Podcast Audio Transcript
Alisha: Hello listeners, this is Alisha; thank you for tuning in to yet another exciting and informative podcast from us at Infosys BPM. Today, we are discussing the very concerning area of fraud risk in telecommunications. And to talk about this, we have here with us, Anand Chandrashaker, Sr. Domain Principal - BPM Analytics. Welcome Anand. How are you?
Anand: Thanks you, Alisha. It’s great to be here. How are you doing yourself?
Alisha: I’m doing well too. Thanks for asking. Anand, as digitization is bringing transformative changes across the industry, what are key trends with respect to security and fraud mitigation in telecommunications, especially during the pandemic time?
Anand: Fraud is a top priority for our Telco clients. We are seeing large spikes in network traffic as countries impose restrictions on movements and people spend more time in online meetings and calls, schools running online classes and everyone using telecom network for daily wants – be it banking, or for entertainment using streaming services or shopping on e-commerce platforms.
While Telcos have largely benefitted due to the surge in data and voice volumes, at the same time, the cost due to fraud has also increased. The pandemic has given more opportunities to fraudsters to exploit vulnerabilities in telecom services especially due to reduced KYC checks on customers. We are seeing two major trends when it comes to typical fraud scenarios in telecom –
The 1st is there is a big rise in people using fake and synthetic identities to procure connectivity to use content services – with no intention to pay.
The 2nd is that fraudsters are using practices such as social engineering to lure people through text messages and phone calls from purportedly official sources in order to extract their mobile wallets or banking information. This is again due to increasing online transactions and mobile wallets usage during pandemic.
These big trends are here to stay – even after we have the Covid situation under full control.
Alisha: Indeed, those trends are quite alarming. Anand, we are looking at accelerated growth in telecom, not only through the traditional channels of voice and SMS, but more through 5G roll-out and e-SIM cards. Does this present greater challenges for telcos?
Anand: There is a tremendous growth in data and now that 5G is being rolled out, I would say that it has its own new challenges. However Telcos are seeing newer types of risks – those that are associated with electronic-SIM cards (eSIMs) and IoT (internet of things).
As we know e-SIM has the same function as a physical SIM but it is embedded into the device. Although this makes the device more secure from SIM Cloning or Theft it is still prone to malware and social engineering attacks. The massive scale at which devices are getting connected, is giving more & more opportunities to scammers to launch denial of services attacks (distributed Denial of service – DdoS), steal credentials and mis-use devices for criminal activities.
It also seems that infiltrating the subscriber identities and credentials electronically is much easier for fraudsters to do than physical theft or cloning. There are incidents where users are deceived into switching to electronic-SIMs by filling in an online forms to provide their personal details. Some people are also duped into exposing their secret questions and answers to these fraudsters. On getting such information, Fraudsters activate these e-SIMs on their handset and get One time passwords to operate bank accounts and buy things fraudulently over the internet.
In contrast to the traditional fraud schemes run by fraudsters – where they were abusing the telecom network, now fraudsters are more focussed on defrauding the customers that have everything on their handsets – right from the money in banks to personal information stored on various e-com apps.
Alisha: That’s shocking how fraudsters are able to find new ways to scam genuine users.
So, essentially users need to be very careful with their data. What kind of fraud risk mitigation strategies or technologies do you recommend to your clients?
Anand: In order to help our clients prepare for fraud at the new scale, we recommend 3 main strategies.
First – we recommend that clients (the Telecom operators) to move their focus upstream – that means they must try to upgrade their KYC processes to reduce incidents of identity theft and thereby prevent fraudsters’ entry into their network.
As a second level check, we recommend that they to run fraud analytics algorithms on data that is available from multiple channels. Any additional information not captured as part of their current fraud processes – say subscriber location, credit reports, devices used, services opted for or service requests, behaviour on roaming or at home location – these transactions must be triangulated and looked into as a whole and in conjunction with fraud scenarios.
Third – we recommend that Telecom companies also automate their fraud function as much as they can. Automatic monitoring helps crunch the overall fraud run time and hence limits the potential for revenue loss.
Alisha: I agree, these are very important recommendations. Could you give your experience related to any ongoing projects or pending implementations in fraud mitigation?
Anand: We are currently engaged at different levels with our clients. The most recent example is for one of our clients in the US where we are helping them automate their identity theft process. ID Theft is a big challenge – not just in Telecom but across industries. Older adults and children are more likely to be victims of identity theft.
Fraudsters actively make dishonest applications using false information, or genuine but stolen information from the dark web. These applications help them obtain post-paid subscriptions to an operator's telecom services or content services in recent times. Sometimes the problem is compounded when the KYC process is split by different products, systems and teams. When companies use different technologies to handle ID theft cases, this makes them operationally inefficient and increases their vulnerability to fraud.
This is where we are helping our clients digitize and automate their ID Theft process. Referring back to the example I mentioned, we are looking at smarter ways to automate the capture of information to report ID theft so the effort & time taken to validate this info and deactivate the subscription is greatly improved. We are bringing together Technology, People and Process under one umbrella to combat fraud. This will improve their operational processes and increase efficiency of their fraud management function.
Alisha: That was a very eye-opening discussion we had, Anand. I am going to make sure to watch out for any fraudulent activity on my subscriptions. Thank you so much for taking time to give us these insights.
Anand: Thank you. It was indeed a pleasure.
Alisha: Dear listeners, if you enjoyed our podcast today, please don’t forget to share and like it on social media. Our social handles are mentioned in the podcast page. The podcast will be available on various platforms like Google Podcasts and Spotify, in addition to our website.
Also, if you have any queries, do reach out to us through the email address on the podcast description. Watch this space for more exciting podcasts coming up. Once again, thank you for tuning in, stay healthy and socially distanced. Have a nice day!