By: Katia Gonzales
Telecom fraud is skyrocketing globally, now marking one of the biggest sources of lost revenues for operators. Just how big is the problem? According to the Communications Fraud Control Association (CFCA), it represented nearly $30 billion globally last year. And across BICS’ own international carrier customer base, we blocked more than 38 million fraud call attempts in 2016, a 12 percent increase over 2015.
Why does this matter? In the digital era, operators are already struggling with extreme competition and subscribers’ growing reliance on OTT data services for everything from voice and messaging to video chat and streaming – all of which are eroding traditional voice and SMS revenues. And with more than two-thirds of fraud tied to international traffic, operators are facing the potential of further losses as mobility, globalization and roaming continue their upward trajectory.
Defining Fraud and Today’s Biggest Exploits
The definition of telecom fraud varies, depending on operators’ business and geographic locations, and as the threat landscape continues to evolve. Perpetrators can steal telecom services, misuse them to incur losses or defraud innocent subscribers, resulting in massive bills or the loss of personal data. This nefarious activity is exacerbated with highly interconnected 4G and 5G networks, making it possible for fraud to originate anywhere in the world.
But regardless of location, the negative impact is the same, with many operators losing as much as three percent of revenues to fraud, along with subscriber dissatisfaction and churn and a hit to their brand. And customers have to endure the undue stress associated with resolving inaccurate billing and the loss of money or personal information – not to mention the monumental breach of trust in the operator.
While there are many types of fraud permeating telecom services today, there are three main categories operators should be paying close attention to:
- Voice fraud – The most common – and financially painful – international fraud schemes are voice-based, generating illegal or abusive voice calls for profit and costing operators millions in revenue annually. International Revenue Share Fraud (IRSF) is one of the most widespread types, increasing six-fold since 2013, with measured losses growing from $1.8 billion to $10.76 billion. With IRSF, criminals gain access to operators’ networks and make repeated calls to premium rate numbers or international calls to destinations with high termination rates, racking up large bills for subscribers and forcing operators to pay out call termination charges, which scammers then get a share of.
- SMS fraud – This type of fraud exploits the fact that text messages sent internationally can be routed across multiple different routes to their destination, each with a different cost attached to it. Hackers are using unauthorized or even illegal “grey or black routes” to deliver the messages at the lowest possible cost, depriving operators of legitimate termination revenues. They also take control of operators’ SMS Centers and send malicious traffic all over the world, soliciting consumers to make calls to premium numbers. This traffic often contains viruses or other malware that infects the recipient’s phone.
- IPX and signaling fraud – Criminals are exploiting vulnerabilities in and between today’s networks, which interface with hundreds of other networks globally, to commit IPX and signaling fraud. In SS7 signaling fraud, which spreads quickly from operator to operator, criminals exploit signaling vulnerabilities during roaming and international calls to hijack a subscriber’s phone and send spam SMS messages to their contact list. Other attacks in this category gain access to roaming subscribers’ personal data, spy on user traffic and sell sensitive data to other criminals, while still others distribute malware to roamers. For example, often a mobile virus within an app appears normal to the user but is running activity in the background, sending huge amounts of data back to its host and causing users to inadvertently incur huge bills.
Telecom fraud will continue to increase in complexity and possibly in volume as operators tackle the growth of emerging industries like IoT, placing even more devices at risk of hacking, and more users at risk of having their personal data accessed, or falling victim to schemes.
Challenges to Stopping Borderless Telecom Fraud
The global reach of the internet and subscriber communications means telecom fraud can no be longer contained to a particular network or country. And changes in data roaming rules in an increasing number of regions are also opening new avenues for fraud. These dynamics are allowing fraud to spread outward quickly, infecting network after network like a virus with no borders – often within hours. And it’s difficult to combat for several key reasons:
- A lack of cross-border jurisdiction and cooperation hampers operators in fighting fraud
- Most fraud occurs during non-business hours, and even today, few operators have 24 X 7 operational models in place
- Apart from a limited number of industry forums and regional operator groups, there is no centralized platform to share objective and proven fraud intelligence
- Roaming is now a preferred vehicle for fraud, because it introduces delays in detection that can last anywhere from four hours to three days, until reconciliation takes place
As a result of these obstacles, the cost of trying to block fraud and identify the perpetrators has often exceeded the cost of writing off the loss. But this reactive approach where operators defensively spend millions to ‘limit the losses’ after being hit with an attack is no longer viable since they’re already facing revenue erosion and intense pricing, services and loyalty battles for today’s data-driven subscriber.
We also know that scammers are highly organized, based on the scale and globalization of fraud. And in order to confront it, operators won’t be best served going after it alone. There is strength in numbers, and in the case of fraud, providers will need to put competition aside in favor of a more proactive and collaborative approach that includes crowdsourcing information across global operator networks to share information about the latest threats in real time with their peers.
In our hyper-connected world, the urgency of telecom fraud can’t be overstated.
It’s a complex problem that is always morphing as mobility and international reach lead to new vulnerabilities and exploitable threat vectors. In order to thrive in this new digital era, operators must begin to more pre-emptively combat fraud and embrace a – perhaps somewhat unfamiliar – culture of cooperation and openness to protect their customers and their bottom line.
Katia heads up fraud prevention at global wholesale carrier BICS. She also chairs the i3forum Fraud Group, a non-profit which brings together the communications expertise of more than 40 telecom providers that collectively serve over 1.5 billion customers across 100+ countries.