Get the latest news right in your inbox
Fraud in the telecommunications industry is becoming increasingly common. As the number of digital transactions increases, the number of users with internet access through different devices (mobile, PC...) grows and the use of tools such as VPN (Virtual Private Network) spreads, telco companies have seen how attempts to commit fraud through their systems have increased exponentially.
Fortunately, RegTech partners and qualified trust e-service providers have devised simple and foolproof solutions that integrate into telecom companies' risk management and fraud prevention strategies.
Fraud in the telecom sector
Telecommunications are currently one of the fundamental pillars of any advanced economy, involving economic and social activities with sensitive and valuable information exchange that enable the dynamism of today's societies, as well as enabling business models based exclusively on digital products.
Cybercrime is increasingly noticeable in this area due to the sophistication of the methods used by attackers to commit illicit acts. Identity theft and the search for vulnerabilities within the telco sector has been a headache for many players.
On the other hand, more and more financial activities and high-risk transactions are carried out over the Internet or by telephone. This has led regulators to launch new regulations requiring both BFSI (Banking, Financial Services, and Insurance) companies and telcos to tighten their security controls and incorporate real users with guarantees.
As for how to address fraud in the telecommunications sector, this can be done from two global perspectives:
- The use of products and services that other customers have contracted with a telecommunications company to obtain them without paying for them.
- The use of these, in particular their access to customer platforms, as a means to impersonate legitimate users in third parties (for FinTechs, banks, online trading...) and steal information or money.
- Fraud consisting of the resale of telecommunications means either to obtain illicit economic benefits or for others to defraud third-party users without being identified.
Traditionally, large companies in the telecommunications sector bore the costs of fraud committed by criminals in their systems and structures. Despite being exposed to severe sanctions from regulators, their risk management policies addressed them and were integrated into their day-to-day business. Yet these were not the only cost overruns or issues caused by fraud.
As a result of this reality, institutions, governments, and regulators have begun to constantly publish new regulations that determine certain aspects of the activity and processes of these players and are beginning to demand greater responsibilities.
This has led to a situation where current risk policies are focusing on a full fraud mitigation model and achieving a zero attack level, preventing fraud before it even occurs rather than investing resources in managing its legal or operational consequences.
This has only been possible thanks to the emergence of SaaS startups that integrate fraud prevention systems and exhaustive controls in all of the telecommunications companies' own and alternative channels. Until recently, large telcos had to resort to costly technological developments either by putting together huge complex IT teams with not very agile structures or to external consultancies that designed systems that in many cases were already obsolete once they were delivered due to the time needed for their completion.
Now, scalable and auto-updating RegTech software allows telcos to get time-to-markets of less than three months to go to market with a robust and capable proposition, both remotely and at on-site locations, while fully mitigating fraud.
Types of fraud in the telecommunications industry
Telecommunications fraud is of many different types. We can identify types of fraud based on the telecommunications network itself. That is, cybercriminals find loopholes in the network to carry out their attacks.
Similarly, we find another series of telco frauds targeting the physical infrastructure of telecommunications companies, acting on hardware such as SIM cards and hacking into certain systems.
The following is a brief overview of the most important types of telecommunications fraud:
1. Identity fraud (impersonation or theft)
This category of telco fraud based on identity verification is the hub from which dozens of other types of illicit actions branch out. Despite the fact that in many countries - e.g. Spain - it is compulsory by law to link each new line registration to a natural or legal person, criminals continue to register new numbers in the name of false persons.
We are not only talking about impersonating a customer to illegally enjoy the services and products contracted by the legitimate user (calls, internet, streaming content services, placing orders in the leasing or device sales divisions of the operators themselves...), but also about impersonating them to commit criminal acts elsewhere.
In this way, we see how this not only affects the telecommunications industry but also impacts other related industries such as BFSI (Banking, Financial Services, and Insurance), as they use credential validation through the sending of OTPs by SMS to verify the identity of their customers and register new accounts for financial services and products. Similarly, these codes are used in most online platforms as a second authentication factor.
2. SIM Swapping, prepaid and SIMBox
SIM Swapping - also known as SIM theft, SIM swapping, or SIM Jacking - consists of duplicating a SIM card by pretending to be its legitimate owner. As we have seen, this fraud is based on the previous one of identity theft, so it is fully remediable if exhaustive controls are established in that direction.
