those systems and allow you to defraud those systems.”
Modem Hijacking
IP hackers capture Social Security numbers and credit card numbers and hijack modems. The Federal Trade Commission (FTC) uses its Consumer Sentinel fraud database, a tool available to law enforcement around the nation—from local sheriffs to the FBI—to store information about fraudulent activities. The database can be used to search by location, type of fraud or other characteristics that might define the suspect or crime. It contains more than 300,000 records, according to Betsy Broder, associate director of the FTC’s Bureau of Consumer Affairs.
In 1997, using the database and tips received on its fraud hotline, the FTC worked on a case that involved more than 40,000 customers whose computer modems were hijacked and rerouted to a foreign nation, invoking high charges on the customer’s bill. The FTC has received numerous complaints about this type of fraud and has fought on behalf of the consumer to halt it in a few situations. In a case in October 2000, the commission received 600 complaints directed at one company for modem hijacking. Within weeks, the FTC group was able to file a case in federal court in New York to try to shut the company down.
Crossing the Security Line
Software can be inconspicuously downloaded onto a computer to capture user information—such as passwords and login details—that a fraudster can dial in and obtain later. They replicate actual Web sites in “piggy in the middle” schemes to capture login information before sending the victim on to their actual preferred destination site. They control personal money management software by downloading and embedding code onto a computer and then using it later to make financial transactions.
Such IP schemes only increase the need for broader skills on the part of the fraud investigator. “Your typical fraud management analysts have to add to their repertoire security techniques that traditionally only resided in IT departments,” Nussenbaum notes. Without a doubt, electronic and mobile commerce transactions as well as content delivery are areas where fraud could significantly threaten revenue collection.
“Once we really get to these third-generation networks and you have GPRS and UMTS, the opportunities for fraud are going to increase exponentially,” says Mason. This inevitably translates into greater potential for revenue loss for providers.
“It’s a new area where we will have to learn,” Hjerppe says. “We have some basic knowledge and theories about what will happen, but until they actually start to get deployed we will not be able to find out.”
An Eye on the Network
The classic method of fraud detection is to monitor network usage. By reviewing usage patterns, changes in usage profiles and calls to particular destinations—especially high-toll destinations—investigators can pinpoint areas of concern and explore whether fraud is occurring.
Providers are applying neural networks, genetic algorithms, artificial intelligence, automatic detection and rules-based methods in usage monitoring to detect fraud. Yet Nussenbaum warns that such technologies as neural networks are much harder to implement in telecom versus the credit card environment because of the larger volume of transactions.
Mason notes that human intervention in usage monitoring is critical. While automated detection is important, he says, “keeping that human reasoning bit at the end” is critical. Mason says the lack of human intervention in up-and-coming applications is just one reason why they are ripe for fraud. “There is no human sanity check in some things,” he says. “A lot of fraud is detected by people just noticing something that isn’t right.”
Ericsson’s Hjerppe calls this profile usage monitoring “fingerprinting.” If a fraudster has an established calling pattern, the provider can monitor the network to make sure the user doesn’t again sign up under a different name. The theory behind this is that a fraudster will often call the same people—or “circle of fiends,” as Hjerppe calls them.
A provider can also check for usage impossibilities, such as a user making a call from New York and then 10 minutes later making a call from Boston. However, distinguishing between a cheater calling high-tariff destinations versus a high-value customer using the network legitimately is difficult.
Nussenbaum suggests that a critical method for curbing fraud is a layered approach. “The classic telco war story,” he explains, “is that marketing is in a dire rush to get every product and feature out the door” If a company is managed well, he says, the fraud department will screen every product before it is launched for any features that are inherently fraud-friendly.
“What we have in this industry is a revenue assurance team, a fraud team and a security team, and more often than not they work for entirely different sections of the organization,” Nussenbaum explains. “In some ways they are trying to do the same thing: They are all trying to contain losses and pick up the dollars that are dropping through the cracks in the organization.”
Nussenbaum says he is seeing organizations start to combine at least the management of these areas under one director to eliminate duplication of efforts, and to encourage cooperation between the various groups and use of their relevant skills.
Security Dollars Make Sense
Be it customer or provider, security and fraud management tend to be afterthoughts behind obtaining customers and delivering high profit margins. Mason has seen first-hand that those who try to scrimp on security often end up with greater costs down the line. As narrowing profit margins force providers to scrutinize their vulnerabilities within, implementing automated fraud management tools as well as innovative internal and external fraud management strategies takes on a greater importance.
“Fraud will always be there,” Mason says. “No network can be free of fraud. I think the issue is that you control it.”
Email this article
Add a comment
Printer version
Order reprints
RSS Feed
Bookmark article