Telecom fraud is equal to the annual revenue of Disney or the GDP of Costa Rica--$40 billion. I would have thought that the hacking of PBXs and subscription fraud would be reduced by now since we have had these fraud problems for years. Not so. They are still highest on the list.
This is according to the Heavy Reading report: "Bigger Than Disney: Telecom Fraud Tops $40 Billion a Year". The $40 billion figure of about 2% of the telecom revenue loss is an estimate generated by the Communications Fraud Control Association (CFCA).
There is a galaxy of fraud, abuse, security and revenue assurance problems, as shown in the diagram below from the report. The number of operators, the wide range of devices and operating systems and the range of offered services compound the problem. The perpetrators use the access to multiple networks to confound the operators, especially for mobile services.
Telecom fraud has become more pervasive and sophisticated as more means of communicating have been introduced. The report states that many experts believe that networks have actually become less secure. The old TDM world was centrally controlled. Not so in the IP world. Besides outsiders perpetrating fraud, employees, dealers and sometimes operators have added risk to the telecom business. The report authors also learned that telecom managers and the providers have decreased their vigilance, not increased it. This reduction of vigilance appears to be one of the root causes of the success of fraud.
So what are the vulnerabilities that lead to the fraud problem?
* PBX hacking (I did not expect this since we have had the problem for decades and there are many solutions on the market)
* Subscription fraud
* International revenue share fraud by operators
* Network bypass
* Credit card fraud
These five vulnerabilities account for about half the problems. The other half involves things like "premium services", international wholesale abuses, and domestic traffic pumping, among about another dozen categories of fraud.
Subscription fraud is quite old in application. This is performed by opening a fake account (easy to do online with stolen credit cards). The fake account can be used to access services and receive equipment (wireless routers as an example). As long as the fake account is not detected, the fraud can last for months, maybe even years.
As the report says, "Operators hasten to close gaps in subscription fraud because of the cascading nature of the loss. 'Subscription fraud is a gateway problem,' says Subex Group VP Vinod Kumar. 'Operators don't just lose the retail revenues. They still have to pay their international partners, device manufacturers, and possibly digital content partners, so they are losing on all fronts.'" Even though the provider is absorbing the cost, eventually this cost of doing business trickles down to enterprises and consumers.
The sections I liked in the report were "Next-Gen Networks, Next-Gen Losses" and "Internal Fraud: The Dirty Not-So-Little Secret" The report continues with how the industry is fighting back and a list of the vendors of solutions to mitigate the fraud problems.
What I took away from this report was that although fraud has been around for decades, the old problems still exist with considerable losses. Further, the emergence of more mobile services and devices has compounded the problem. It appears that the industry is lagging the fraud problem when it comes to solutions, not really preventing it.
