As telecommunications operations become more complex each day, several primary sources of fraud continue to plague the industry. In a 2006 survey commissioned by Subex Azure, participants cited fraud as the single largest area of revenue leakage. Average fraud losses increased from 2.7 percent of annual revenues in 2005 to 2.9 percent in 2006. That equals more than $44 billion globally from the telecom industry’s bottom line. Given the size and scope of the problem, what are the top frauds, how can they be identified, and how can we thwart them?
1. Subscription Fraud
Subscription fraud involves setting up a false identity to gain access to network services with no intention to pay for services, either by creating a fictitious identity or by fraudulently using the identity of another party to pay for those services. A single fraudster can wreak havoc by setting up multiple accounts and thereby racking up multiple bills, or by causing an unsuspecting subscriber to be billed for the services used. Both of these scenarios routinely result in large losses and increases to uncollected revenues.
The best way to prevent subscription fraud is to perform thorough customer verification checks, such as credit references and subscriber services usage analysis that profiles an individual’s calling patterns regardless of the phone they may be using. These steps help establish a true profile of behavior patterns, so that individuals can be uniquely identified regardless of the credentials they supply. Subscription fraud, which occurs at the time of applying for a service, can be thwarted by confirming that none of the applicant’s details are present in any known fraudster list. Further measures include obtaining an initial deposit and limiting usage with controls such as credit limits.
2. Premium Rate Service (PRS) Fraud
The simplest version of premium rate service fraud is to artificially inflate the amount of traffic to a legitimate PRS service, most commonly 900 numbers, either manually or by the use of auto-dialer equipment. The main characteristic that fraudsters look for is any service where the operator has to share part of the revenue with the PRS provider. This type of service is particularly susceptible to what is known as artificial inflation of traffic—where a person makes repeated calls to a PRS number to trigger a payment without any intent to pay the subscriber charges.
In addition, PRS frauds are often used in conjunction with roaming and subscription fraud. For example, a fraudster can create a premium rate service by setting up a server in a country with a weak prosecution history. Once the service has been established, the fraudster will use identity theft and/or subscription fraud to establish a large number of wireless accounts. The fraudster will then ship the phones outside the operator’s country and begin dialing the PRS number with the new phones. This scam takes advantage of the delay in usage reporting between GSM operators to allow large calling volumes to go undetected. It is quite feasible for the fraudster to generate $1 million in hard-dollar losses for the operator over the span of a weekend.
To prevent this type of fraud, monitor usage patterns to identify unusual, often high-usage call patterns to PRS numbers. For example, if there is a sudden increase in traffic for a particular PRS number, especially if the traffic originates from a small number of calling line identities, it’s worth the time and effort to look a bit closer. Perform credit and other reference checks on the owners of PRS numbers when they submit an application. In addition, risk of this class of fraud can be limited by profiling the traffic received by PRS numbers and raising alerts when usage trends change significantly.
One solution for PRS/roaming/subscription fraud is to evaluate the location of the initial phone registration to the network and/or the first few phone calls made. If the phone is first activated outside the home network or home country, the operator should shut it down, or at least route calls to the fraud department.
3. Roaming Fraud
Abusing roaming facilities to make free calls is also a costly problem. Roaming cloning fraud—where subscriber identity numbers are used in another market—has been the most widespread type of this kind of fraud. Roaming fraud also can increase the incidence of PRS fraud, as described above.
For example, roaming records for an operator in Northern Europe were routinely received from the visited network 24 hours after the calls took place. Since the fraud department did not work over the weekend, handsets purchased on a Thursday were quickly shipped to another country where the fraudsters were able to get three days of fraudulent use from the phones before any problem was detected.
To prevent this type of fraud, monitor the usage patterns of both inbound and outbound roamers—for example, develop regular high-usage reports that are based on call attempts as well as call volume. Roaming fraud often exploits the increased delay between service usage in the visited network and the subsequent delivery of billing information to the home network. Risk of this exposure can be limited by capturing and analyzing the near real-time delivery of this information between networks.
The exchange of roaming information between operators has traditionally been associated with delays. Within the GSM sector, an operator has up to 30 days to exchange this information. However, much more use of information generated by the home network (versus relying on the visited network) can and should be used—in particular, SS7 signaling information and the introduction of CAMEL services. The GSM Association itself is working to advance this process with the introduction of NRTRDE—near real-time roaming data exchange.
