Telecom operators lose annually up to a staggering $40 billion on fraud. And with the advent of the Internet of (Insecure) Things extending connectivity far beyond smartphones and tablets, our homes, cars, clothes and light bulbs can become little Trojan horses, vulnerable to security and fraud exploits. So how should the telecom industry tackle current and future scams?
One idea is to broaden the scope of fraud management, going beyond traditional blacklisting and reactive traffic anomalies. Using an encompassing, enterprise-wide fraud framework based on advanced and predictive analytics, can detect risk and fraud before it happens, as we argued in our previous fraud blog.
Now we concentrate on what telecoms can learn from other sectors that have been hit by fraud and have progressed in detecting and combatting it. Banking is one such industry.
#Telecom operators lose annually up to a staggering $40 billion on #fraud. How can they tackle current and future scams? Click To TweetFinancial industry hardest hit
Following PwC’s 2016 Global Economic Crime Survey, the Financial services industry is most at risk regarding fraud, slightly more than government and retail but way ahead of communications and insurance. The financial services industry is not only at risk, it’s also been heavily affected and has faced material losses, certainly since the era of online banking (remarkably, a number of telecom operators are moving themselves into the banking industry).
Together with the facilitation of payments and increased use of credit cards, fraudsters have found new and easy ways to steal money and many banks have already suffered vast losses within the last 10 years. When you look at which banks have been targeted, the fraudsters, increasingly organized criminals, started with the big banks in big countries. After that they targeted big banks in smaller countries before targeting smaller banks everywhere. Why? Because fraudsters are smart people (often with university degrees) and they adapt their strategy to the market. When one builds a defense wall, they find another victim without defense instead of losing time finding a way to bypass the enhanced security.
What are the main fraud modus operandi the financial sector has been suffering the last years?
- eFraud Transaction Fraud via mule accounts using phishing/vishing/malware/etc. techniques: online bank accounts from customers are hacked and money is transferred to mule accounts – similar to what happens in telecoms with ID fraud, malware etc.
- Application Fraud (again, similar to telecoms): customers asking for a credit/loan (phones, set-top boxes) and disappear with the money without reimbursing the bank (or telecom provider).
How to combat banking fraud in the digital age?
Initially, banks mainly worked with simple rules where thresholds were defined above which an alert was triggered – similar to what telecom operators are doing nowadays. As fraudsters became more sophisticated, it never took long to know how to avoid these thresholds and stay under the radar. In addition, fraudsters often know that bank fraud systems rarely monitored customer behavior across multiple accounts, channels and systems. That vulnerability paved the way for cross-channel fraud, which enables criminals to gain access to customer information in one channel, then use it to commit fraud in another channel.
Putting harm to injury, banks also had to move into the digital age. Digitally demanding, fast-paced consumers expect to be able to make easy and fast payments in real time, at any time and from any place and device. Digital channels, however, are innately more vulnerable to fraud, and, while the speed and openness of the approach made banking faster and more convenient for customers, it also made it easier for fraudsters to access money and transfer it quickly without being detected until after the crime.
Analytics coming to the rescue
Clearly banks had to take a more sophisticated approach to fraud detection and many banks moved to a state of constant readiness. Careful data monitoring and management is critical from the outset, and banks are now often, where necessary, enhancing their data quality and collating and linking a wide range of different data types ingested into an organization, including financial and non-financial transactions, customer information, bank account details, computer IP addresses, and information about devices and their usage patterns.
Using these different data sources and types, many banks have started applying more advanced analytics and machine learning. And in order to be really efficient and effective, they combine multiple techniques consisting of anomaly detection, peer group analysis, text mining, (social) network analysis & predictive modeling to get answers to questions like:
- Is the beneficiary living in a country at risk?
- Is this beneficiary living in a country to which the customer already sent money?
- What is the usual timing at which the customer does his transactions?
- What is the usual device that’s used for those transactions?
- Have other customers with similar characteristics paid off their loans in time?
- Does this customer who is applying for a loan have contacts in his network who are already known for application fraud?
By combining all these analytical approaches, banks are increasingly capable to:
- Avoid future fraud losses for existing and new modus operandi
- Maintain the manual workload of the fraud investigators at a manageable level
- Increase customer satisfaction and avoid customer annoyance during the customer journey
Moreover, banks, like telecom operators, often took (and some still take) a siloed approach to addressing fraud – check fraud is handled by one group, credit card fraud by another. So over the past years many banks have taken a single, holistic platform approach independent of product, channel or geography to address all financial crime, including money laundering. Cost savings and efficiency improvements are also drivers: reducing data storage costs, enabling reuse across departments and increased flexibility to add new products, services and channels to the enterprise platform at a far lower incremental cost than installing another customized fraud detection system.
But what about telecom operators?
All telecom operators are suffering fraud losses in various modes (IRSF, application fraud for high-end devices, etc.). Most have static and reactive detection systems in place where leaks are plumbed as they are detected (see our previous blog post on telecom fraud).
So it’s time for telecoms to “get inspired” by the advanced fraud detection models that exist within the banking industry (certainly as some of them are becoming banks!) and start getting answers to questions like:
- Is the destination number located in a country at risk?
- Is the destination number in a country to which the customer has already called in the past?
- What’s the usual device the customer uses and what’s the usual time at which the customer performs his calls/messages/data usage?
- Have other customers with similar profiles asked for a similar high-end device?
- Is a customer, applicant, dealer, distributor, call-agent or even supplier connected to fraud, and if so, how and does that constitute a risk?
- How can I decrease the number of ‘false positives’ and increase efficiency?
If telecom operators invest time and effort in more advanced fraud detection techniques they will avoid losing money to customers and companies they shouldn’t have accepted in the first place and will be able to reward customers who should get their full attention.
Learn more
In our digital world, where everything is available via the web, there is a whole new level of fraud. To understand how you can detect and combat emerging fraud methods, get inspired by this whitepaper, Fraud in Communications.
Matthieu Joosten is Telecom Industry Lead at SAS South West Europe
Frédéric Hennequin is Senior Solution Specialist Fraud at SAS Belux