Our managed risk analysts (MRAs) have identified five key fraud trends that telcos should take into account when planning their fraud strategy.
Like any other retailers, telcos need to keep pace with evolving fraud trends and fraudster behavior. Working with our global Managed Risk Services team, we've identified five key fraud trends that telcos should take into account when planning their fraud management strategy for the coming period.
1. Subscription fraud for device acquisition
Fraudsters will attempt post-paid subscription fraud to get hold of expensive devices and accessories for resale, in return for little or no upfront payment. Our MRAs observe that any of the following techniques may be used in subscription fraud:
- Setting up accounts using stolen payment details, stolen identities or synthetic identities.
- Persuading a genuine customer to provide a verified identity—this is known as "credit muling." The customer will generally receive a fee for participating.
- Taking advantage of the limited timeframe for fraud screening on transactions by choosing next-day, same-day or even one-hour delivery or collection options.
- Using a pick-up point to avoid providing a shipping address that could go through a verification process.
- Fraudsters using their own credit card details to set up the subscription, then fraudulently claiming non-arrival of the device (friendly fraud), followed by cancellation of the recurring monthly payment.
Organized illegal resellers may ramp up subscription fraud when a new generation of the iPhone or another desirable handset is launched. Telcos should use a capable fraud screening solution, such as Cybersource Decision Manager, to look out for telltale signs, such as the creation of multiple new accounts from the same device or IP address as the fraudster attempts to acquire a large number of the new devices, and circumvent any telco-imposed limits on how many may be ordered on a single account.
2. Pre-paid SIM card fraud—for card testing, money-laundering or fraudulent business
Mobile phone top-ups and pre-paid or pay-as-you-go (PAYG) SIM cards are among the low-cost items that fraudsters will look to buy when testing stolen card details or carrying out enumeration attacks to assess the likelihood of transaction authorization. Such attacks are often performed using bots, so telcos can use velocity rules in their fraud screening solution to identify these transaction attempts and decline them, or send them for review. As well as helping to avoid unwanted authorization fees and reductions in authorization rates, this capability can help to mitigate the impact of a bot attack on the telco's website.
We're also seeing pre-paid SIM cards being used as a form of currency that attempts to disguise the source of funds. For example, a fraud ring may use pre-paid SIM cards to "pay" its employees. Telcos should use their fraud screening solution to spot unusual purchasing patterns—such as a single account buying a large number of high-value cards—that can reveal this kind of fraud.
Bulk purchases of SIM cards may otherwise indicate SIM box fraud, in which a fraudulent business offers discounted international rates to unsuspecting customers looking to save money on overseas calls—causing telcos to lose out on revenues. If a telco can detect the bulk SIM card purchase quickly enough, it may be able to intervene before the SIM box fraud gets off the ground. We may see an increase in this type of fraud in the UK as operators bring back EU mobile roaming charges.
3. Premium rate number abuse—takes many forms
A recurring pain point for telcos when it comes to premium rate number abuse is international revenue share fraud (IRSF). Fraudsters buy premium-rate numbers using stolen or fake identity and payment credentials, then generate revenues from the termination charge by sending traffic to those international premium rate numbers using techniques such as:
- Automated generation of calls to the premium rate numbers from other numbers the fraudster subscribes to using stolen or fake identity and payment credentials
- Robocalls or text messages inviting unsuspecting consumers to call the premium rate number for a supposedly urgent reason, such as non-delivery of a parcel
- Wangiri fraud—a variation on the above, with a robocall that cuts out after one ring to 'trick' a consumer into calling back on a premium rate number
As premium rate number abuse is often linked to pre-paid SIM card and subscription fraud, telcos should look for patterns or characteristics that enable them to link the transactions together, so that they can take action to prevent the abuse before it takes place.
4. Account takeover to steal devices, payment data, points, identities
Fraudsters may acquire customers' account credentials through phishing, smishing or vishing attacks, or in (usually unrelated) data breaches. Once they log in to a customer's account, they may:
- Change the shipping address, buy a new device, and charge it to the account-holder's next monthly bill
- Use the customer's payment data to make fraudulent purchases on other websites
- Steal or misuse any loyalty points held in the account
- Steal the customer's identity information to set up accounts elsewhere for other fraudulent purposes
To safeguard their customers and their brand, telcos should consider deploying a specialist solution like Cybersource Account Takeover Protection (ATP) that monitors account events for high-risk behavior to help stop fraudsters in their tracks. It's also worthwhile educating your customers on how to protect themselves against these types of fraud attacks.
5. SIM swaps to intercept OTPs for strong authentication
Fraudsters use SiM swaps (or SIM hijacking or SIMjacking) to gain control of customers' mobile phone accounts. Using information stolen in a data breach or gleaned from social media, a fraudster will pose as the account owner to persuade the telco to swap the account from the account-owner's SIM to a SIM they control. The fraudster can then intercept SMS messages containing the one-time passwords (OTPs) or PINs used for strong customer authentication (SCA) of electronic banking and payment transactions.
The SCA requirement of PSD2 that's rolling out across much of Europe means a likely increase in SIM swap attempts throughout the region. An ATP solution can help telcos guard against these attacks; customer education is also an important factor—including what steps a customer should take if they think they've been compromised in this way.
Learn more about fraud trends in the telecoms industry, and how Cybersource solutions and expertise can help you identify, manage and mitigate them.