NEW YORK-Fraud is following the course of least resistance, trending largely but not exclusively toward subscriber identity theft and away from the use of wireless networks as a means to steal service from carriers.
On a worldwide basis, fraud costs wireline and wireless carriers as much as $55 billion annually, according to the Forum for International Irregular Network Access. At best, however, dollar values quantifying the overall problem are educated guesses.
Furthermore, as mobile communications evolves into mobile transactions, the magnitude of and liability for other types of fraud committed over the phone also will have to be assessed. In 2004, Meridien Research projects that online merchants in the United States will lose about $60 billion, or nearly 7 percent of total sales, to fraud. Celent Communications estimates that financial institutions in this country will lose $8 billion annually by 2004 as the result of crimes related to identity theft.
“For us as third-party vendors, carriers don’t want to share information with us. One of the major difficulties in fraud prevention is the only hard numbers we can look at are for the amounts identified and caught. That makes it difficult to estimate a return on investment. There also are some who will say that’s the cost of doing business,” said Baruch Promislow, Portland, Ore., in charge of fraud detection and prevention initiatives for Amdocs Ltd.
Pre-screening prospective customers before activating them is the proverbial ounce of prevention since each successful perpetuator of telecommunications fraud can rack up hundreds of thousands of dollars daily in stolen services. Depending on the number of databases a carrier is prepared to access, each pre-authorization check can cost as little as five cents or as much as $17, with the average spent in the range of 50 cents to $1, he said.
“Fraud is cyclical, and there are two points of attack, technical fraud and subscription fraud. Today, for various reasons, technical fraud is difficult. It’s not cost-effective to do cloning in a digital world, so thieves are devoting most of their efforts to subscription fraud because stealing or forging credentials is not difficult.”
Subscription fraud, is “nine-tenths of the battle” in the cellular world today, but there are many variations on the theme and many other way to commit fraud, said Martin Gomez, North American sales manager for the software division of Subex Systems Ltd., in Napean, Ontario, a suburb of Ottawa. Subex, which develops fraud detection and prevention systems for wireline and wireless carriers, is a member of many of the industry groups dedicated to minimizing theft of services, including the Communications Fraud Control Association and the GSM Fraud Forum.
Once criminals get service, they can engage in “chaining,” forwarding calls to another cell phone, which then forwards it to another, and so on, Gomez said. Others take cell phones from rental cars or garbage cans and use them as pay phones for long-distance call-selling operations. Another technique is to take out service, never use the phone and ship it overseas, typically to a third-world country, where the handset is retrofitted with a new Electronic Serial Number and Mobile Identification Number.
“Prepaid cards and international fraud are starting to become a big issue, especially in South America. After the cards are issued, they are shipped to the manufacturer, where they go through several computer systems. Their information can be copied anywhere in these systems,” Gomez said.
Within the United States, it has been reported that a well-known organized crime figure, John Gotti Jr., was apprehended and charged with using stolen credit cards to recharge prepaid cards, which a front company he ran bought in bulk.
Although the conventional wisdom is that digital phones cannot be cloned, “believe it, there are ways to clone them,” Gomez said.
“There are little mom-and-pop stores selling cellular services that can’t afford authentication, and the phones they sell have been used to forward calls to hot, hacked PBX’s (Private Branch Exchanges).”
The analog half of a dual-band PCS-analog handset is its Achilles’ heel. There have been reports, Gomez said, of fraudsters posing as homeless people standing on the side of a highway with signs that say, “Will work for food.” Behind the sign is a so-called swap box to jam the digital signal and a scanner to extract the ESN and MIN numbers from the analog part of the phone.
RF fingerprinting, which identifies individual handsets by their unique signal characteristics, is beginning to make headway as a tool to ferret out which phones have been stolen and no longer match their original ESN and MIN numbers, Gomez.
Once the camel’s nose is under the tent, that is, that the thieves have gained unauthorized access to a wireless network, the challenge is to differentiate their behavior from those of legitimate subscribers: safety users, who rarely use their phones, and high-revenue producers, who are intensive users of mobile communications.
“Most of the tools on the front line today allow us to discriminate between legitimate and unauthorized users. … In the United States, it is well accepted in the law that companies can do most anything to protect their revenue stream, but for privacy protection, they cannot use this kind of information for marketing,” Promislow said.
It is essential to “monitor the heck out of usage” for a new subscriber’s first month of usage, Gomez said. It also is important to screen for customers who churn off a carrier’s network, then try to obtain service again by using variations on the name and address under which they originally signed up.
The advent of advanced data services will create its own potential points of weakness for criminals to exploit and carriers to guard against.
In the Philippines and in Sweden, where bank account information is incorporated into wireless phones, “there is not necessarily fraud in the phone but fraud perpetrated over the phone service,” Gomez said.
There also are concerns that “denial of service could shut down an entire Web site, and that viruses could be spread from one phone to another,” he said. To handle that problem, “sniffer” applications will be needed to monitor the TCP/IP. Transmission Control Protocol/Internet Protocol provides communication across interconnected networks.
“The big challenge is determining what detection mechanisms we need to put in place. We know the originating and terminating number, the time and date the call started and ended. There are transaction records of billable events, what they look like, where they came from and their value. We need to know the economic value of the transaction,” Promislow said.
“In the IP world, there is content and e-commerce and a flow of revenue in all directions, so the fraudster can screw up the business model for advertisers, content providers and carriers. This environment has not been defined, and there are new challenges about liability, about who owns the customer and who has to pay for fraud.”
The 802.11b fixed wireless access technology also poses the real potential for identity theft as a means to a variety of
unlawful ends, according to Prom-islow and Wynne Schwartau, president of Interpact Inc., San Francisco. The company advises Fortune 500 corporations and government agencies about security issues, including cyber terrorism.
“Right now, I’m not aware of any phone company looking to set up a business model that includes 802.11b. But there are opportunities with 802.11b for cloning fraud and falsifying IP addresses. Generally, issues of security and fraud are tightly coupled because only authorized users are supposed to have access to the network,” Promislow said.
Schwartau, who has no security issues with wireless wide area networks, called 8
02.11b “a total disaster,” and said he believes the only way to secure it is “to close it down, dump i
t until a decent protocol is approved.”
Drive-by sniffers easily can obtain Internet and Intranet access codes and e-mail identifiers of a legitimate 802.11b network user. Then, thieves can assume the legitimate user’s identity to engage in a host of pursuits, not only for stealing goods and services but also for sending threatening letters to elected officials and visiting pornography sites, Schwartau said.
