Some big-city markets saw a decrease in cloning fraud last year after implementing personal identification numbers, but the effort hasn’t beat the bandits. Cloning criminals have hit the road, scanning for numbers in one market, reprogramming and selling handsets in another-what industry has termed roaming fraud. Some hackers even have eclipsed the PIN safeguard.
Roaming fraud has taken carriers by storm. According to Phillip Redman, an analyst with the Yankee Group in Boston, cloning accounts for about half of all cellular fraud. And most cloners are using a roaming approach, he added.
Here’s why. Fraud detection methods-including PINs, caller profiling and radio fingerprinting systems-often are adopted on a per-carrier basis, therefore they are limited in geographic scope for detecting fraud. A person in Miami may be talking on an illegitimate cellular phone bearing an electronic serial number and mobile identification number scanned in Louisville, Ky. The home carrier may not receive the phone’s account data from the roaming market and the legitimate Louisville customer won’t realize fraud has occurred until the bill arrives, by which time the airtime and long-distance-often overseas-charges have escalated into the thousands of dollars.
“Clone n’ roam” is particularly detrimental for carriers. When cloning is isolated to one market, that carrier loses money on airtime, long-distance charges and other costs. Cost per fraud case can vary between $500 and $1,000. But when a criminal steals numbers in one market to use in another, the carrier in the first market must reimburse the carrier in the market where the fraud occurs. In this case airtime charges are paid out of pocket, whereas lost airtime in one’s own market essentially adds up to lost revenue. Capacity overload generated by illegitimate use of the network is a major concern for carriers as well, said Redman. Consequences include the missed revenue from legitimate customers and churn.
After introducing the use of PINs in New York City, whereby users enter a secret code before placing calls, Bell Atlantic Nynex Mobile thwarted cloning fraud for a while. Reported fraud cases dropped 80 percent between January 1995 and July 1995. But the blitz was only temporary. Fraud in the New York market, as well as in Philadelphia, is again on the rise, said Nick Arcuri, the company’s vice president of fraud control. Hackers’ recent ability to decipher PINs over-the-air contributes to fraud’s resurgence in home markets. Arcuri pointed out, however, there is no universal fraud trend among its markets. “It’s a mixed bag,” he commented.
In Los Angeles, also historically a high-volume cloning market, AirTouch Communications Inc. has seen arrests and convictions for cellular fraud increase, said spokeswoman Amy Damianakes. About 1,800 fraud arrests occurred in Los Angeles last year compared with 500 in 1994 and the conviction rate for cellular fraud is 90 percent, she said. Damianakes and other cellular carriers declined to comment on the amount of cloning and other types of fraud occurring in their markets. Industry-wide, companies hold their cards close in efforts to preclude criminals’ efforts.
Analysts, manufacturers and service providers alike agree authentication is the best and possibly the ultimate solution for eliminating cloning fraud. Manufacturers are building authentication-capable cellular infrastructure and subscriber equipment based on an industry standard. But the cost of equipment and time involved to refit infrastructure has slowed the technology’s implementation, Redman noted. Analog equipment also can be made authentication-capable.
For authentication to occur, a carrier’s digital network and the phones operating on the network each must possess a matching cryptographic algorithm, explained Les Owens, a noted expert on authentication who recently became director of logical and cross-technology security for AT&T Wireless Services Inc. The phones also must bear an encrypted key, a code unique to each phone that is programmed only once in the handset. The network communicates with the phone to validate its cryptographic algorithm and key and ESN-MIN numbers match its stored file for that customer. Technologists and analysts believe current scanning equipment cannot decipher these numbers.
Arcuri said Bell Atlantic Nynex Mobile plans to have authentication technology implemented in its New York market in the second quarter. The company has been selling authentication-capable phones since October.
Jackson, N.J.-based Systems/Link Corp. also is fighting roaming fraud. Its RoamEx product is a courier of real-time information between carriers, said company President Diane Sammer. Once a cellular call ends, RoamEx, which is connected to a real-time feed at a carrier’s switch, immediately delivers a call detail record to the home carrier’s profiler fraud detection system. Data sent includes the cellular caller’s phone number, the phone’s ESN and MIN, where and when the call originated and other information. If the carrier detects fraud, the illegitimate user is stopped instantly from placing more calls. RoamEx is used in conjunction with the company’s FraudTec profiler-installed at a carrier’s switch-as well as similar profiling systems. Carriers using RoamEx can draw from and feed Systems/Link’s FraudNet database.
Authentix Inc.’s launch product, the Roaming Fraud Prevention System, aims to prevent roaming fraud by verifying a subscriber’s identity, not just their phone, said Peter McCoy, the company’s vice president of marketing and planning. When a user wants to roam and initiates connection with the home market, his or her carrier confirms the phone’s ESN-MIN code. Carriers using Authentix’ system also require subscribers to provide a specified piece of personal information, such as mother’s maiden name, which is compared to stored data before a subscriber receives authorization to roam. Verification calls will be fielded through the National Dispatch Center Inc. in San Diego, said Los Gatos, Calif.-based Authentix. The product will be available by summer, said McCoy.
The industry needs an integrated solution to fight fraud, commented the Yankee Group’s Redman. Components include authentication, interchangeable subscriber input modules (SIMs), smart cards and voice verification. “If all carriers and equipment manufacturers move as one on this level, in 10 years most fraud could be eliminated,” reported Redman.
The Cellular Telecommunications Industry Association is scheduled to begin fraud technology trials next week, which should last three months. The project aims “to encourage product development that meets the needs of carriers and the wireless industry as a whole,” said CTIA. Technologies tested will address various kinds of fraud. Participants’ technologies must be available for immediate testing, must prevent-not just detect-cloning, prove interoperable in roaming environments and be scalable, for use by small and large carriers alike.
