The holiday season is just around the corner, and wireless carriers will be looking to cash in by marketing their products and services as gifts to consumers enjoying a strong economy.
But another group is waiting to capitalize on wireless service during the season-fraudsters.
In the scurry to get as many phones out the door as possible this holiday season, wireless carriers, especially those that do not require contracts, are likely to fall victim to fraud.
“The holiday season is historically the period of time when fraudsters come out of the woodwork,” said Michelle Wheeler, product marketing manager at Lightbridge Inc., which provides a pre-subscription fraud detection system. “The amount of write-offs we see in the March-to-April timeframe-90 to 120 days after the fact-is usually a huge amount higher than at other times of the year.”
The wireless fraud industry is big business, estimated to have cost the industry more than $1 billion in lost revenues last year. The good news is that cloning fraud, the stealing of electronic serial numbers and mobile identification numbers from legitimate wireless phones for use in unauthorized handsets, is on the decline. Tom Wheeler, president of the Cellular Telecommunications Industry Association, last month said cloning fraud is decreasing because carriers have deployed authentication technology.
According to a study conducted in April by the Yankee Group, authentication systems are expected to be installed in the top 50 markets by next year. But a majority of the installed subscriber base continues to use analog phones that are not authentication-ready or do not have A-keys installed.
Foiled by technologies designed to stop cloning fraud, however, fraudsters are following the path of least resistance and returning to their original plan of action-subscription fraud.
“It’s horrendous,” said Michael Armendariz, a cellular fraud investigator for a leading wireless service provider. “That’s all I’m doing right now is subscription-fraud cases.”
Richard Cahill, vice president of strategic planning and business development at Authentix Network Inc., said in the early stages of wireless deployment, fraudsters were able to commit subscription fraud because billing systems were not fast enough. Fraudsters would have access to service for up to 90 days before a bill was even sent.
When better and faster billing systems were introduced, fraudsters were forced to find ways to commit technical fraud-cloning fraud, roaming fraud and tumbler fraud. Now as systems are being deployed to stop technical fraud, fraudsters are returning to subscription fraud.
“It will not go away,” said Bob Fike, vice president of technical strategies for Subscriber Computing Inc., which has a post-call profiling system designed to identify fraudulent users and stop them from racking up charges they don’t intend to pay. “Whatever we find as a way to stop one approach, they’ll find away around it and move on to the next most easiest thing to do.”
Fike said large carriers can battle fraud by adopting a four-tiered solution that incorporates a screening process for potential customers, a profiling system to identify fraudulent users, a pre-call verification system designed to ensure calls are legitimate and a technology check such as RF fingerprinting or authentication, which verifies that the equipment is legitimate.
Smaller carriers that can’t afford to put all four systems in place should evaluate their fraud problems and attack them specifically, said Fike.
“I think one of the main reasons we’re seeing subscription fraud back on the rise is you have five competitors in the same city and they’re all anxious to get that same subscriber,” said Cahill. “All the new entrants paid quite a bit of money to get their systems going, and nobody wants to turn someone away.”
But once a fraudulent user is on a carrier’s system, said Lightbridge’s Wheeler, the company already has lost money. The average fraudulent subscriber costs carriers $467 per write-off, she said.
Lightbridge’s four-step subscription fraud product is part of an integrated package that provides a variety of customer acquisition processes.
The first step validates potential customers’ address information and confirms that it is an actual address. If the customer passes, the information is sent to a subscriber data analysis tool, which cross-checks the subscriber information against itself to determine, for instance, if the area code on the customer’s phone number matches the address location. The system then takes the information returned from the analysis and assigns a score to the customer based on models created from industry data.
Finally, Lightbridge provides a negative-file database, which includes $880 million of write-off and shut-off data from throughout the industry. Potential customers are checked through the system to determine if they have been written off by other wireless companies.
The whole process, including the customer-acquisition segment, takes about 14 seconds, said Wheeler. The fraud portion takes only about 3.5 to 4 seconds.
It is critical that pre-subscription screenings, such as Lightbridge’s product, are unobtrusive to the customer.
“There’s a balance between the screening that you do up front and the time it takes to activate, and carriers are really trying to strike the optimum on that balance where they turn the fewest people away, but have the maximum amount of protection,” said Cahill. “You don’t want to gather too much information as to turn someone away, but you don’t want to gather so little that you leave yourself exposed.”
Wheeler said not only have carriers experienced an impact on their bottom line with Lightbridge’s fraud products, but they see the effects of the system in day-to-day operations.
“We’ve done 20 implementations of the fraud tools for different sizes and types of carriers, and every single time we’ve caught a dead person trying to apply for service on the first day,” she said. “In one case, we caught six dead people in a three-hour period of time. They’re not good payers and even worse, they’re harder to collect from.”
Part of Lightbridge’s implementation of its system includes a two-day training course to help point-of-sale and fraud personnel identify suspicious activities and characteristics, and how to deal with potentially fraudulent subscribers.
Fraudsters often obtain personal information by stealing wallets, hacking into computer systems and even digging through garbage cans. Armendariz said in many cases he has worked on, the fraudster is typically a woman involved in drugs who enlists the help of other women to go up and down streets stealing mail. The fraudsters keep anything containing personal
information and use it to obtain credit reports, which allows them to order equipment using stolen credit-card numbers.
The best way for point-of-sale employees to slow subpicture ID, said Armendariz. Even that is not fool proof.
Lightbridge trains carriers to also require potential subscribers to provide their name, address, social security number, work phone number, home phone number, date of birth and drivers license number.
“If it is a legitimate person, they can pop that off the top of their head in a second and it is not imposing on them,” said Wheeler. “A high indicator of fraud is if you ask for any of those pieces of information, except maybe the social security number, and you ask for a picture ID and they start yelling at you.
“If you are a fraudster, and you’re not really who you’re representing yourself to be, you’re going to blow as much smoke as possible to try to shift attention away from the fact that you can’t provide that data,” Wheeler continued.
If fraudsters can beat the screening systems, they use a variety of combinations to maximize the amount o
f time they can use the service without paying for it.
“It can get as complicated as it gets to ensure that it’s fr
ee,” said Cahill, who noted that fraudsters often will use fraudulent information to get a legitimate account and then will transmit the MIN/ESN information to another market to be used in a cloned phone. This allows them to exploit the time gap it takes to transmit information from a roaming market to the home market.
By never using the phone in the home market, said Cahill, fraudsters can beat the radio-frequency fingerprinting checks.
Authentix’s product is a roaming fraud verification system that identifies users with unusually high amounts of roaming usage and then asks those customers to provide information to verify that they are the real subscriber.
But “if you impersonate someone and you remember who you impersonated-their name, address, social security number-you would actually be in a position to confirm that identity,” said Cahill.
Fraudsters are creative and smart, and wireless fraud is here to stay, say experts.
“The way I always view subscription fraud is that it is a behavioral science, and when you’re dealing with something that is the end result of a creative mind, the possibilities are actuall, infinite.” Wheeler noted.