The new AutoSIM SaaS solutions that many telcos have started to integrate have completely solved this problem while enabling novel use cases such as instant mobile line activation at airports or sending SIMs to homes allowing users to self-activate them without friction.
In relation to this, we can see other similar types of fraud such as the abuse of prepaid charging, mobilizing illegal revenues between SIM cards, or with their duplication through identity theft. SIM Boxes are devices that store dozens or even hundreds of SIM cards to route traffic and make fraudulent modifications to the operators' metadata.
3. Deposit and underwriting fraud
This fraud focuses its attention on the online sales channels of the different mobile telephone and telecommunications operators. Through these internet channels, either their own or alternative ones - although it is much more common in the latter - SIM cards are purchased with stolen credit cards. This applies not only to SIM cards but also to other devices such as cell phones, tablets, routers...
What does this mean? Companies not only have to make a refund of fees in the form of a chargeback on many occasions but also lose the product due to the difficulty of tracing the origin. Blocking legitimate customers with high false positive rates is common in the industry if modern SaaS tools for identity verification and anti-fraud controls are not in place at both online and digital points of sale as well.
Subscription fraud, on the other hand, is very similar, since it is based on signing contracts using fake or stolen IDs and credit cards. Fortunately, electronic signatures and eIDAS-compliant digital contracting platforms have completely solved this problem.
4. IRSF - International Revenue Sharing Fraud
This type of IRSF fraud uses telephone numbers and premium rate lines (premium rates that allow you to make and receive international collect calls) to call from another - usually a company - so that it pays large amounts per minute as dialed by the premium number.
Also known as international revenue sharing fraud, it generates up to a dollar per minute from which about 25 cents is earned and stolen by the fraudster. One of the methods that are putting an end to this problem is the implementation of Know Your Business KYB - and also KYC - controls in the registration processes of these types of premium lines.
5. Phishing and smishing via SMS
Very similar to email fraud, SMS phishing obtains relevant data such as passwords or similar to impersonate identity on third-party platforms.
While SMS messaging apps on both Android and iOS mobile devices are able to filter these malicious messages more or less successfully by taking them to spam folders, tens of thousands of users still fall for these hoaxes every day.
Verifying the identity of phone users who send bulk SMS messages is the solution to these problems, and it has been proven that companies in the telecommunications sector have reduced this fraud by incorporating them.
In the telecommunications industry, we can find dozens of types of telco fraud. From Wangiri, which consists of making massive hang-up calls so that users call a premium number that acts as a collect number, to traffic pumping - which manipulates compensation rates through calls to telco networks - we see more and more sophisticated attacks being committed towards or within telephone and internet companies.
BPX hacks, for example, directly attack cybersecurity and telco systems by using fraudulent IPs to take control of telephone lines through unsecured telephone networks. They connect to external private networks that allow sharing lines as for example is done in central offices. This is generally complementary to the International Revenue Sharing Fraud IRSF.
Telco fraud prevention solutions
As we mentioned at the beginning of this article, telcos have begun to entrust their fraud mitigation activities to technology experts whose core business is the development of affordable, self-updating solutions. It is no longer necessary to involve telco IT departments to optimize key processes for fraud perpetration by attackers; a barrier system is simply inserted to prevent it.
Fortunately, these systems do not generate any friction in the processes in which they are integrated, being completely agile and fully adapted to each use case, channel, and the characteristics of the user who is carrying out the process. This is crucial for all commercial activity and acquisition campaigns, where zero fraud has been achieved without lowering conversion rates by a single point.
Fight against fraud, sanctions, and telecommunications regulation
The Deploy&Go business hubs proposed by companies such as Tecalis are not only a tool for telcos to capillary manage their entire network of proprietary and alternative channels, but also enable comprehensive compliance with the most demanding regulations in any market and region. Many companies have easily expanded into other markets by using these tools that allow them to do more business in less time with perfect performance in terms of risk management and fraud avoidance.
Complying with data protection regulations - GDPR General Data Protection Regulation in Europe - is also of particular importance for companies in the telecommunications sector. Therefore, these platforms that include collection and validation of identity documentation, as well as custody of contracts signed by electronic signature, are ideal for this purpose. Reaching zero penalties is already possible because, in addition, the responsibility for any fraud committed will be borne by the RegTech partner.