Fraud in the mobile industry: A growing issue for the marketplace
Fraud has been on my periphery for a while. It’s one of those areas of the industry (a little bit like voicemail) that doesn’t generally get a lot of attention but is actually rather important.
I asked the team at WeDo to answer my questions to give us an overview of the fraud issue — my intent is then to explore the themes in more detail over the coming months.
So here we go — my questions are in bold. Over to Sergio Silvestre, Vice President and Chief Marketing Officer at WeDo Technologies:
– – – – –
1. Give us a background to the company, what are the products/services and what type of customer(s) do you serve?
WeDo Technologies was founded in 2001 and is owned by the Portuguese conglomerate the Sonae Group. WeDo is a Lisbon-based vendor that supplies Business and Revenue Assurance solutions and services, sometimes also called Profit or Revenue Protection, to the telecom, retail, energy and insurance and banking sectors. Simply put, this means using systems to improve operational effectiveness and manage risk – countering issues associated with fraud, credit control and data retention and management for example.
As trading conditions become ever more competitive and the technologies that support success continue to increase in complexity, system and business process monitoring and control activities have become vital to every company’s future. It is only by applying these intelligently and appropriately in both tactical and strategic ways that enterprises can deliver strong, direct and easy-to-track returns on their investment that directly impact on the bottom line.
It is only in recent years however that the software industry has finally been able to deliver the right tools at the right price and turn this concept into everyday practice. At the forefront of this development, WeDO offers both professional services and business consulting. Our business assurance platform, RAID, allows us to design and configure solutions to meet the specific needs of our more than 100 customers’ requirements and business processes. Currently, 7 out of 10 of the largest mobile CSPs in the world are WeDo’s customers.
2. Most of us reading will have a basic awareness of telephone fraud – i.e. tricking a call box into giving out coins or letting me call America for free. But nowadays, what constitutes ‘fraud’ in the context of the mobile industry?
It’s true that consumers might understand telephone fraud as simply jacking a call box, or tricking it to make long distance calls. However, fraud in the telecoms sector is a lot more sophisticated and varied than that – and is often conducted by highly organised groups of professional fraudsters who operate their own businesses and need to “service” their own customers.
Their business model for committing fraud spans all types of technology and crosses international boundaries, and has traditionally relied heavily on the CSPs’ inability to respond and recover in a timely manner.
Frauds can be launched using a variety of different methods – through the SIM card for example, stealing the identity of a mobile phone or hacking into the network, via the mobile subscription, through SMS and MMS schemes, voicemail, roaming, m-commerce and other new technological advances such as M2M and NFC.
3. Just how big a problem is fraud? Is it really an issue?
Fraud is a huge issue, not just for fixed or mobile operators but for all types of businesses. Fraud and revenue loss costs billions of dollars every year having steadily climbed over the years with no signs of abating – in fact all signs point to it being on the increase. Fraudsters were previously considered to be ‟opportunists‟, but experience shows they are now “business men” seeking out their prey by targeting specific CSPs or services that provide the greatest revenue return but at a substantial cost to the CSP.
Unfortunately for operators, the odds of being successful heavily favour the fraudsters as they know and determine exactly when the fraud hit will take place, and as the number of products and services in the telecoms and mobile worlds increase, offering new revenue streams, they are also opening up new ways for criminals to exploit them for ill gotten gain.
Fraud loss is not something that is recoverable – it is not like a revenue leakage issue that can be corrected or easily recovered from once detected. Fraud is a continuous battle with ever changing rules of engagement, and therefore effective fraud management requires a specific mindset, approach and strategy. Companies have to be savvy to this, employing fraud management and revenue assurance considerations to all their planning, ensuring they have best-of-breed fraud and RA (“revenue assurance”) solutions to detect frauds and irregularities in their network and curtail the damage. Those who don’t will pay the price in their margins.
4. Who is behind the fraud? Are they typically organised gangs or enterprising individuals?
Who is behind fraud varies between the industry and the market in which they operate. It’s very varied. In retail it can be an individual heading into the store and tampering with clothing tags and trying to move goods out of the store for example.
