Building a Better Mousetrap for Telco Fraud Detection Begins with Data Monetization, Strong Analytics

Over the last three years, the telecommunications industry has experienced a significant rise in fraud incidents. In recent months, a major wireless provider disclosed that personal data of millions of its customers — including Social Security numbers and passcodes — were found on the dark web, the latest example of an escalating problem.

Experts believe that the telco industry has become a more attractive target for fraudsters compared to industries like financial services and healthcare, which have stepped up fraud-mitigation efforts in the wake of the pandemic. The increasing level of sophistication of the perpetrators and the ingenuity in executing such fraud schemes have only added fuel to the flames, widening the threat typologies and fraud-risk taxonomies telcos face. The criminals — some believed to be state-sponsored or part of sophisticated and well-funded organized crime rings — tend to pursue sectors they consider to be among the slowest-running gazelles.

Consequences of rising telco fraud include the following:

• Telcos are reporting significant financial losses and diverting substantial resources to combat threats.
• Intangible ramifications are well-felt, as their clients (individual customers and businesses) are suffering reputational damage due to unauthorized access to their confidential information.
• There is increased pressure on telcos to enhance security and privacy measures as regulators push new rules to hold carriers and operators more accountable for preventable losses. Read more about this in the regulation section below.
• Investments in fraud-detection technologies are on the rise, but they continue to play catchup to the ever-changing methods (such as traditional social-engineering tricks) fraudsters use.

The bottom line: What the industry needs more than anything else is strong data analytics to combat fraud and abuse.

Unmasking telco fraud: SIM swaps and more

According to the Communications Fraud Control Association (CFCA), the global telecommunications industry reported an estimated $38.95 billion in fraud losses in 2023, a 12% increase over 2021.

By the numbers:

• Last year’s losses represent 2.5% of global industry revenues, according to the CFCA survey.
• Of the various fraud methods analyzed, subscription (application) fraud, credit-mule fraud, PBX fraud, account takeover, and service and equipment abuse accounted for 51% of the total reported fraud issues.
• Most revealing, 42% of the top 10 fraud methods related to telecommunication account manipulation rather than technological methods (such as spoofing, callback schemes and vishing, SMS phishing and pharming, subscription fraud, and IP PBX hacking).

Among the various account manipulation schemes, SIM swapping has recently emerged as one of the most serious threats (financially and reputationally) to individuals and businesses alike.

How it works: SIM swapping involves cybercriminals using crafty methods, such as social-engineering techniques, to commandeer a victim’s mobile device with the intent of gaining unauthorized access to sensitive accounts and valuable data:

• Attackers often convince a mobile carrier to transfer a victim’s phone number to a SIM card.
• Sometimes, fraudsters can hijack customers’ SIMs using compromised account credentials purchased through dark web marketplaces.
• The criminals can then intercept two-factor authentication codes, gaining access to email accounts, bank accounts and payment or cryptocurrency wallets.

Any random person can be a target, but individuals known to hold substantial cryptocurrency assets are particularly attractive, as are influential people with high-profile social media accounts and business leaders with access to sensitive business information.

The resulting financial impact extends beyond targeted individual victims to mobile-network operators, as well as banks, credit card companies, payment processors or platforms, and other financial institutions that are often on the hook for their customers’ losses.

New regulations will force change — but they don’t equal security

The current fraud environment requires telcos to stay updated on laws and regulations. For example, in November 2023, the Federal Communications Commission adopted new rules to protect cell phone users from SIM swapping and port-out fraud:

• Under the rules, wireless providers are required to update their secure authentication methods to accommodate a broad spectrum of customers, including those who are without data-enabled devices, have disabilities or possess low technology literacy.
• The compliance date for this rule is June 8, 2024.

The mounting regulatory pressure and related liability shift will no doubt incent change within the telecom industry. However, telcos cannot wait for regulations to catch up with them:

• They must assess their current fraud controls and capabilities.
• They need to build or enhance infrastructures and processes designed to evaluate, mitigate and monitor fraud risks regularly.
• Methods of identifying fraud must evolve in lockstep with the growing sophistication of the perpetrators.

The bottom line is, regulatory compliance alone should not be viewed as anything more than a minimum passing grade given that the ramifications of fraud often transcend the cost of noncompliance. Also, compliance does not equal security.

Leveraging technology, data and advanced analytics

Data is an enterprise asset. Combining it with technology and advanced analytics, organizations can use this powerful trifecta to enhance their fraud risk-management programs, particularly early detection and prevention capabilities. Some newer tools (enabled by artificial intelligence) and novel technologies provide advanced anomaly detection and outlier analysis in real time.

Take wireless account takeovers as an example:

• Upon account compromise, the fraudsters change the address and request expensive equipment upgrades on behalf of (and unbeknownst to) the account owner.
• Stopping this fraud requires monetization of metadata (which telcos collect or have at their disposal), coupled with tools that can be leveraged to verify whether an account activity is legitimate and in line with past customer behavior.

Sifting through existing data or metadata, such as device profiles, in-session dynamics and user behaviors, the anomaly-detection tools can analyze pattern breakages and unusual changes to activities like log-in time, device settings, profile changes and upgrade requests.

Since it is critical that these tools be able to provide real-time or near real-time decisioning and intelligence augmentation, the data (in all its forms — structured, semistructured or unstructured) must be comprehensive and accurate. Herein lies a major challenge many telcos face: being able to identify and harness key data assets and link data sources to obtain a holistic view of customer behavior while ensuring that the data is consumable and of high quality, complete, timely, relatable, centralized and retrievable.

In other words, companies cannot extract valuable insights to drive intelligence and make informed decisions on fraud prevention without proper data distillation and advanced analytics.

What telcos can do now

Telcos can build a better mousetrap for detection of fraud and abuse by taking a comprehensive approach that involves the following:

• Data management and monetization — improving business process and insights with information strategy, architecture and governance to achieve a single source of truth. This means assessing the quality, completeness and characteristics of data available, and distinguishing between relevant and irrelevant information (i.e., which data is signal-bearing and which is noise).
• Predictive analytics — applying logic, business rules, algorithms, statistical and machine learning and AI models, and analysis combined with industry-focused management to develop insights.
• Intelligent decision-making — leveraging augmented intelligence from insights to improve speed and quality of decision-making.
• Continuous monitoring — creating an automated and ongoing process to collect and analyze data to identify potential enterprise threat vectors and vulnerabilities, while establishing and incorporating a feedback loop to sharpen counterfraud and abuse-detection efforts.

Fighting fraud is often a game of cat and mouse. These days, however, the perpetrators are well-funded and often more agile and crafty than the businesses and law enforcement agencies that are pursuing them. Too often, businesses treat fraud prevention like a game of whack-a-mole, responding to incidents first and then focusing on damage control. This reactive, autopsy-based approach is no longer effective nor sustainable; with a comprehensive approach as outlined above, telcos will be able to think ahead to what the next move of these perpetrators will be and build a more resilient enterprise.