The Telecommunications Industry Association wrote the standard for authentication technology five years ago and in March 1995, Tom Berson, a noted cryptologist and president of Anagram Laboratories, completed a study for the Cellular Telecommunications Industry Association’s Fraud Task Force that determined “in an authentication environment, cloning fraud as we know it today will be eliminated.”
The Palo Alto, Calif.-based firm projected authentication has a 20-year fix, said Tom McClure, CTIA director of fraud management. In other words, the sophistication of the technology is expected to take criminals an estimated 20 years to defeat.
So why aren’t carriers using the technology?
It takes a long time to implement, its too expensive, it will only protect a portion of our customers, or it isn’t a proven technology. These are familiar responses and certainly real business issues. On the flip side, however, carriers report the dramatic impact of fraud on revenues and the hassle it creates for customers. Carriers also report how aggressive they are in fraud-prevention, yet few are so aggressive as to push the technology promising the most benefit.
Authentication requires a network and the phones operating on it to carry a matching cryptographic algorithm. Each phone must bear a unique encrypted key that is programmed only once. When a user initiates a call, the network challenges the phone to verify itself and the phone responds. The phone’s algorithm, electronic serial number-mobile identification number combination and the key all must match the network’s data. The process is instantaneous and transparent to users. Authentication will be an underlying characteristic in digital network equipment for cellular and personal communications services. Analog cellular networks also can be refigured with the technology.
Some phone makers started shipping authentication-ready handsets last year. Some network infrastructure manufacturers have authentication capable equipment ready. Others are still in development stages. Some carriers are testing authentication, but few have revealed firm plans to implement the technology soon.
Fraud consumed $650 million in carrier revenues last year in the United States, according to CTIA. This averages almost 4 percent of a carrier’s revenue. But calculating actual profit loss is difficult, as costs include airtime revenue, access fees, administrative costs of handling fraud cases and fraud-related customer service.
While carriers absorb the dollar losses from stolen airtime, too many dissatisfied customers spells the dirty word, churn. Not just cloning, but mandatory use of PINs, suspended roaming privileges and overloaded networks are sending customers elsewhere.
Methods including radio fingerprinting, caller verification, personal identification numbers and profilers help fight cloning fraud. CTIA encourages an industry-wide effort against fraud and believes a multitiered approach using a mix of these tactics and authentication is the best plan of attack, particularly as it will take time to equip all customers with authentication capable handsets.
Fraud is a balancing game for carriers, explained Phillip Redman, a Yankee Group analyst. They may feel threatened by the dollars lost to fraud, yet don’t want to scare away potential investors and customers by elaborating publicly on the loss.
Leading the authentication pack is Bell Atlantic Nynex Mobile, on schedule to deploy the infrastructure this quarter.
“It’s not why authentication, it’s why not?” stated Nick Arcuri, the company’s vice president of fraud control. “It’s available through Lucent today.” The new equipment will be operating by year-end in New York, Boston, Washington, D.C./Baltimore and Philadelphia, said Arcuri. Bell Atlantic Nynex Mobile is expecting shipments from Lucent Technologies Inc. for initial deployment and later shipments from Motorola Inc.
There are two common misperceptions about authentication, said Arcuri. One is that “it takes penetration before its effective,” he said. Arcuri said his company’s research found that within two years of implementation, 60 percent of users will own authentication capable phones, as people switch phones about every three years. Cost is the other misperception, Arcuri said. “What have you done in terms of customer satisfaction, and what’s the customer dissatisfaction done to your churn numbers?”
Some customers “are lined up for the product*…*some are taking a wait-and-see approach,” commented John Bartucci, market planning manager for Halt!, in Motorola’s Cellular Infrastructure Group. Halt! is a portfolio of fraud fighting technologies, including authentication. Other Halt! systems are available today. Authentication he said is “on schedule for release later this year.”
“The best way to look at its [authentication’s] effectiveness is with GSM in Europe” where it has been in place since 1992, said Bartucci. Cloning is not a problem there, he added.
Why haven’t manufacturers developed authentication capable equipment sooner? “For a long time the carriers didn’t admit it was as serious as it was. In terms of economics it has only been very recent. There wasn’t the demand two or three years ago,” said Bartucci.
SBC Communications Inc. spokesman Walter Patterson said SBC will roll out authentication capable networks this year. Roseanna DeMaria, vice president of business security for AT&T Wireless Services Inc., wouldn’t reveal a launch date but said the company is aggressive in getting authentication to market.
“When you look at what fraud is costing our industry, you can’t quantify how aggravated customers feel. Dollar figures are not a fair reflection of fraud damages,” stated DeMaria. “Authentication is more than reasonable in terms of costs.”
For others, authentication is less urgent. Ameritech Cellular Services and GTE Mobilnet Inc. consider authentication a viable solution in the long-term. “The proof of the technology still needs to come forward,” stated Phil Balsano, manager of fraud prevention at Ameritech.
Susan Asher at GTE said the company is assessing authentication and plans to implement the technology as long as equipment costs are reasonable.
