Almost everyone who uses mobile or online services has been subjected to a scam attempt at some point. But though most people are familiar with these techniques, anyone can be caught out if targeted by the right method at a time when they just happen to be off guard.
With mobile operators having an enormous volume of network data, they are ideal candidates to help identify and block these attempts. Tools are also improving to combat them through the likes of machine-learning and new application programming interfaces (APIs).
“As a mobile operator, we sit on rich data sources that are powerful tools for detecting and preventing fraud,” says Adri Loloci, senior global product manager for Vodafone Identity Hub, a collection of API-based products designed to detect and prevent fraud, and authenticate phone numbers.
Cutting losses
To leverage these data sources, the company has just launched Scam Signal, a new API-based product to complement the existing Vodafone Identity Hub portfolio. Scam Signal is specifically aimed at reducing authorised-push-payment (APP) scams, referring to a type of social-engineering fraud that happens when a criminal tricks someone into sending them money or making advance payments for fraudulent services.
They often do this by impersonating a representative from a bank or government department, or even a family member, via a mobile call or text message. According to UK Finance, almost £500 million was stolen in APP fraud in the UK in 2022.
Using machine-learning, Vodafone identified specific data points on the network that correlated with fraudulent bank transfers. By providing this data to banks in real time in the form of APIs, they can prevent these transfers before they happen.
Following tests, Vodafone estimates that banks can detect about 25% more fraudulent bank transfers by using the Scam Signal API. This is also achieved with a very low false-positive rate of one in every three transactions indeed turning out to be fraudulent.
Scam Signal, which is available through channel partners of Vodafone Carrier Services, is currently being trialled by two major banks in the UK. The plan is to later introduce it with other banks across multiple countries.
API portfolio
At present, Vodafone’s Identity Hub offers six other APIs in nine European countries – known as Match, Call Divert, SIM Swap, Number Verify, Age Verify and Number Recycle.
Match, for example, helps to confirm the identity of someone making purchases over the internet; and Number Verify checks if the number on a device accessing a service or app matches the one provided by a customer, essentially replacing the need for SMS one-time passwords with a more frictionless way of authenticating the phone number.
Loloci emphasises, however, that close collaboration is needed between mobile operators to put new APIs like Scam Signal in place. This is because banks and other enterprises are interested in services that can protect their entire customer base, so often sign up to these APIs via an aggregator or channel partner that can connect them to all networks.
Unified effort
Apart from GDPR, different countries also have different regulations and telecommunications laws, making API product development more complex. However, Loloci highlights the progress being made on this front by the CAMARA Alliance, a global open-source initiative within the Linux Foundation between operators, vendors and other players to define, develop and test APIs, and align requirements.
Another key challenge, says Loloci, is that “fraudsters will change the way that they operate to bypass security measures”. This means Vodafone sees a need to consistently innovate, adding new data attributes to APIs as fraudsters are forced into changing tack. If robust measures are in place to target this activity with precision, the company believes this can go a long way to tackling illicit efforts by scammers.
"If this can be carried out effectively, enabling us to stay one step ahead, we see huge potential for reducing fraud across many industries”, says Loloci.