> Focus > Full Story
3G Mobile Fraud
in the mobile industry
is a safe bet that when the first 3G wireless systems open
for business, the first incidents of 3G fraud will follow
close behind. by CK Mah
3G, the value of calls will be determined by new and as
yet undefined criteria that will be much more complex to
predict, measure and cost
as commercial strategies for 3G develop and the nature of
3G fraud becomes increasingly apparent, even better defenses
will be needed
imminent third generation (3G) mobile networks and thoughts
will most likely turn to the radical new services they will
deliver or the staggering sums that must be paid for related
operating licenses. The investment committed to 3G licenses
is immense. Understandably, network operators are devoting
their best efforts to minimize any elements that could influence
the revenue flows necessary for redeeming this investment.
All the same, it safe to presume that when the first 3G
wireless systems begin operations, 3G fraud will not be
far behind. Forewarned is forearmed, which is why now is
the time to examine likely scenarios and solutions. At this
stage, a degree of speculation is inevitable, but we can
at least identify some of the issues that will have to be
Is Fraud Inevitable?
answer to this question is debatable, but it is a fact that
people will always try to exploit weaknesses in any telecom
network. Attractive rewards and a perceived low risk of
detection make mobile communications particularly susceptible.
Accepted estimates show that network operators of GSM communications
are suffering fraud losses of three to five percent of their
organizations' annual revenue. At the same time, annual
losses due to fraud are expected to cost the global telecoms
industry billions of dollars.
There is an important lesson to be learned from the prepaid
experience in the mobile phone market. It was hoped that
prepaid charging would reduce companies' exposure to fraud
but new forms of fraud have quickly developed around the
various token and credit card top-up methods. The rapid
growth of fraud in the prepaid market caught many network
operators by surprise.
Thus, it is essential that operators do not make the same
mistakes when launching their 3G services. As 3G will be
built on the convergence of several core technologies, the
new services will provide a natural meeting point for three
broad categories of fraud, as explained below:
Voice fraud: Generally, these encompass fairly 'low-tech'
types of fraud that are exploited by large numbers of small-time
Data fraud: This includes IP front-end fraud and
hacking carried out by computer software hackers and code
Credit card/financial services fraud: Conducted by
fraudsters who set up accounts in their own name; this type
provides unauthorized access to funds.
As an illustration, banking services offered over an IP
link, via a mobile device, will provide rich pickings for
the smart fraudster who is able to combine these three fraud
types to exploit an illegal profit potential that 3G typically
will provide. Because 3G networks will be designed as channels
for relatively high-value transactions, the risks of fraud
will escalate significantly.
This is a function of falling call charges combined with
the introduction of myriad services across the network such
as banking and retailing. It is vital that 3G operators
take active steps to minimize their exposure by protecting
known areas of vulnerability. Many service or technological
providers have identified the three major issues of concern
that are related to these known exposures.
concerns the contractual relationship between the network
operators, service providers and end-users. The critical
question is how to judge the financial value of the content
of a 3G phone call and who carries the responsibility for
that value at various points during a transaction. In short,
when something goes wrong or fraud occurs, who should pay
for the loss? Only for simple purchases would the loss be
confined to the value of the failed transaction. If loss
or theft of 'intangible' goods occurred, for example, in
share dealing, the network operator would need to avoid
liability when customers incur heavy losses as a consequence
of a 'hacked' transaction or of being unable to contact
their online share service to buy or sell.
There are enormous security implications here. A stolen
phone could give complete access to owners' PIN codes, credit
facilities, share portfolio and banking details. In addition,
network operators will need to consider the practicalities
of how and to whom payment for purchased goods is made.
Will they, for example, be added to the cost of a phone
bill? These are complex areas requiring expert guidance
from the legal profession.
launch of 3G services will create a dramatic shift from
current practice in which every call generates a definable
call data record (CDR) that allows charges to be easily
determined and measured, according to the destination and
duration of a call. The CDR is the key to fraud management,
credit and debt management, revenue assurance and to an
increasing extentthe sales and marketing function.
With 3G, the value of calls will be determined by new and
as yet undefined criteria that will be much more complex
to predict, measure and cost. Variables, such as the amount
of bandwidth used, the value of the transaction or the type
of data downloaded, will all be factors to take into account.
At the current time, the nature of 3G charging is as open
to interpretation as are the predictions about which services
will be most popular and profitable.
Services will have different value potential, whether downloading
data, graphics, video, music or playing games online. Furthermore,
it will no longer be possible to determine call destination.
Whatever conventions are agreed for pricing 3G services,
a sophisticated new model will be needed for assessing market
value. This will not be possible to gauge by call records
in combating fraud will depend on the criteria used to analyze
caller profiles, which will be presented in many different
ways. Analysts will need to understand the multiple aspects
of constructing a 3G caller profile to observe what is happening
on their network before they begin to identify potential
types of fraud. One certainty is that traditional rule-based
solutions will be totally inadequate for dealing with 3G
Together with sophisticated analytical tools for profiling
callers, there will be a need for teams to cope with new
frauds delivered both at the telephony platform and at the
fixed IP and information technology infrastructure.
The latter will extend beyond the traditional telecoms domain
into the banking and commercial arenas, where a major threat
will be from insiders with direct access to the data streams.
Of the current fraud threat, a significant proportion is
believed to arise from internal activity, occurring because
authorized users have the ability to get away with unauthorized
Within an IP environment and across enterprise networks,
this situation is likely to become an increasing issue,
putting pressure on network operators to maintain the highest
standards of vigilance internally as well as externally.
Developing Solutions for 3G Fraud
there is much uncertainty about the impact of 3G, telecommunication
service providers can draw reassurance from new techniques
and solutions that are already at an advanced stage of development.
Most telecommunication service providers are committed to
an evolutionary strategy that builds on its experience in
fraud detection and management. In the 3G context, the behavior
anomaly analysis approach (based in part on neural networks)
puts operators in an advantageous position to tackle fraud,
as attention is focused on data access, not content.
Being one step removed from data and IP packets, this approach
allows the issue to be visualized more clearly than in the
traditional rules-based system, which would be able to adapt
much less efficiently, if at all.
Most telecommunication service providers are already using
similar techniques for tackling IP networks with a number
of its clients. The real issue is the ability to analyze
the IP data packet service, where content is invisible and
destination effectively unknown.
there will be a steep learning curve for network operators,
service providers, hardware manufacturers and fraud management
solution providers. These professionals will face the challenge
of developing counter-measures for a threat that is not
yet in existence. Much can be learned from previous experience
and the proven methods already developed by fraud management
This past knowledge represents the best weapons for controlling
future threats. Undoubtedly, as commercial strategies for
3G develop and the nature of 3G fraud becomes increasingly
apparent, even better defenses will be needed.
CK Mah writes for Network Computing-Asian
Send your feedback to firstname.lastname@example.org