In telecoms however, fraudsters are typically well organised groups that are very knowledgeable about technology and networks. They need this level of understanding to launch attacks, as it is quite a sophisticated thing to do. They are very professional in what they do – so operators need to be at the top of their game to defeat them.
5. What sorts of fraud problems do new technologies like NFC and M2M throw into the mix?
Newer technologies like NFC and M2M can throw up a number of challenges for operators in terms of fraud and RA. A new range of M2M devices and the resulting end-to-end services will span consumer electronics, business enterprise, automotive, industrial/utilities and medical industries. The demand and requirements for this progression will ultimately result in more third party deals with strategic partners, and that in itself is a security risk. Are they trusted third party providers? Remote and unguarded locations, and a lack of M2M device control once deployed, could also pose fraud and revenue loss problems for operators.
When the billing model approach is different from a traditional SIM contract and M2M usage is not controlled or monitored until something actually goes wrong, then the threat of fraud going undetected and unstopped rises.
The problem with NFC is that it makes the interaction as simple as possible, without recourse to security measures such as PIN codes etc. Users just touch or pass very closely by an object to get or transfer the information.
This means the concept is open to a number of social and technical frauds and risks. Today the distance that the signal can be transferred is measured in centimetres, but it will increase. This is already being seen with chip based passports, where groups are attacking the technology to steal identity with a lot of success. Software is available on the Web to do this now and this uses the same RFID technology.
If you can steal an identity from a passport, you can also steal an identity from a mobile phone, and you can use that identity to purchase goods for resale.
Other threats exist in the form of malware and viruses, or even radio frequency interference, all causing RFID to malfunction resulting in revenue loss.
6. How do you fix the problem for your customers?
The battle against fraudsters will never be entirely won due to the fast moving telecoms environment and the drive to launch more complex products and services quickly to attract market share and maintain a competitive advantage.
This will always lead to procedural weaknesses and technical risks being introduced which fraudsters will seize upon at the earliest opportunity to keep their fraudulent “business” activities operational and profits high.
However, CSPs can deploy various defence mechanisms to mitigate against losses and ensure fast detection by ensuring processes are continually reviewed, staff are educated in new fraud trends, new products and services are assessed for fraud and security weaknesses and state of the art technology is used to quickly raise alerts for suspect activity. What is needed is a balanced approach that takes into consideration technology, people and processes working together and supported by executive level management to create an effective fraud strategy. This will enable effective defence mechanisms to be deployed in the right places at the right time.
7. Where do we find out more? Whitepaper? More information on the site?
If you visit our own site — or the site of our business consultancy division — you can find out more information about what we do and the areas of fraud management and revenue assurance. We have published a number of whitepapers on topics from increasing profits operations and management and telecoms fraud management to more specific looks at smart metering and embedded mobile (M2M).
– WeDo Technologies Publishes Best Practice for M2M Fraud Protection and Security
– How Mature is Fraud and Revenue Assurance industry now?
8. What are the biggest telecom frauds?
International revenue share fraud cost the global telecoms industry a few billion last year. It’s a very sensitive area that must be approached in a sensible way. Fraudsters racked up this sum by generating high volumes of calls to premium rate numbers, or countries with high termination rates. A premium rate number fraud typically involves web-based resellers of high-value international numbers.
Fraudsters acquire the numbers and then generate high volumes of calls to the numbers in order to ramp up their share of the revenues created. We predict that the issue could get worse as operators transition to all-IP networks. The pending risk makes it all the more important that operators’ fraud management systems are closely integrated with revenue assurance setups and can adapt to rapidly changing attack scenarios.
9. Which regions are specifically suffering from these frauds?
All regions of the world suffer from fraud. It’s a global problem and very difficult to pick out areas where it’s particularly bad. A common trend is that frauds are perpetrated from countries that don’t have so many formal extradition deals, from smaller island jurisdictions or from countries that are not internationally recognised. Many frauds are perpetrated from the developing world countries against networks in more developed countries. But that isn’t gospel – it’s a hard question to answer. If you have the knowhow you can perpetrate frauds.
– – – – –
Thank you for taking the time Sergio!
I’m aiming to meet with WeDo Technologies soon to see if I can capture them on camera.