4. CFCA – Communications Fraud Control Assoc
The only real industry benchmark
– Running for over 12 years
Survey Details
– Last survey 2013
– Every 2 years
– 100+ participants, more wanted
– GSMA, FIINA & CFCA members (range of services)
– Next survey due for launch in next few days
4
10. Subscription & Dealer Issues?
Risk
Reward
In house and own retail checks
increased and developed but
impact limited by risk appetite
Sales
Pressure
Fraud risks driven by agent
circumvention or manipulation to
meet demands
Technology
New technology drives fraud
levels – e.g. iphone 6
Web
Sales
Internet sales on rise, increasing
automation, allowing remote
attack from fraudsters
Third Party
Third party channels developing
& Margins decreasing –
increasing the risk of dealer
related fraud
12. Issues and Causes
Pressure points in your organisation and market allowing ATO;
– Focus on Customer retention & Churn reduction
– Simplifying Customer Services (CS) processes – online self service
– Push for reductions in CS costs and ACHT
– Reliance on simplistic Knowledge Based Authentication (KBA)
Fraudsters manipulate these pressure points
– KBA, can be weak (ease of use) and simply compromised via social engineering
– Self service solutions – simple social engineering to compromise
– CS staff also liable to social engineering, based on sales & time pressures and
related financial incentive
– Less restrictions and checks in place on existing customer processes (compared
to new applications)
– Greater profit value for fraudsters (top offers for existing customers)
13. Typical Flow & Pressure Points
LOGISTICSAGENT
CRM
WWW
IVR
Social engineering, Screen process
scraping, IP attacks
Data Misuse
Process Abuse
Logistics Manipulation
14. CFCA Fraud Survey – Fraud Types
14
These
responses
highlight issues
with the survey
and
classification
16. IRSF - Numbering Misuse
• Unallocated numbers in national numbering plan are
‘hijacked’ by a transit carrier and routed to content service
• Common/recent examples: Somalia, Guinea
Hijacked
Unallocated
Ranges
• Numbers allocated to network operators are ‘hijacked’ by a
transit carrier as above
• Common/recent example: Bulgaria
Hijacked
Allocated ranges
• Number ranges sold by organisations or operators to third
parties for international content services
• Common/recent examples: Austria, Carribean
Allocated ranges
that are sold
17. Numbering Plan Issues – UK Example
+440XXXX
+441XXXX
+442XXXX
+443XXXX
+444XXXX
+446XXXX
+445XXXX
+447XXXX
+448XXXX
+449XXXX
unallocated
Fixed line – regional allocation
Fixed line – regional allocation
Fixed line & non geographic – not all active
unallocated
Special-Non geographic not all active
unallocated
Wireless – exceptions – e.g 4470XXX special PNS
Special - Free Phone – some rev share (870,875 etc)
Premium Rev share – PPM & PPC
21. Fraud Classification Model – TM Forum
• Why do we need an effective FM Classification Model?
Fraud Scenario Referred Fraud Types Statistics
“Fraudster generates a high volume of calls to a PRS number
range that he owns in another country with no intention to
pay.”
• PRS
• IRSF
• PRS/IRSF
• Bypass/SIMBOX
• PABX Hacking
• Clip-on
• Stolen Line
• Subscription
• Dealer
• Payment
• PBX / Voicemail
• Roaming out
Unique: 39%
Multiple: 44%
Structured: 17%
An example from the 2012 TMForum Fraud Survey
22. Fraud Classification Model - Challenges
• Distinct names for the same Fraud Type
• Distinct interpretation depending on the core service (Mobile,
Fixed, Cable, etc.)
• Multiple Frauds perpetrated in the same Fraud Case
• Fast changing nature of Fraud
• Need for a multi-dimensional analysis
• Need for different levels of abstraction
• Existence of several similar Ad hoc “Fraud Type” lists
23. Classification Model - TM Forum
Summary of Relations Between
Enablers – Fraud Types
Subscription Fraud
Hacking of Network Elements
Arbitrage
Mobile Malware
ENABLERS
(Vulnerabilities)
FRAUD TYPE
(Fraudulent Scheme)
TELECOMSSERVICEFRAUD
Cloning of SIM Card/Equipment
Protocol/Signalling Manipulation
Tariff Rates/Pricing Plan Abuse
False Base Station Attack
Misconfiguration of
Network/Service Platforms
International Revenue Share Fraud
Reselling of Calls
Wholesale Fraud
Private Use
Commissions Fraud
Traffic Inflation for Credits/Bonus
Charging Bypass
Interconnect Bypass
SIMBox Gateway
OBJECTIVE
(Scope)
Make Money/Profit
Obtain Free
Services/Goods
Obtain Credits/Bonuses
Obtain Commissions
Obtain Money
Access User Bank Account
Pretending to Be the
Operator
……….
