As a seven-year old boy growing up in post-war America, “Joybubbles” – or Joe Engressia as he was better known back then – learned to whistle the exact tone that AT&T used at the time to signal that a phone was off-line and should not be billed. The discovery enabled him to make free calls to all four corners of the earth and earned him a degree of notoriety when the Federal Bureau of Investigation flagged him up as a subversive capable of starting a nuclear war with a whistle.
He died several years ago, but the phone hacking or “phreaking” movement that he galvanized continues to cost carriers tens of millions of minutes in lost revenues every day.
FBI agents were also instrumental in tracking down a ring of Manila-based fraudsters who had found a way to turn corporate phone systems into virtual ATM cash machines. Using a simple hacking technique that exploited grave security flaws in the private telephone exchanges of many large institutions, the gang netted at least $55 million in illegal profits, despite being arrested in 2009 and again in 2011.
Specialist investigators from the Philippine National Police’s Criminal Investigation and Detection Group, alongside agents from the FBI, alleged that proceeds from the long-running fraud were used to finance – among other things – the terror attacks in Mumbai in 2008. It has been widely reported that AT&T alone reimbursed more than $2.2 million to customers caught up in the fraud though neither the carrier nor investigators will confirm the sum.
A growing problem
In truth, we may never know how much the gang cost international carriers. They were eventually caught not by specialist telecoms investigators but by anti-terror agents targeting an Italy-based financier suspected of bankrolling several extremist groups.
But we do know that telecoms fraud is big business and is on the increase. Earlier this year, Capacity published the first in-depth survey of fraud in the wholesale market and the results were alarming: wholesale units alone lost an estimated $6.12 billion to fraudsters last year and eight out of ten senior executives caution that incidences of fraud among wholesale operators has increased dramatically in recent years.
The survey, based on responses from 195 players and published in conjunction with Subex, a provider of fraud management solutions, went on to reveal that 35% of Tier 1 carriers and 40% of Tier 2 carriers lose more than 2% of total revenues to fraud each year. In a later survey, published in April, Capacity found that one in four senior wholesale chiefs plan to invest in fraud prevention initiatives in 2013. Respondents to the survey were responsible for annual wholesale revenues of more than $65 billion.
Capacity’s research chimes with a growing bank of data on telephone fraud. Pindrop Security, a US-based firm which is developing a fingerprinting technology to identify and verify call users, estimates that US networks carry five fraudulent calls every minute. The firm reckons that there were 1.6 million instances of phone fraud in the US between January and September 2012, equivalent to one call for every 186 Americans on an annualised basis.
But the most damning comment on the state of fraud within the telecoms industry comes from the FBI, which unambiguously states that organised criminal elements now see phone fraud as infinitely more profitable than more traditional exploits such as drug trafficking and prostitution. To combat the problem, carriers and service providers must first ask some searching questions of themselves – not least, how fraudsters have been able to harness rapid advances in technology, when they have not.
A legal perspective
Telecoms fraud is defined as the theft of telecoms services or the use of telecoms services to commit other types of fraud. This is an important point as it helps to explain how the Communications Fraud Control Association (CFCA) which produces an authoritative overview of telecoms fraud once every two years, gets to a headline grabbing figure of $40 billion a year. After all, if the CFCA is right, then telco fraud generates as much cash each year as the Walt Disney Corporation.
Top of the association’s list of common frauds is hacking, where crooks typically take over the private branch exchange (PBX) of a small-to-medium sized company, usually over a weekend, and make as many calls as possible to international premium rate numbers that they already own in places such as, say, $22-a-minute Somalia.
The association estimates that PBX hacking costs service providers as much as $4.96 billion a year, while subscription or identity theft costs another $4.3 billion.
Also high up the list is international revenue share fraud, where a criminal gains access to a service provider’s network in order to share any of the revenue generated. Again, the CFCA reckons that carriers lose upwards of $3.8 billion a year through the scam.
Other illegal schemes include bypass fraud, where in-bound, off-net traffic is disguised to look like on-net traffic to avoid high termination rates; false answer supervision, where a provider sends out a signal suggesting that the call has been answered long before someone on the other end gets to the phone; and long-firm fraud, where criminals set up what appears to be a legitimate service provider, then ramp up traffic unexpectedly over key holiday periods and disappear overnight, leaving their international carrier partners to pick up the bill.
Pindrop estimates that telecoms fraud is currently growing at the rate of more than 30% a year fuelled in the most part by the rapid take-up of Voice over IP (VoIP) services.
Hiding in the crowd
Not only is telecoms fraud a high-growth business, it is also becoming harder to detect, as Jorn Vercamert, VP of the voice business at BICS testifies.
“With the proliferation of wholesale services comes a larger number of partners in the value chain. And the more players there are in that chain, the harder it becomes to spot where a fraud might be committed and who might be ultimately responsible,” Vercamert suggests. VoIP services in particular, he warns, add an extra layer of danger.
“Back in the world of TDM, there were robust borders between different types of service and the services themselves were very clearly identifiable within dedicated networks. Now we are moving to a multi-service IP world which is populated by many more players.” In short, he says, the more people there are on the network, the greater the potential for wrongdoing.
This is only likely to get worse as the roll-out of new services and applications – such as mobile money and machine-to-machine connectivity – offers new avenues for fraudsters to attack. As Pierre Paufique, VP of customer service operations at Orange International Carriers points out, the industry needs to be able to correlate data across a whole range of services, not only to identify potential scams in the here and now, but to predict where fraudsters might strike next.
