YOU ARE AT:Archived ArticlesFraud more difficult to detect as industry advances

Fraud more difficult to detect as industry advances

WASHINGTON-The wireless industry will enter the third millennium A.D. as the envy of the telecommunications industry. It is arguably the most competitive sector. It is innovative, with three different digital standards and third-generation wireless becoming reality. And it has conquered a huge nemesis: cloning.

“Cloning is containable. It was not containable in 1993 and 1994. [Now there are] myriad types of fraud … there is nothing uniquely wireless. Our issues are less uniquely wireless … the cable industry had its own [technical fraud issues. Now everyone has] more general types of fraud,” said David Diggs, vice president for wireless security for the Cellular Telecommunications Industry Association.

When the wireless industry used to think of fraud, the word was synonymous with cloning. Cloned phones meant as much as $300 million in yearly losses, said Diggs. But now cloning has been replaced by various types of fraud, many if not all, are found in other retail and subscription businesses.

“Fraud has fallen off the radar screen [but] don’t take your eye off the ball … it is the cost of doing business,” said Thomas W. McClure, CTIA assistant vice president for wireless security.

Fraud now comes in various forms and wireless carriers need to be aware of them all.

“The bad guys are not going away. Some will adapt, some new ones will emerge,” said Doug Meyn, assistant vice president of sales for GTE Telecommunications Services.

But if the concept of fraud is hard to grasp now that it comes in many shapes, sizes and forms, it might be impossible for some carriers to get their arms around it because even in its hey-day, the cost of cloning was dwarfed by the growth in revenues, said Robert Roche, CTIA assistant vice president for policy and research.

Plus, carriers are changing, merging and converging services. An argument needs to be made to management that savings found in convergence-whether it is bundled services or two companies coming together-need to be devoted to fraud management, said Meg Haight, assistant vice president of employee and asset protection for GTE Services Corp.

GTE currently is awaiting approval from the Federal Communications Commission to transfer its telecommunications licenses to Bell Atlantic Corp. License transfer is considered a key part of the merger process. In addition, the Department of Justice last week approved, with conditions, a proposed alliance between GTE, Bell Atlantic and AirTouch Vodafone plc.

Cloning was the buzzword for fraud in the United States because U.S. wireless carriers used analog technology (which was easy to clone) while the rest of world was beginning to use forms of digital technology. These countries just now are discovering new forms of fraud.

For example, Great Britain’s One 2 One’s head of fraud and security, Mike Speight, found out that as much as 30 percent of his company’s debt was due to fraud. He and his company set out to change that. In 1998, his department had nine people. A year later that number had more than doubled to 22 people, all working to combat fraud.

Another difference between cloning and these new types of fraud is that while a technical solution was created to kill cloning, there does not seem to be a quick easy kill for these other types of fraud.

Stopping fraud is “not really possible … we can help manage the problem but we cannot actually stop the problem,” said Michelle Wheeler of Lightbridge Inc.

Are the customers who they say they are?

“Subscription fraud is much, much worse than cloning because the public is involved. Getting your credit restored is a nightmare” for the identity theft victim, said Henry Enright, director of fraud solutions for AT&T Wireless Services Inc.

There are various types of subscription fraud that carriers must guard against.

One type of fraudster walks into a place of business-for example an electronics store that sells wireless phones that acts as a distribution channel for a carrier-and signs up for mobile-phone service using a fake identity.

Not only could the customer be using an identity he has stolen, that person might not even be alive.

Companies such as Lightbridge and Equifax Inc. have developed products that check vital information against itself to prove people are who they say they are.

Fraud detection products are designed to flag a fake identification and make it impossible for the fraudster to get on a system.

Specifically, Equifax’s FraudScan suite of products simultaneously checks for cohesiveness among names, addresses, phone numbers and drivers license formats.

Fraudbusters are adamant that carriers must check every subscriber every time even if the sales force objects.

“Business partners will not see fraud as one of their highest priorities … as they try to meet sales quotas,” Haight said.

Keeping the fraudster from violating the company’s system and costing money and-in the cases where identity theft is involved-preventing the fraudster from destroying the credit of the identity theft victim, needs to be a priority among carriers.

“The best way to handle fraud is to never let them on your network … there is an important process to screening” every account, Wheeler said.

Once a carrier has established that a customer is who he says he is, then it might be wise to gather some basic information from the customer about potential calling habits because the profile of the best customer also can be the profile of a fraudster, Wheeler said.

Is an insider committing fraud?

Another type of fraud also can involve fake identifications but may, at first, be more difficult to detect because systems put in place to check for fraud are breeched by those who know the systems.

Employees or ex-employees know the system and can think of ways to get around the system. SBC Communications Inc. learned this the hard way-twice.

Last summer, five or six ex-employees set up a scam to open accounts in a town near the Texas/Mexico border. Because that area has a lot of immigrants, the check for older social-security numbers-most believe a number that is less than seven years old could pose a risk-did not raise any eyebrows. But when a town of fewer than 1,000 people was listed as the home address of hundreds of new subscribers in mere weeks, someone alerted the fraud department.

Measures were taken and passwords established so the activation center would know when a current vs. former employee was attempting to activate an account. That was only partially successful when in the fall, 16 more accounts were activated using the same scam.

Distribution channels also can deceive a carrier. Fraudsters will find the “weakest link,” said John Frost, fraud management consultant for Compaq Computer Corp.

There are ways to protect yourself, said Kevin Thigpen, vice president and general manager of the prepaid services division of Boston Communications Group. Identify unusual calling behaviors by “cannibalizing your customer base,” Thigpen said. He added that “if you see that a distribution channel has a really good sales record but zero usage you might have a problem.”

Prepaid

“Is there going to be fraud in prepaid? I think the fraudster thinks there is going to be fraud in the prepaid market,” McClure said.

While fraudsters may be looking for ways to commit fraud using the prepaid service, carriers often forgo fraud detection services when starting to offer prepaid service. This is not the way to go, said Konnie Sheen, manager of fraud and security of Southwestco Wireless (now a part of Bell Atlantic Mobile). “Involve the fraud people upfront” so they can find potential problems, Sheen said.

When Southwestco began offering prepaid services five years ago, cloning was the fraud topic. It never occurred to the co
mpany that fraudsters would use the prepaid phone to operate a scam.

And, Southwestco was right. For a while.

Now that cloning has been
conquered, fraudsters have begun using the prepaid services-mostly by refilling accounts with stolen credit cards-as a way to get a wireless phone without paying for it. By the time the carrier finds out from the credit-card company that the card number used to refill an account is invalid, that airtime has been used.

No silver bullet

So as wireless carriers enter a new millennium they must stop thinking about technical fraud-something you can touch, feel and smell, Wheeler said-and start looking at other retail companies for solutions and answers. But, LightBridge’s Wheeler reminds carriers, “there is no silver bullet” to combat fraud.

ABOUT AUTHOR