In October 2017 the CFCA (Communications Fraud Control Association) released its latest industry fraud survey, which has been run every two years since 2000. This Survey has given an indication on the size, scale and nature of fraud attacks. In the 2017 survey, the overall indicative figures showed that fraud losses for telecoms companies had reduced to 1.27% of revenue. However, this did not seem to resonate with the current general fraud market perceptions and media view.
If we look deeper into the statistics though within the CFCA survey, an explanation can be found.
The changing nature of fraud
Traditional telecoms fraud has been focused around the utilisation of services provided by the telco such as voice. Voice services used to be the focus of fraud attacks to gain international dialling access or propagate revenue from voice revenue share services.
However, this is now changing and international voice has dramatically reduced in cost and perceived value over the past few years, with the growth of IP based calling options and smartphone technology. The financial value of fraud has started to move towards both the consumer and mobile/ wireless environments.
Whilst IRSF Fraud (the main focus of voice services fraud) counts for just over USD 6 billion of revenue loss annually according to the survey, over USD 12 billion is being lost to consumer based fraud attacks such as subscription and account takeover.
The rise of consumer fraud
The real growing issue for Telecoms at the moment is the focus of fraud attacks against the consumer channel. This issue can be very complicated for telecoms, due to the fact that telecoms can be the target of the attack, method of attack, or source of attack.
With the growth of smartphone technology, there has been a rise in targeted fraud attacks in order to gain equipment for resale. High value handsets are obtained via subscription, application, identity and account takeover fraud. This is where genuine identities are stolen or utilised in order to open accounts, or the identities of existing accounts are obtained, and extra services added to the account without permission. Fraudsters manipulate the competitive market place, self-service and online portals, or limited security for existing accounts in order to obtain equipment that they can resell internationally for high value.
This type of fraud is on the rise as the value of equipment rises; in the past such attacks were considered as an acceptable part of sales, however this type of attack has become more prevalent and directed.
The highest growth in this area is around Account Takeover fraud, this is where an existing account of a customer is targeted. This growth is due to the fact that in highly competitive markets existing accounts are simpler to compromise and gain access to, due to the need to provide existing customers with simple and quick access to their accounts. This has allowed fraudsters to attack these weak points and access accounts and add new devices or equipment to the contract.
Account takeover has another benefit for a fraudster though, this turn is to target the customer account itself. Again, due to the rise of mobile technology and smartphone apps, many services now utilise the mobile phone as the contact point for verification, whether this is to receive a call to verify a transaction or a text message with a one-time passcode or authorisation code. The mobile account of a consumer has become fundamental as part of an authentication trail in many services such as banking. Fraudsters therefore target customers accounts in order not to defraud the telecoms company but actually target the consumer themselves in order to manipulate their financial or other services.
Dealing with the changing nature of fraud
So, although fraud losses within the telecom traditional space (voice) is reducing; growth is being felt in the equipment loss area. The real aspect is that fraud attack volume is growing (and we are seeing this across industries), but although the attacks are being carried out across the telecoms network, they are not overtly hitting the telecoms company bottom line, instead they are actually hitting the customer of the company.
Telecoms providers need to be able to understand the new nature of fraud and its impact not only to themselves in a pure physical financial sense, but also the wider impact on its consumers and their own brand if these consumers are being targeted.
This type of consumer impact and potential reputational risk, can have a greater financial influence in the long term for providers, than any internal physical loss, for direct traditional attacks. Providers need to realise that the simplified service capability provide also generates these risks, and adequate protection is needed to tackle these issues upfront in a preventative manner to avoid loss impacts.
About Jason Lane-Sellers
President of the Communications & Fraud Control Association
Jason Lane-Sellers is a highly experienced fraud and revenue assurance professional who has been working in the telecommunications industry for many years and is currently President and member of the Board of Directors of the CFCA (Communications Fraud Control Association), He was also previously the vice-chair of Fraud Intelligence subgroup of the GSMA Fraud Forum, and one of the team leaders of the Forum’s Fraud Management Group.
About CFCA
CFCA is a not-for-profit global educational association that is working to combat communications fraud. The mission of the CFCA is to be the premier international association for revenue assurance, loss prevention and fraud control through education and information. By promoting a close association among telecommunications fraud security personnel, CFCA serves as a forum and clearinghouse of information pertaining to the fraudulent use of communications services. For more information, visit CFCA at www.CFCA.org.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now