Latin America is an active participant in creating this growing demand for mobile data. 4G penetration will reach 35% in 2017 and is forecast to reach more than 90% penetration rate by 2022. While all this data is unleashing a new wave of opportunities for businesses and people around the world, it also creates a new wave of opportunities for fraud and risk. The most recent CFCA Fraud Survey estimates that CSP fraud losses reach approximately $38.1 billion (USD) per year.
The impact of digital transformation is increasingly prevalent in our day-to-day lives. As smartphone penetration increases, video streaming escalates and everyday appliances become ‘connected devices’, the promise of digital transformation is now becoming a reality. According to GSMA Intelligence, the 4G adoption rate in Latin America grew at more than twice the global average growth rate in 2016. It then becomes increasingly crucial for communications service providers (CSPs) in the region to assess their fraud management and security for today’s digital requirements, says João Resende, CTO, WeDo Technologies.
As research firm IDC points out, as everyone – and everything – becomes connected, a new digital universe is being created. They state that like the physical universe, the digital universe is large – by 2020 containing nearly as many digital bits as there are stars in the universe. It is doubling in size every two years, and by 2020 the digital universe – the data we create annually – will reach 44 zettabytes, or 44 trillion gigabytes. While not all of this is mobile data, a growing percentage is. According to TNW, mobile connections across the globe have skyrocketed over the past five years – growing by a whopping 2.2 billion since 2012. This means an increase of almost 14 new mobile subscriptions every second.
Latin America is an active participant in creating this growing demand for mobile data. 4G penetration will reach 35% in 2017 and is forecast to reach more than 90% penetration rate by 2022. While all this data is unleashing a new wave of opportunities for businesses and people around the world, it also creates a new wave of opportunities for fraud and risk. The most recent CFCA Fraud Survey estimates that CSP fraud losses reach approximately US$38.1 billion (USD) per year.
The need for fraud management and security to come together with millions of these new smart devices coming into the market every month - everything from connected cars and machinery, to office copiers, watches, TVs and, even refrigerators - the rush to meet demand has meant security has taken a back seat. Without the ability to install, let alone update security software, these billions of ‘things’ could be commandeered to wreak all types of havoc – creating a futuristic Trojan horse. We saw this exact scenario play out at the end of last year, when everyday appliances such as DVRs and webcams were used to mount a distributed denial of service attack (DDoS) that led to the disruption of Twitter, PayPal, AirBnB, Amazon.com and Netflix to name only a few. And while the impact of losing access to Netflix may seem more of a nuisance, attackers are using DDoS to slow down the response to the real issue, which is the fraud that is actually taking place.
In fact, DDoS attacks are typically just the first sign of bigger fraud problems to come. Can you imagine a CCTV camera or a refrigerator making calls to a premium rate number service? Yes, your fridge is low on milk, but instead of communicating with the grocery store, it is making calls to a hotline at US$0.60 per minute, allowing fraudsters to collect the money on the other side. Needless to say, fraudsters are nothing if not deceptively creative. In the U.S. there is a new cramming scam where the caller asks, “Can y ou hear me?” The person rep lies “Yes”. Their voice signature is recorded, and can later be used by the scammers to pretend to be the consumer and authorize fraudulent charges via telephone.
While finding ways to improve security to prevent these attacks is important, it will never be enough. Creating tighter security is just the first layer of protection. What happens when the fraudsters break through? In an IoT world, with so many new devices creating so many potential points of failure, this is not just a risk, it is inevitable. If it doesn’t hap p en today, chances are it will happen tomorrow. After all, the end game for hackers and fraudsters doesn’t stop at just breaking into a CCTV camera or another device – it’s the damage they do once they gain access that is the real problem, but first you need to be able to find it. That is why the 2nd layer of protection is even more important - fraud management.
Forrester ominously predicted that 2017 would be the year of the hack, and with the widespread WannaCry ransomware attack in May 2017 and the more recent NotPetya malware attack the following month, IoT security and fraud management must come together to address this risk.
Closing the Chasm
There are software systems designed to ferret out and stop fraud before it becomes too pervasive, but the fraud management systems of a decade ago simply can’t address the capabilities that are essential to enable the automated analysis of the large volumes of data we must manage today, along with a multitude of new services and devices. The arrival of Voice over LTE (VoLTE), for example, means mobile calls are even more exposed to fraud because signaling is implemented in the mobile operating system instead of the mobilebased broadband network, as it is for 2G/3G telephony. Many of these vulnerabilities can then be exploited remotely through mobile malware to profit fraudsters.
Among the missing capabilities of decade old fraud management systems are:
• Machine learning
• Self-service analytics
• Processing capabilities for Hadoop
• Visual interfaces that help make sense of data in real-time
All of these capabilities are required to fully handle the complexity of a multinetwork, multi-service infrastructure that is continually changing its functions. The technology needed to support fraud management operations has changed significantly, with an increased reliance on business intelligence (BI) and analytics as a means for uncovering and identifying fraud. A connected farm, for example, is expected to generate an average 4.1 million data points per day in 2050, up from 190,000 in 2014, according to OnFarm.
This reiterates the scale that fraud management systems now need to be able to manage – and the challenge whereby any one of those 4.1 million data points could be conducting fraudulent activity. It is in this environment, where CSPs need to rapidly add new data sources, such as risky IP feeds, for fraud detection to be performed and data scientists to model data through advanced analytics, to go beyond traditional rule-based fraud detection. Where traditional rule-based fraud detection is effective for detecting simple, fixed, known patterns, such as validating black lists from fraudsters, machine learning technology can identify unusual patterns and correlations from disparate data sources, making it faster and more efficient.
Machine learning algorithms can also be used to target more complex risks, including those known and foreseeing new risks, which will enable CSPs to quickly identify and react to different threats as they arise. CSPs can further advance fraud management by visualizing the verification results based on a series of factors, such as social network activities. CSPs that have the tools in place to manage and leverage big data will be able to mitigate against future fraud risks and other types of security threats. And fraud reduction isn’t the only benefit.
It’s predicted that by 2020, organizations that analyze all relevant data and deliver actionable information will achieve an extra US$430 Billion in productivity gains over their less analytically oriented peers. CSPs can leverage the analytics that power fraud management to generate useful business insights for marketing, network planning and operations and service assurance.
Call to Arms
As service providers embark on their digital transformation projects, they need to be mindful that chances are, their fraud management systems are also ready for an update. In order to successfully mitigate the rising number of risks in today ’s IP networks, Fraud Management systems should work seamlessly with security protection to constantly monitor information across an organization, watch for unusual trends and identify fraud before it happens. That way, when security is breached, the Fraud Management system will be able to follow its path and identify patterns that reveal hidden relationships and suspicious movements and minimize any potential damage. Taking a unified approach to fraud, compliance and security provides the extra layer of protection, enabling companies to protect their customers, their business and their reputations. As the digital transformation continues to accelerate, the time is now for CSPs to signal a “call to arms” in how to secure and protect their networks from the growing risk of fraud.
Originally published in Connect-World