Telecom fraud – the impact of digitalisation

The telecom world is changing, all while enabling the digitisation of services across different sectors; these changes, however, are increasing the fraud risks and threats within the telecom world itself. Due to digitalisation, telecom services can be both the point of attack to initiate fraud, as well as the victim of fraud. 

As the phone has become a common authentication point for many financial or ecommerce services, fraud against telecom consumers and the telecom services is rising rapidly. Further increases in fraud impacts are due to the inherent value of the equipment being supplied by telecom providers, thus becoming attractive targets for the criminal fraternity, as they are items that can be quickly cycled to revenue.

The rise in consumer-based fraud attacks against telecom services is highlighted within the last Communications Fraud Control Association fraud report, which showed a combined value of over USD 11 billion lost to various types of consumer-related attacks, and even this number is thought to be highly underestimated.

Recent years have seen a re-growth in subscription fraud attacks, in order to gain equipment and services. As well as over 300% growth in account takeover attacks in order to compromise the consumer themselves, particularly in relation to financial services.
Although subscription fraud has been a perennial problem for almost all service industries, recent growth has been focused around the use of “credit mules” or synthetic identities. “Mules” are when a genuine entity has been approached and knowingly passes on their personal details in order to allow them to be used for an account creation. These mules are often recompensed immediately and do not necessarily realise that the details they provide will be used for a fraud attack and may damage their future credit profile. As such, it is difficult for service providers to identify mules as the details being used to create an account are genuine and not falsified.

A synthetic identity is when an identity and a credit profile are created by combining both genuine and fake data in order to set up accounts across multiple services – services which may be very low value, but with small credit interactions. This can then create an impression of a credit active consumer, so when the synthetic ID is used for a major purchase, the credit file and history are apparent and warning flags may not be raised.

The growth of online and ecommerce channels allows the use of “mules” and synthetic identities in high volumes remotely, thus enabling attackers to manipulate thousands of transactions over a short period of time.

Account takeover has been the fastest growing form of fraud for telecoms over the past few years. Much of this is attributable to the changing nature of service provision. Customers now expect instant access to accounts, simplified services, and recognition of loyalty. As such, often accessing and adding services or equipment to existing accounts is faster and simpler, with fewer checks and verifications than opening new accounts. Fraud operatives have targeted such principles ruthlessly.

In the early stages of account takeover growth, a large focus for fraudsters was on the ability to upgrade equipment or add additional connections and equipment to existing accounts – if you could access the customer account, you could perform these actions to gain equipment for resale. However, the growth of digital services across the different markets means that there are other reasons to compromise a telecom account. Taking phone numbers as a case in point, which are increasingly being used as an authentication tool for ecommerce and online financial services, whereby a message or call is sent to the phone/cell to approve an ecommerce or financial transaction. Fraudsters have now realised that if they perform a SIM swap, or even port out a telecom account service, they can then gain the ability to not only add services to the telephone account, but also use the phone number to intercept and approve financial transactions, compromising both the victim’s financial services and their telephone account. This proves doubly damaging for the telephone provider, as they are seen as responsible for the attack against the financial transaction, as well as for the phone account.

Now, most of the growth in these types of fraud has been driven via the digitalisation of services and provision of apps, online self-service, and digital interactions. Therefore, from a fraud management point of view, in order to start to manage or prevent many of these types of attack, it is necessary to understand the nature of the customer and digital services. As these attacks are manipulated across different marketplaces, it can be difficult for traditional service providers to adapt.

Therefore, telecom providers need to be able to understand and identify their customers in the new digital world. As we move into the crossover between service provision, access, and utilisation, where people interact with multiple devices, in multiple locations and across services, it has never been more important to be able to profile an entity as a complete digital persona.

Leading organisations in the telecom world are now integrating digital identity solutions in order to protect their customers, authenticate interactions, and prevent fraud attacks.

The most advanced solutions amongst these allow the crowdsourcing of data across verticals, for a complete digital picture. These solutions enable the provider to openly promote the use of online services, whilst validating data and ensuring trust in interactions across their digital channels. Operators who are not following this trend or approach are quickly becoming the targets of the advanced criminals to a frightening scale.

About Jason Lane-Sellers

Jason is a highly experienced fraud professional who has been working in the telecommunications industry for 20+ years, and he is currently President of the Communications Fraud Control Association. He has a wealth of experience within operators and vendors covering fraud, risk & revenue assurance.

About Communications Fraud Control Association

CFCA is a not-for-profit global educational association that is working to combat communications fraud. The mission of the CFCA is to be the premier international association for revenue assurance, loss prevention and fraud control through education and information. By promoting a close association among telecommunications fraud security personnel, CFCA serves as a forum and clearinghouse of information pertaining to the fraudulent use of communications services.