Fraud detection and prevention in the telecom industry
As soon as telecom fraud is taken care of by the risk management systems, they evolve to a more sophisticated level, with higher risks to telecom organisations. In such scenarios, companies that do not integrate fraud detection and prevention systems in their architecture often face considerable losses in revenue and subscriber base. Given the cut-throat competition and razor-thin margins, any losses due to fraud can impact telecom companies on multiple levels.
Large telecom companies that resell their services and network to smaller operators are more susceptible to frauds, which are harder to trace. However, telecom operators need to tackle these unique scams head on by being aware of the possible types of frauds conducted in the telecom industry.
Types of fraud in the telecommunications industry
Telecom fraud can be divided into three broad target categories:
- To defraud subscribers
- To defraud telecom service providers
- General phone fraud
Let’s take a look at the different types of telecom frauds.
- International revenue sharing fraud (IRSF):
- Interconnect bypass fraud (SIM box fraud):
- Telecom arbitrage fraud:
- PBX hacking:
- Traffic pumping (access stimulation):
- Deposit fraud:
- Subscription fraud:
- Smishing/SMS phishing:
- Wangiri fraud:
- SIM jacking/SIM swapping:
Fraudsters lease a premium phone number and make calls on it from a business’ phone system, which they have hacked into. The company has to bear the astronomical call rates (as high as $1 a minute), part of which goes into the fraudster’s pocket through the revenue sharing mechanism that charges commission to the company that rented a premium number from the IPRN (for driving callers to the number), as well as commission to the owners of premium rate numbers to receive part of the call revenue in their monthly invoicing services or real-time phone crediting systems.
Fraudsters buy a SIM card of a local carrier and re-route the international calls using a SIM box or a GSM gateway. This enables them to make long-distance calls at a cheaper rate while the money goes out of the pocket of the telcos.
The loss caused by this fraud depends on the price differences between countries for international calls. Fraudulent companies insert themselves between two operators. They claim to be calling directly from one country but are redirecting the calls through another country with cheaper call rates.
Private Branch Exchange (PBX) is a company’s internal network that connects to an external phone network. This helps the company share lines and reduce the numbers. Since the PBX is IP based, it becomes a target for hackers who log in and use it.
It happens when local/rural exchanges pump up the number of calls to their networks to benefit from the compensation fee set up by the US FCC. Under the Telecommunications Act of 1996, larger telcos have to pay a fee to the rural carriers.
Fraudsters buy prepaid SIM cards, smartphones, and routers from telcos’ online store using a stolen credit card. The telcos lose money because they are responsible for issuing the chargebacks under the guarantee they offer. This could also lead to a large number of false positives.
Contract phones come with a monthly rent subscription. The user pays an agreed amount every month that covers the cost of the phone, which means one can enjoy the new device without paying the whole amount at once. In subscription fraud, fraudsters submit fake IDs and credit card details acquired via phishing, dark web, or ID mules for high-end smartphones. The fraudster can either get the phone delivered to an address (not tied to their real identity) or pick it up from the store, which is much easier.
This is based on sending mass SMSes and relying on people giving up their personal information in return. While telcos don’t bear the brunt of damages caused by smishing, they don’t want to be an accomplice to such acts.
This happens when a fraudster gives a missed call on your number and you call back believing that you missed an important call. The call you make usually goes through a high-cost destination that the fraudster controls.
Using this tactic, a fraudster can highjack a customer’s SIM card and use the number to call the telco’s customer care service. They ask the customer care team to transfer the service to another number that they control. This gives them access to the customer’s OTPs and SMS verification details.
For organisations on the digital transformation journey, agility is key in responding to a rapidly changing technology and business landscape. Now more than ever, it is crucial to deliver and exceed on organisational expectations with a robust digital mindset backed by innovation. Enabling businesses to sense, learn, respond, and evolve like a living organism, will be imperative for business excellence going forward. A comprehensive, yet modular suite of services is doing exactly that. Equipping organisations with intuitive decision-making automatically at scale, actionable insights based on real-time solutions, anytime/anywhere experience, and in-depth data visibility across functions leading to hyper-productivity, Live Enterprise is building connected organisations that are innovating collaboratively for the future.
How can Infosys BPM help?
Infosys BPM helps global telecom service providers detect and deal with complex frauds by leveraging the following services:
- Fraud analytics:
- Assessment and automation services:
- Investigation support and tracking:
Real-time analytics to protect revenue against activities such as spamming, PBX hacking, false disputes, identity theft, and more.
Actionable insights to refine existing fraud controls using automation, due diligence, risk book development, and maturity assessment.
24 x 7 support and tracking, including fraud process reviews, monitoring, investigation, action, efficiency and coverage improvement, and knowledge management.