4. Internal Fraud
Internal fraud has many faces, from applying services directly onto the switch without amending the billing system and suspending the generation of usage information, to the reactivation of used prepaid voucher numbers. Other examples include removing records from billing systems, creating fictitious accounts/customers/employees, removing call detail records (CDRs) from the billing cycle, or just manipulating the accounting and credit processes. All these factors can mean lost or incorrect billing records, more non-payments and general customer dissatisfaction.
When looking at specific sources of internal fraud, one must consider that different departments have different opportunities to perpetrate it. For example, people within network operations can suppress the generation of usage information on certain routes and trunk lines. Folks in IT or billing operations can modify or prevent billing for certain numbers or groups of numbers. And customer service reps can steal identity and payment information, often leading to credit card scams against customers and the operator.
A clear-cut example occurred when someone within the network group of a Tier 1 wireless carrier simply changed the feature flag of certain prepaid phones to be sent to the postpaid billing system. The postpaid billing system rightfully deleted the records because it didn’t have any accounts to apply charges to. The person then sold “unlimited usage” prepaid phones and pocketed the cash. This specific instance resulted in significant loss to the tune of almost $2 million.
Today’s revenue assurance tools are likely to detect most cases of internal fraud that create an imbalance between usage patterns and billed revenues. Periodic audits of all network equipment configurations and creating specific internal fraud reporting mechanisms that include stringent background checks of employees will quickly reduce internal fraud.
5. Technical Fraud (Cloning, Clipping, SIM Boxing)
Technical fraud involves stealing services from other users by using sophisticated equipment that now is readily available on the market. For example, cloning SIMs and the International Mobile Equipment Identities (IMEIs) of handsets can cause inaccurate billing for genuine customers, as well as elevating costs generated by trying to resolve customer complaints.
To detect and prevent this growing form of fraud, analyze network traffic to identify multiple calls made at the same time (collision checks) and from the same number. Also, conduct velocity checks to easily detect calls made from geographically remote places, usually within an unfeasibly short period of time, to identify specific handsets that have been cloned. This fraud is preventable by incorporating stronger encryption methodologies on handsets. Enforcing PIN protection can be another way to prevent unauthorized access to the SIM.
6. Dealer Fraud
Many operators employ resellers to help extend their reach. Unfortunately, unsavory resellers can sometimes directly exploit these agreements. For example, some dealers may simply falsify sales records to claim grossly inflated sales commissions. Other examples include reporting sold SIMs as lost, reselling expired vouchers, and relaxing subscription requirements to increase the volume of sales and thereby obtain fraudulent commissions. These types of fraud can leave a trail of unpaid bills and unaccounted-for usage.
How can it be detected and prevented? Monitor subscriber behavior for connections sold by dealers. For instance, run regular reports on the number of sold SIMS and/or handsets that have not been activated. Also, most operators can quickly analyze dealer performance based on simple margin calculations to take into account revenue generated versus costs incurred, rather than solely by the number of sales achieved. It’s also a good idea to perform basic credit and other reference checks on the owners of dealerships when they submit an application. In addition, don’t forget to regularly analyze the dealer incentive and commission agreements to identify loopholes that should be closed in order to prevent unscrupulous dealers from exploiting them for their own benefit.
Conclusion
Operators can never afford to let their defenses down when it comes to telecom fraud. Many threats, both internal and external, need to be considered, and mechanisms must be put in place to eliminate or at least minimize those risks.
Fraudsters, like operators, can and will take advantage of the new range of next-generation services that are coming on to the market. With the introduction of new services comes an ever-increasing array of methods to defraud operators. Pay particular attention to services with higher content value, such as music downloads and video clips, which both increase the value of individual services but also make fraudulent activity more attractive. Technology solutions are at hand to combat fraud, but they are only effective when operators are fully aware of all the potential threats, and when they integrate the necessary due diligence and related processes into their everyday business operations.
Geoff Ibbett is Director of Product Management for Subex Azure Ltd.
Email this article
Add a comment
Printer version
Order reprints
RSS Feed
Bookmark article