Serious Fraud in the Telecom Sector Costs the Industry $17bn in Revenue a Year.
According to the report by the ITW Global Leaders’ Forum, most telecommunication companies do not contend with fraud traffic. This situation can lead to greater financial losses with the spread of Internet of Things, when billions of IoT devices could be hijacked or reconfigured. Put this in perspective, fraud costs nearly $30 billion globally last year according to the Communications Fraud Control Association (CFCA).
With the development of telephony, the ways of the fraud have changed. Today the most widespread way is redirecting to compromised devices for maximizing the length of the call. Another one is hijacking an entire telephone system to generate calls to high-price destinations.
With the growing popularity of smartphones, there was another chance to swindle. Many users install applications that are able to transmit the data of users illegally. In addition, with some applications this fraudsters can conceal the fact of breaking the law when receiving funds. By the report of ITW, some of this type of frauds are connected with organized crime.
It should be noted that telecommunication companies are not responsible for the passage of traffic through them now. The Financial Times reported the percentage of revenue lost to fraud had reduced exponentially over the past decade, from as much as 5 percent in 2005 to about 1 percent last year. Many companies have created special units or individual teams to combat illegal network activities.
Experts also make forecasts that fraud treats in telco industry will grow together with innovations era development and predict dangerous factors, such as:
Rise of eSIMs
As IHS Markit reports, the rise if embedded eSIMs will increase from 108 million in 2016 to about 1 billion shipments by 2021. The usability and convenience benefits of eSIMs are undisputable and valuable, communications service providers need to be prepared for their fraud vulnerabilities at the same time.
The GSMA’s Security Accreditation Scheme enhances mobile operators to assess the security of their Universal Integrated Circuit Card (UICC) and eSIM suppliers. And as a result there is no way to download applications to the (UICC) without the consent of the Mobile Network Operators (MNO). Nevertheless a great number of stakeholders engaged (eUICC manufacturer, MNO, subscription or an account manager), if any swindle or vulnerability will happen, it would be rather challenging to quickly identify and fix the core risk factor because it could occur at so many different areas and levels.
Extended reach of fake identities
Nowadays our digital identities bring lots of comfort and efficiency to everyday life. Using a single digital user identity, one is able to access financial services, e-commerce, travel or healthcare private accounts without having to remember a number of credentials.
An option to register and make an identity validation via Facebook or Google accounts is rather convenient for a single user, but together with convenience this freedom brings the risks of fake accounts creation and validation. Multi-factor identification also doesn’t cover those risks, for frauders create a digital bot with some accounts as well.
IoT rapid growth with poor anti-fraud protection in place
As mentioned above, IoT devices are growing in number. According to a survey by HPE, 85% of businesses will implement an IoT strategy by 2019, driven by the need for innovation and business efficiency. Going further, a recent study by Aruba (HPE company) supports the conclusions identified by NIST, revealing that security remains a key concern with 84% of organizations surveyed reporting an IoT- related security breach.
And not occasionally, last year 2017 was auspiciously pronounced the Year of the Hack by Forrester. We observed numerous distributed denial of service(DDoS) attacks, which were caused by hijacking light bulbs, smart TVs and security cameras.
5G will bring more devices, even more data, new service approaches and more complex networks to manage. Network virtualization functions (NFV) together with IoT are going to possess new type complexity, which means that 5G era is looking pretty attractive for the fraudsters.
Additionally, services architecture may possess potential threats. For instance, the arrival of VoLTE (Voice over LTE) means mobile calls are even more exposed to fraud because signaling is implemented in the mobile operating system instead of the mobile-based broadband network, as it is for 2G/3G telephony. Extensive part of these vulnerabilities can then be exploited remotely through mobile malware to profit fraudsters.