BA - Related Fields
Fraud
Management
Security
Management
Revenue
Assurance
- Revision of Internal Procedures, Processes
and Products/Services
- Implementation of Technical Solutions at
Network and Service Platforms
Development, Enhancement and Reconfiguration of
Fraud Management Systems (FMS)
24. Classification Model - TM Forum
Summary of Relations Between
Enablers – Fraud Types
Subscription Fraud
Hacking of Network Elements
Arbitrage
Mobile Malware
ENABLERS
(Vulnerabilities)
FRAUD TYPE
(Fraudulent Scheme)
TELECOMSSERVICEFRAUD
Cloning of SIM Card/Equipment
Protocol/Signalling Manipulation
Tariff Rates/Pricing Plan Abuse
False Base Station Attack
Misconfiguration of
Network/Service Platforms
International Revenue Share Fraud
Reselling of Calls
Wholesale Fraud
Private Use
Commissions Fraud
Traffic Inflation for Credits/Bonus
Charging Bypass
Interconnect Bypass
SIMBox Gateway
OBJECTIVE
(Scope)
Make Money/Profit
Obtain Free
Services/Goods
Obtain Credits/Bonuses
Obtain Commissions
Obtain Money
Access User Bank Account
Pretending to Be the
Operator
……….
BA - Related Fields
Fraud
Management
Security
Management
Revenue
Assurance
- Revision of Internal Procedures, Processes
and Products/Services
- Implementation of Technical Solutions at
Network and Service Platforms
Development, Enhancement and Reconfiguration of
Fraud Management Systems (FMS)
Enabler - How they get on the
Network or service access
Fraud Type - How they generate the
revenue from the fraud
34. Cyber Issues in fraud….
Public
Web
• “How to” blogs and forums
• Information Sites
• Source information (Self
Service)
Dark-Net
• Underground Markets –
Information resale
• Underground Forums –
Tutorials and methods
35. Examples…..
Online User groups and information exchanges
– Fraud Techniques
– How to guides for hacking, and social engineering
Data purchase & Provision services
– Credit Card Numbers
– Subscriber Information
– Passwords
Technical Compromise Data
– Online self service hacks
– Equipment compromise
?
? ?
36. Fraudsters Guides
Hand Picked Set of Guides for Beginner
Fraudsters – Premium. Including fraud
method of how to get your own SIM cards
from anywhere.
How to steal people's information
40. GSMA
– Instigated a combination of working
groups to address the perceived
issues
– Fraud Forum, Security Group
– Now joined as one working group
– Fraud & Security Group
– Initiative designed to address the
perceived threat of new
technologies and methods
TMF
– Moved its Revenue Management
Group under Security
– RM includes, Fraud & RA
Operators / CSPs
– Movement of Fraud Operations
under Security Functions
– 8% move in 2013 survey…
– Will we see this increase in
the new fraud survey?
Organisations are changing….
41. The Fraud Management Progression?
Security trained
individuals involved
Real Time, InBand
signalling
Use of SS7 probes and
DTMF Analysis
Event focused analysis
& investigation
Fraud as Part of
Security
Past
Finance trained
individuals (audit)
Non Real Time Usage
analysis
Payments, process and
product risk analysis
Revenue Focused
Fraud as part of
Finance and RA
Present
Security expertise in
Fraud (IT & Network)?
Real Time Big Data
Analytics?
Content Analysis – DPI
& probes?
Analytics Focused,
Commercial Nous?
Fraud & Security?
Future?
42. So is it time to review our approach?
Does the growth of Data, IP and “cyber” threats mean we we have to
reanalyze our fraud approach?
– Many situations hidden from view
Do we need to go back to in-depth analysis?
– Need to know what is happening in the data channel
Is NOW the Time to use DPI in fraud and consumer protection….?
– Network & marketing departs are using DPI for QoS & Marketing
Analytics
Are we ready for the amount and complexity of the data that we are
going to need?
– Many organisations investing in “Big Data Solutions”
?
? ?