Digitalization’s Double-Edged Sword: Telcos Face More Fraud in 2019
Posted December 5, 2018
Nobody said digitalization would be easy, but with fraud losses expected to top $30 billion next year, telcos don’t want it to be their undoing, either.
As it stands now, the accelerating move into digital channels to meet customer demands, the boom in mobile adoption worldwide and the need to fend off new and incumbent competitors, all make digitalization a strategic imperative.
But the same technologies these firms are leveraging in their transformation efforts also make it easier for cyberthieves to defraud operators and their customers. How? By using stolen identity credentials harvested from an endless number of corporate data breaches to open fraudulent accounts, launch account takeover (ATO) attacks, and more.
From cable TV and landline telephony, to broadband Internet and mobile handsets and services, this rapidly evolving industry is creating rich opportunities for fraudsters.
According to a global fraud study by the Communications Fraud Control Association, fraud in all its forms cost the telecommunications industry more than $29 billion globally last year. By other estimates, it could consume between 3% and 10% of operators’ bottom lines—pushing potential losses even higher. Either way, digital channels are quickly becoming the avenue of attack behind a growing share of those losses.
The Tempting Telco Target
Cybercriminals are becoming more and more indecipherable from customers through credentials-enabled impersonation, with subscription and account takeover fraud now accounting for more than $12 billion in annual losses. In subscription schemes, thieves use pilfered credentials to open up or hijack customer accounts in order to acquire premium handsets and post-paid service contracts that they can then resell online while defaulting on the bill.
And in many scams, all the usual footwork isn’t even necessary. In July, for instance, news hit that that some Android smartphones sold in developing markets were found to contain pre-installed malware that collects a user’s personal information, depletes victims’ data allowance, and triggers fraudulent subscription charges on pre-paid credit. According to industry estimates, the identity fraud rate in the mobile space rose 60% last year.
As bad as that is, there’s something even worse.
Not Just an Account, an Ecosystem
However they obtain personal identity information, fraudsters seem to have everything they need to impersonate legitimate telecom customers and take control of their accounts.
In a so-called SIM swap attack, for instance, fraudsters use stolen identity information to trick an unsuspecting (indeed, often complicit) telecom call center employee into moving the victim’s mobile phone number to a different SIM card. Once that happens, thieves can reset passwords on the victim’s online accounts—Amazon, Instagram, bank and credit card accounts, and more—by using the victim’s mobile phone number as a recovery method.
Which means it’s no wonder ATOs are now the second biggest area of fraud for telecoms, tripling in recent years to $5.1 billion in losses.
As a result, effective protection against subscription fraud and account takeover in telecommunications depends on accurately distinguishing between legitimate customers and cybercriminals in real time.
But telcos are in the midst of a tough juggling act. As digitalization and enhanced customer experience takes top billing as strategic imperatives for telcos, security cannot be sacrificed or left by the wayside. Operators need an enterprise-level fraud solution that can effectively detect high-risk or anomalous behavior, as well as spot the fraudulent use of personal credentials at account creation, secure logins and protect against ATOs. No sweat, right? Think again.
Optimizing Digitalization—and Defense
On the one hand, telecoms have got to find a way to verify the true identity of customers and block fraudsters. On the other, they’d better do it without creating even 10-seconds of additional friction or risk losing prospects and customers who will have no problem jumping to a competitor that can offer a better, faster digital experience.
Factor in an average $7 million in costs that go with a successful data breach, as well as oppressive regional regulatory fines and the crushing effects of bad publicity, and the risks from fraud grow exponentially.
Perhaps it’s no surprise then that a number of telcos appear to be adopting modern, digital identity-based user verification and assessment technologies designed to help them detect and block fraudsters, without creating the kind of friction that can negate the positive effects of digitalization. According to operators that have deployed these solutions, success requires device intelligence and behavioral analytics capable of real-time assessment of each customer, at the point of each transaction.
Given the rise in SIM swapping and other forms of attack, solutions with access to global, crowdsourced identity intelligence that draws from thousands of trusted sources in numerous industries worldwide, may prove critical in instantly spotting and blocking cybercriminals.
Digitalization Meets Deterrence
Amid all of this, there’s also cause for optimism. One European telco, for instance, noted a significant reduction in fraud attempts they were experiencing after deploying ThreatMetrix digital identity solutions. After launching a new mobile service, fraud attempts were from 13% of all transactions to just 2% in a matter of months. This led them to suspect that cybercriminals had moved on to other easier targets as they made their defenses more sophisticated. And it was accomplished while delivering the fast, friendly experience customers demand.
Other operators may take different approaches, of course. But whatever the path they choose, sooner is better than later. As Forrester Research points out, companies in a number of sectors are starting to shift security from something that can have a negative impact on the user experience into something that can enhance it. And those that succeed can see revenues grow 4 to 8 percent above the average for their market. Isn’t that what digitalization is all about?
To learn more about latest mobile and online fraud trends in the telecom industry check out a special webcast entitled, Reimagining Telecom Fraud Prevention through the Digital Identity Network.