Best Practices Can Stop the Five Costliest Kinds of Telecom Fraud
Telecom fraud continues to be a very real problem for the industry. Despite the advances in security technology and awareness, this crime cost equates to nearly 2% of telecom revenues that cannot be reported on a company’s income statement. A recent survey by the Communications Fraud Control Association (CFCA) cited in my e-book, What the Fraud?, estimates that telecom fraud costs the industry over $40 billion (USD) annually.
There are five prevalent kinds of telecom fraud that are of greatest concern – private branch exchange (PBX) / voicemail systems, subscription / identity theft, international revenue share fraud, by-pass fraud, and credit card fraud. To prevent these it important for revenue assurance managers to understand the types of fraud and issues Communication Service Providers (CSPs) face.
PBX Hacking alone was responsible for an estimated $5 billion in fraud in 2011, according to the CFCA. PBXs are particularly attractive to hackers because of their prevalence (nearly every medium and large business has at least one) and their familiarity. Most PBX systems have been around for years, allowing hackers to become increasingly familiar with how to exploit them.
What’s to be gained from hacking into an enterprise PBX system? Access to confidential voice mail is one objective. But more often than not, hackers are interested in something even more valuable: overseas long distance service. By illegally accessing PBX systems, often through unsecured maintenance ports or poorly protected direct inward dial (DID) accounts, phreakers can surreptitiously “steal” long-distance service (sticking enterprises with the bill) or even re-sell long-distance service to third parties using the enterprise PBX as a gateway.
In the case of Identity Fraud, CSPs have, in a sense, become the victims of their own success. By bundling services like high-speed Internet and television with fixed and mobile voice plans, service providers have made stolen services more attractive to thieves. With one false account, criminals can sign up for multiple services at one time. More than $4 billion in “free” services were given away by service providers in 2011 before the accounts could be shut down for non-payment.
International Revenue Share Fraud (IRSF)
On the more complex end of the fraud scale is International Revenue Share Fraud (IRSF). Here, hackers take advantage of widely diverging international long-distance rates to divert phone traffic to high-fee international numbers (including pay-per-minute 900 numbers), typically sharing in the revenue with the company that owns the numbers or, in some cases, with the local carrier themselves.
By-Pass Fraud is a type of identify fraud that uses illegally obtained Subscriber Identity Management (SIM) cards to make long-distance calls appear to the service provider as though they’re local calls. CSPs still end up paying for the long-distance interconnection charges, which, together with lost revenue, cost CSPs nearly $3 billion in 2011, according to the CFCA.
Credit Card Fraud
Credit Card Fraud is, of course, a cross-industry problem, but as online credit card and e-payments for communications services become more common, it has become a growing problem for CSPs.
With such a diverse portfolio of fraud activities at their disposal, hackers would seem to have the advantage. The tables can be turned, however, if CSPs and enterprises avail themselves of new security technologies and some common sense.
Here are steps that both service providers and enterprises can take to stop hackers in their tracks:
- Improve password practices by making sure passwords are strong, discouraging default passwords and changing passwords frequently;
- Monitor PBX activities, especially on weekends and after business hours when hackers are most likely to strike;
- Deactivate unused mailboxes, extensions and calling features you don’t use;
- Consider using security software that can match calling patterns against known hacking patterns for earlier detection;
- Check new subscriber information against your own customer data (and validated third-party data) to prevent identity fraud.
For more protection and peace of mind, Neustar offers Risk Management solutions that help service providers reduce fraud, identify potential bad debt risks and protect against identity and credit card theft.