James Stewart, fraud product manager at MACH, discusses the threats that operators face and how to combat them.
Eurocomms.com: What are the major fraud threats that operators need to look out for in 2013?
James Stewart: The move towards the adoption of next generation communications technology presents tremendous new opportunities for fraudsters.
Traditional SIM box, IRSF, premium rate number, subscription, roaming and dealer fraud techniques will be further complicated by next generation fraud and malware issues including VoIP fraud, viruses, phishing attacks and identity theft, which have previously been more specifically related to the world of fixed broadband.
These issues will become increasingly prevalent in the wireless sector as more 4G/LTE generation mobile services are rolled out.
There will also be a growing trend towards increasingly sophisticated malware attacks on smartphones and tablet devices.
Mobile apps represent a likely source of such attacks. Cybercriminals can post infected applications to less well-policed app stores, attempting to lure trusting users into downloading rogue applications.
Cybercriminals are also able to find ways to get their applications posted in authorised application stores. Infections can easily spread beyond the smartphone into a corporate network.
The list of potential issues goes on, including IPV6 vulnerabilities, VoIP fraud and IP Signalling attacks, WiFi offload authentication issues, social engineering and of course M2M and M-commerce service attacks.
Where do operators need to concentrate their efforts to reduce their exposure to fraud?
Operators in Europe are more advanced and more successful in their treatment of fraud than those in other parts of the world.
However, fraud still remains a major problem. The emphasis now falls upon speed and efficiency.
Speed of detection is critical. Organised fraud takes some effort and even investment for the fraudster to be successful. They will target operators that they believe can give them the best return on their efforts.
If an operator gains a reputation for a rapid response to fraud, then the fraudster’s window of opportunity is small and they will be inclined to target other operators.
Speed of detection is improved through the effective sharing of intelligence. Operators now put much more effort into sharing information between themselves (without breaching subscriber privacy) and using intelligence to identify fraud more quickly.
Fraud departments must also consider how they continue to offer their best protection under a regime that is cutting budgets and resources.
A fraud department that has been successful (or lucky), such that the operator no longer suffers high losses, may be the target of resource reduction, exposing the operator to a new wave of fraud in the future.
So fraud departments must be highly efficient. In many cases, fraud and revenue assurance (RA) departments have combined. Back-end systems for delivering data to fraud and RA can be shared and there are even commonalities in the back-end processing of data.
However, the treatment of fraud and RA is different, so fraud and RA analysts have to be provided with different tools and reports that focus on their specific domains.
Fraud systems offer a high degree of automation, and operators should use the workflows and automation that can be made available to them to off-load action relating to simpler fraud scenarios, allowing them to focus their human skills on the frauds that require a greater degree of human case management to resolve.
Fraud departments must also prepare themselves for new services and technologies such as LTE, which present new challenges in areas such as combining data from different sources and the complexities of identity management, which are particularly important in next generation networks.
Aside from lost revenues, in what other ways can operators be affected by fraud?
With operator margins under great pressure, it is not surprising that a significant fraud incident could have a dramatic impact on short-term profitability and therefore be brought to the attention of investors and the media, with a serious impact on the operator’s brand image.
There have been fraud cases publicised by the media, which have been very damaging to operator reputations.
Even share prices can be affected, if an operator is thought to be careless, inefficient and generally sloppy with regard to protecting themselves and their customers.
Operators must also work with partners, content providers and other third parties; a poor reputation with regard to fraud and security will undermine these relationships.
It may even increase the cost of those relationships if partners/providers believe they need to better protect themselves as a result of vulnerability from an operator.
Operators that have a good track record with respect to fraud and security are more secure partners, which makes them preferred.
Fraud is not always directly motivated by money. Attacks may be motivated by:
- Revenge (against the operator, or targeted at subscribers)
- Publicity for the fraudster
- Blackmail (ultimately with financial or other objectives)
- Theft of information from subscribers (such as identity information which can be sold on to other criminal parties).
What more advances can we expect from the vendor community in this area over the next 12 months?
Operators expect faster processing, with greater accuracy (fewer false alarms) and better ways of presenting cases to fraud analysts, so that cases can be acted upon quickly.
If a case requires a longer period of analysis, the case manager workflow ensures critical case milestones are met on time. Cases must be appropriately escalated as situations develop.
This functionality, is visible via the user interface, has to be supported by systems that are fast and capable of handling enormous volumes of data, correlating data from multiple sources to deliver real-time information to the analyst.
In-memory computing facilitates these advances, making it possible to reach the goal of real-time fraud management.
Systems can be used to evaluate a call attempt even before it is connected, so that fraud can be prevented, rather than detected after the event.