“We are constantly looking for ways to protect the revenues of our retail operators,” he says.
The CFCA will no doubt agree – half of all frauds originate on VoIP devices, it claims, although the incidence of attacks originating on mobile phones has tripled in the last twelve months to 15%, which will dispel a long-held assumption that fraud is essentially containable within the voice market and will not make the jump to mobile data.
Among VoIP providers, Pindrop believes that Google Voice is linked to most fraud calls. While this is to be expected to some degree, given the search engine’s dominant position in the VoIP market, it would appear that some of the unique selling points that make Google’s service so popular, such as the ability to automate certain functions, run batch orders and access APIs, benefit fraudsters every bit as much as they do potential customers.
VoIP fraud can affect any company that uses or sells VoIP services. Smaller companies are prime targets for hackers, but the banking sector is also highly vulnerable. Pindrop believes that nine out of the ten largest banks in the world and 34 of the top 50 financial institutions have all been the victims of telecoms fraud.
While Africa has traditionally been a favourite base for fraudsters – largely because termination rates are high and regulatory oversight is poor – the most popular destinations for criminals to work out of, at least according to the CFCA, are the US, India, the UK, Pakistan and the Philippines.
Why wholesale is the new retail
The whole issue of fraudulent traffic is something of a thorny problem for wholesale operators. For one thing, most scams originate on a retail operator network – the wholesale carrier has no control over how or where that traffic is generated and serves only to deliver telephone calls on to their ultimate destination. Against a backdrop of thinning margins, greater competition and the onslaught from disruptive technologies, wholesalers might argue that it is not for them to question the provenance of traffic that comes their way.
Perhaps more pertinently, because transit carriers can do little in terms of due diligence to protect themselves from the source of most frauds, they expect retail service providers to make good their own exposures when criminals hit. This in turn puts pressure on the retail provider to pursue the ultimate end customer, which can make for some ugly headlines in the consumer press and foster unwelcome reputational damage to pretty much everyone in the supply chain.
Such deep cultural divisions between retail and wholesale units play heavily into the hands of fraudsters, as the head of revenue assurance at one European wholesale carrier explains.
“Until very recently, the senior management at this company honestly believed that there was no such thing as wholesale fraud. Because we don’t have a retail business, it was widely assumed that the only risk to our revenue stream could come from a customer wilfully refusing to pay,” he says.
And that, the fraud expert continues, was perceived to be a function of how well the credit control department did its job in vetting potential new customers. That attitude, he concedes, is slowly changing, but not always for the good.
“Now people accept that whatever happens on the retail side will impact the wholesale business – they are basically two sides of the same coin and need to be looked at in the round. The problem we have internally now, is that in an era of all-you-can-eat convergence plans, a new contingent is emerging who argue that there is little value in investing in systems to monitor spikes in traffic flow, when you are pretty much giving it all away for free anyway. It’s yet another barrier that we will have to overcome.”
Opportunity from adversity
Ironically, it is the very same commercial pressures that are spawning new convergence plans that are also forcing wholesalers to step up to the plate and fight fraud more proactively. At the very least, transit carriers find themselves in a very strong position as “middle-men” between the source of the scam and the ultimate destination of that fraudulent traffic.
As Katia Gonzalez Gutierrez, who oversees the i3forum’s work on fraud management, explains, the absence of any coherent international co-ordination as well as discrepancies and incompatibilities between certain jurisdictions might very well make international fraud more appealing and profitable, but it also bestows greater power on the transit carriers to step in and stop it.
“Wholesalers can identify fraudulent destinations and number ranges and in some cases help to uncover potentially fraudulent suppliers. And when they uncover a fraud they can step in to halt the flow of payments and choke off revenues to perpetrators,” Gutierrez says.
Orange’s Paufique agrees.
“As a carrier we believe we sit in a unique position. When we see issues with traffic to particular destinations, we can not only notify the party at the end destination, but also report back to the retail operator who originated the traffic. We firmly believe that it is the responsibility of all the different partners in the value chain to fight fraud,” he suggests.
Put one way, retail network operators no longer see it as acceptable for wholesalers to stand aside and let them shoulder all the losses as fraudulent activity ramps up. Put another, wholesale operators see a raft of new value-added services in fraud management that might lure customers away from their competitors. Either way, it makes for a potentially lucrative new business stream for many wholesale carriers.
Going commercial
Leading the charge is BICS, which earlier this year signed a strategic partnership with cVidya Networks, a London-based provider of anti-fraud tools. The idea is to create a vast databank of information on fraudulent traffic flows in order to provide an early warning system to BICS’s clients.
“Operators will be able to get innovative information on any fraudulent patterns that we see coming from the traffic that they send us,” explains Vercamert. The more information that the operator subsequently provides on the source of that traffic, and the more operators that sign up, the better. The question is whether BICS will charge for this service, or use it as a bolt-on to an existing portfolio of product offerings.
“It’s a good question”, concedes Vercamert, “We are currently in the process of commercialising this initiative right now.”
Clearly some operators will already have advanced anti-fraud systems while others will still be looking to beef up their defences, but ultimately, he believes, there is a big market for this sort of solution.
“Where perhaps before service providers were more focussed on establishing a model and building scale, now they are looking to optimise revenues. We all see the statistics on how much fraud is costing the wholesale market, so we feel that now is the time to focus on fraud management,” Vercamert suggests.