According to the CFCA, the top five methods for committing fraud last year were:
Each of these areas represents significant losses to operators and their subscribers. In addition, the fraud challenge is constantly changing. There is always something new on the horizon and as one exploit used by fraudsters is closed, a new threat emerges to take its place.
For Fraudsters, Complexity + New Technology = Opportunity
Identifying and stopping these types of fraud before big losses accrue can be difficult. As wireless technology becomes more complex, the types of fraud being perpetrated also grow more elaborate. It used to be that wireless networks were fairly ‘closed’ and threats to operators originated from local sources. Now, however, most operators are in the process of migrating to all IP networks, where hackers are able to gain access via the internet from half a world away. And today’s smart devices have higher processing capabilities and continuous connections to the internet, making them more vulnerable to attacks and malware.
Fraud is typically the result of weak internal risk management controls, which is often what happens when a new technology is introduced, such as LTE. Many departments in a wireless organization may be struggling to adapt to the new requirements and keep up with change, focused instead on their own silos of information and meeting their own KPIs.
These individual departments often can’t connect the dots to spot alarming trends and fraud scenarios. To effectively reduce fraud, the focus needs to move beyond the realm of the typical fraud department and become a larger corporate issue, where IT, billing, customer care and network security play a part. The entire organization needs to collaborate more closely, sharing information to help stop these new threats.
Managing Fraud in an MPLS Environment
Multiprotocol Label Switching (MPLS) is a standards-approved technology for accelerating network traffic and making it easier to manage. MPLS is the common backbone ‘cloud’ connecting today’s fixed and wireless networks, providing internet access at different points. The challenge for managing fraud in this environment is that it is always accessible.
Risks to customers and network infrastructure are typically low, but other systems or networks connected to the internet are more open to attack. Customer portals, for example, can often open a door for sensitive customer data to be stolen. And if these customer-facing portals are hacked, it is likely that more sensitive networks might be breached as well, enabling fraud and abuse within the operator itself. Network hacking is commonly used to commit International Revenue Share Fraud (IRSF), Service Reselling, Interconnect Fraud, and information theft, among others - and IP networks are ripe for attack.
Network Security and Fraud Management – a Critical Partnership
Although technology can make it easier to stop network security threats, no system is bulletproof. Whether it is botnets, spam, phishing, identity theft, denial of service attacks, advanced persistent threats, malware in general, or hidden backdoors for espionage or sabotage, no operator is 100 percent safe from an attack that can later lead to fraud. We believe that the best way to safeguard against fraud is to have security and fraud management teams working together.
Fraud Management and Network Security are commonly seen as two separate departments. Network security relies on information that might be a combination of reputational analysis, firewall logs, network packet data and more contextual information. This common network security information can be extremely valuable to any fraud management organization, used to determine if an actual attack or compromise has occurred. In a perfect world, security teams would have input into how new services are designed and offered, and would be warned of changes to the infrastructure. Unfortunately, this usually isn’t the case. Security departments are usually seen as service ‘inhibitors’ by the rest of the organization.
Taking an Enterprise-Wide Approach
Operators can take advantage of pairing fraud and security-related information and adopt an enterprise-wide case management approach built on collaboration. This can greatly improve fraud detection and prevention efforts and streamline fraud investigations.
This approach, along with a system capable of taking advantage of network status information, can help operators to spot fraud trends and ‘outliers’ more quickly, leading to more accurate and timely fraud detection and resolution. Tackling today’s fraud challenges requires a system that can leverage data from across the organization, collecting and correlating information to spot fraud and abuse before it ever happens, or at least before the losses accumulate and subscribers lose confidence in their wireless providers’ ability to protect their accounts.
Just when you think you have one fraud problem solved, another one will pop up in its place. There will always be some new fraud challenge to battle. It really comes down to having the right systems and business practices in place – one that pairs both Fraud and Security information, to help stop fraud in its tracks.