August is known to be the busiest month out of the year for telecommunications fraud, as criminals take advantage of summer plans and holidays. This summer is likely to bring with it a host of new exploits and attacks – and you must assume that your company will be targeted. This summer telecom operators should spend their time bolstering their security efforts, through the adoption of increased technology and awareness training.
Telecommunications fraud is not isolated to any particular network or country. Telecommunications services are now truly global, with new regions continuously opening up – and with them, new avenues for fraud. Telecom operators are already preparing for changes in EU data roaming rules and higher-risk roaming, additional telecommunications services, increased numbers of telecommunications devices, and seasonal increases of telecommunications fraud along with declining revenues due to the impact of other disruptive technologies such as OTT.
The Internet of Things has substantially changed the landscape for telecom service providers, with a multitude of devices now having the ability to initiate or facilitate fraudulent and malicious attacks. As network activity increases overall throughout the world, so too does the number of fraud attempts, and the number of telecommunications fraud vectors. Changes in roaming rules are already responsible for increased levels of fraud as consumers become less vigilant about managing their own charges and fraudsters exploit the new fraud opportunities these changes have provided them with.
But that's not all – telecommunications fraud also tends to go up during the holidays and summer. With more people traveling and being active, there are more opportunities for fraudulent charges. This is especially true when customers are abroad or making plans to go abroad. Many known fraud attempts involve connections on an international level, and these can be some of the most costly to contend with.
With all that in mind, how can telecom operators combat the rise of telecommunications fraud? By creating a comprehensive telecom fraud management strategy. Telecom providers need to prepare now for the risks that are certain to come.
Telecommunications fraud is frustrating to the consumer and costly for the service provider. Telecom operators must take steps to minimise fraud if they want to protect their revenue and provide the best customer experience.
A solid telecom fraud management strategy consists of two parts:
An automated fraud solution: All operators must have a comprehensive fraud solution, which will automatically detect and mitigate the signs of fraud across their network. It is not always possible for a human agent to identify these signs, and consumers will often be unaware that fraud has occurred on their account until well after. Automated fraud solutions are able to do the work of many people, automatically scanning for and identifying potentially malicious actions. Even better, these fraud solutions are able to scale up easily, thereby allowing the telecom service provider to grow without an increase in security risk
Improved training and awareness: Telecom service employees must be trained to properly identify the signs of fraud and to escalate to a supervisor when needed. Though many fraud attempts will be detected by the automated fraud solution, there are types of fraud that can occur at the service, customer, and employee level. These types of fraud are often "social engineering" attempts, which employees must be able to recognize and respond to.
Some actionable steps telecom operators can take to avoid fraud this summer:
1. Reduce the lag between when calls are made and when these time stamps are logged, to combat International Revenue Share Fraud (IRSF) in particular – a type of fraud that involves generating traffic to expensive international revenue share numbers.
2. Broaden the scope of the fraud monitoring function. Fraudsters adapt their own modus operandi to counter common prevention and detection strategies that they know telecom operators will implement. A good example is country or range blocking. In February 2017, 42% of all International Premium Rate (IPR) test numbers advertised related to the top 10 fraud destinations. In July 2018, the top 10 destinations only account for 23% of the IPR test numbers advertised. There are now over 220 countries and territories being advertised as revenue share destinations, so monitoring only high-risk destinations is no longer effective.
3. Install an early detection service for Wangiri fraud (“one ring and cut”) – particularly fraud that diverts traffic illegally or "cons" users into returning missed calls to high termination rate destinations.
4. Implement and maintain a detection service for SIM Box Fraud, which is a type of fraud that involves using the internet to terminate calls on local SIM cards to sell international minutes.
5. Only resell minutes to reputable parties to combat "arbitrage," the practice in exploiting settlement rates between countries for a profit.
6. Use monitoring equipment to detect more complex types of fraud such as OTT hijack attacks, or hacks into VoIP systems.
Though fraud attacks are going to be increasing through the summer, they aren't going to go away once the holidays are done. Due to the IoT, new regulations, and the general increase in global traffic volumes, fraudulent attacks are going to be an ever-increasing threat. Businesses must take action now if they want to prepare themselves and prevent the possibility of a costly fraud attack.
If you want to learn more and minimize your fraud risk, reach out to XINTEC today.