Archives ||  About Us ||  Advertise ||  Feedback ||  Subscribe-
-
   Home
   Archives
 About Us
   Advertise
 Feedback
 Subscribe

Home > Focus > Full Story

Focus: 3G Mobile Fraud

Fraud in the mobile industry

It is a safe bet that when the first 3G wireless systems open for business, the first incidents of 3G fraud will follow close behind. by CK Mah

With 3G, the value of calls will be determined by new and as yet undefined criteria that will be much more complex to predict, measure and cost

Undoubtedly, as commercial strategies for 3G develop and the nature of 3G fraud becomes increasingly apparent, even better defenses will be needed

Mention imminent third generation (3G) mobile networks and thoughts will most likely turn to the radical new services they will deliver or the staggering sums that must be paid for related operating licenses. The investment committed to 3G licenses is immense. Understandably, network operators are devoting their best efforts to minimize any elements that could influence the revenue flows necessary for redeeming this investment.

All the same, it safe to presume that when the first 3G wireless systems begin operations, 3G fraud will not be far behind. Forewarned is forearmed, which is why now is the time to examine likely scenarios and solutions. At this stage, a degree of speculation is inevitable, but we can at least identify some of the issues that will have to be addressed.

Is Fraud Inevitable?
The answer to this question is debatable, but it is a fact that people will always try to exploit weaknesses in any telecom network. Attractive rewards and a perceived low risk of detection make mobile communications particularly susceptible. Accepted estimates show that network operators of GSM communications are suffering fraud losses of three to five percent of their organizations' annual revenue. At the same time, annual losses due to fraud are expected to cost the global telecoms industry billions of dollars.

There is an important lesson to be learned from the prepaid experience in the mobile phone market. It was hoped that prepaid charging would reduce companies' exposure to fraud but new forms of fraud have quickly developed around the various token and credit card top-up methods. The rapid growth of fraud in the prepaid market caught many network operators by surprise.

Thus, it is essential that operators do not make the same mistakes when launching their 3G services. As 3G will be built on the convergence of several core technologies, the new services will provide a natural meeting point for three broad categories of fraud, as explained below:

Voice fraud: Generally, these encompass fairly 'low-tech' types of fraud that are exploited by large numbers of small-time operators;

Data fraud: This includes IP front-end fraud and hacking carried out by computer software hackers and code writers; and

Credit card/financial services fraud: Conducted by fraudsters who set up accounts in their own name; this type provides unauthorized access to funds.

As an illustration, banking services offered over an IP link, via a mobile device, will provide rich pickings for the smart fraudster who is able to combine these three fraud types to exploit an illegal profit potential that 3G typically will provide. Because 3G networks will be designed as channels for relatively high-value transactions, the risks of fraud will escalate significantly.

This is a function of falling call charges combined with the introduction of myriad services across the network such as banking and retailing. It is vital that 3G operators take active steps to minimize their exposure by protecting known areas of vulnerability. Many service or technological providers have identified the three major issues of concern that are related to these known exposures.

Contractual Liability
This concerns the contractual relationship between the network operators, service providers and end-users. The critical question is how to judge the financial value of the content of a 3G phone call and who carries the responsibility for that value at various points during a transaction. In short, when something goes wrong or fraud occurs, who should pay for the loss? Only for simple purchases would the loss be confined to the value of the failed transaction. If loss or theft of 'intangible' goods occurred, for example, in share dealing, the network operator would need to avoid liability when customers incur heavy losses as a consequence of a 'hacked' transaction or of being unable to contact their online share service to buy or sell.

There are enormous security implications here. A stolen phone could give complete access to owners' PIN codes, credit facilities, share portfolio and banking details. In addition, network operators will need to consider the practicalities of how and to whom payment for purchased goods is made. Will they, for example, be added to the cost of a phone bill? These are complex areas requiring expert guidance from the legal profession.

Operational Implications
The launch of 3G services will create a dramatic shift from current practice in which every call generates a definable call data record (CDR) that allows charges to be easily determined and measured, according to the destination and duration of a call. The CDR is the key to fraud management, credit and debt management, revenue assurance and to an increasing extent—the sales and marketing function.

With 3G, the value of calls will be determined by new and as yet undefined criteria that will be much more complex to predict, measure and cost. Variables, such as the amount of bandwidth used, the value of the transaction or the type of data downloaded, will all be factors to take into account. At the current time, the nature of 3G charging is as open to interpretation as are the predictions about which services will be most popular and profitable.

Services will have different value potential, whether downloading data, graphics, video, music or playing games online. Furthermore, it will no longer be possible to determine call destination. Whatever conventions are agreed for pricing 3G services, a sophisticated new model will be needed for assessing market value. This will not be possible to gauge by call records alone.

Technological Implications
Success in combating fraud will depend on the criteria used to analyze caller profiles, which will be presented in many different ways. Analysts will need to understand the multiple aspects of constructing a 3G caller profile to observe what is happening on their network before they begin to identify potential types of fraud. One certainty is that traditional rule-based solutions will be totally inadequate for dealing with 3G fraud.

Together with sophisticated analytical tools for profiling callers, there will be a need for teams to cope with new frauds delivered both at the telephony platform and at the fixed IP and information technology infrastructure.

The latter will extend beyond the traditional telecoms domain into the banking and commercial arenas, where a major threat will be from insiders with direct access to the data streams. Of the current fraud threat, a significant proportion is believed to arise from internal activity, occurring because authorized users have the ability to get away with unauthorized acts undetected.

Within an IP environment and across enterprise networks, this situation is likely to become an increasing issue, putting pressure on network operators to maintain the highest standards of vigilance internally as well as externally.

Developing Solutions for 3G Fraud
While there is much uncertainty about the impact of 3G, telecommunication service providers can draw reassurance from new techniques and solutions that are already at an advanced stage of development.

Most telecommunication service providers are committed to an evolutionary strategy that builds on its experience in fraud detection and management. In the 3G context, the behavior anomaly analysis approach (based in part on neural networks) puts operators in an advantageous position to tackle fraud, as attention is focused on data access, not content.

Being one step removed from data and IP packets, this approach allows the issue to be visualized more clearly than in the traditional rules-based system, which would be able to adapt much less efficiently, if at all.

Most telecommunication service providers are already using similar techniques for tackling IP networks with a number of its clients. The real issue is the ability to analyze the IP data packet service, where content is invisible and destination effectively unknown.

Learning Curve
Inevitably there will be a steep learning curve for network operators, service providers, hardware manufacturers and fraud management solution providers. These professionals will face the challenge of developing counter-measures for a threat that is not yet in existence. Much can be learned from previous experience and the proven methods already developed by fraud management specialists.

This past knowledge represents the best weapons for controlling future threats. Undoubtedly, as commercial strategies for 3G develop and the nature of 3G fraud becomes increasingly apparent, even better defenses will be needed.

CK Mah writes for Network Computing-Asian Edition.
 Send your feedback to editor@networkmagazineindia.com

<< >>

- <Back to Top>-  
© Copyright 2001: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by The Business Publications Division of the Indian Express Group of Newspapers. Site managed by BPD