Email a colleague    

May 2011

Insider Fraud: Detecting Criminal Activity in the Telecom Sales Process

Insider Fraud: Detecting Criminal Activity in the Telecom Sales Process

Telecoms spend an incredible amount of money on physical security to keep unauthorized eyes from seeing financial systems.  They spend another big chunk of money on technical fraud systems and cybersecurity to prevent external fraudsters from stealing the family jewels.

Yet one of the biggest problems telecoms now face is fraud done inside their offices, dealer stores and firewalls by people fully authorized to transact business for the company.  Welcome to the shady world of insider fraud, a growing area of operator concern according to fraud management vendor cVidya, who has just brought out a new version of its Fraud View solution to address the issue.

And here to tell us about it is Tal Eisner, cVidya’s senior director, Product Strategy, and a guy who was once an investigator and manager at two leading mobile operators in Israel.

Dan Baker: Tal, what’s the genesis of insider fraud?  And what’s your evidence that it’s becoming a bigger problem?

Tal Eisner: Dan, as you can imagine, much of the data about fraud activity is closely guarded by the telcos.  That’s only natural.  But what I will tell you is this: Our Fraud View product is installed at 130 telecoms in 63 countries and when a significant number of those customers raise a red flag around insider fraud, you can bet it’s a big problem.

Another indicator that insider fraud is growing is common sense.  Smartphones are expensive devices that are often subsidized by the carrier.  Plus the smartphone will soon double as a mobile wallet.  All these factors are going to make insider fraud easier to hide and more potentially damaging to an operator.

The forms of insider fraud vary greatly.  Sometimes the fraud is perpetrated by an insider alone.  In other cases, the insider helps someone outside commit fraud — sometimes deliberately, other times innocently.

The focal point of our investigation is all systems related to sales, the kind of systems that customer service reps, telemarketers and dealers have access to.

One of the drivers of insider fraud is all the pressure for wireless salespeople to meet aggressive revenue targets.  And when people can’t reach those targets, some will cook the numbers or artificially enhance the sales numbers by giving away services illegally — all to get their expected commission at the end of the month or quarter.

Are these things mostly happening within the enterprise accounts of telecoms?

No, it’s not limited to enterprise sales alone.  We’re talking about the entire sales process becoming corrupted.

To give you an idea, one of the large U.S. mobile carriers told me the case of a door-to-door sales rep who committed fraud to the tune of millions of dollars.  The salesman produced a great many deals of cell phones.  Unfortunately, those deals were fraudulent: The customer actually never signed the agreements; their  signatures were forged.

Much of the fraud happens because the fraudsters know how to navigate around the sales, prepaid, CRM or billing systems.

Is a lot of this happening because salespeople are getting their sales commissions upfront?

A few years ago, it’s true, salespeople were getting sales commissions upfront and so there was a danger of signing up unqualified accounts.  However, it doesn’t work like that these days.  Telecoms are more cautious about distributing commissions early these days.

What’s the fraud management application look like here?  Are you monitoring employee emails and Web searches?

Dan, I get this question all the time when I speak at conferences.  No, our application has nothing to do with desktop applications that monitor emails or what sites users go to when they surf the Web.

We basically screen sales or money-oriented areas in IT, such as prepaid and customer-service systems.  We are not recording all the activities being done by people.  The purpose of our sniffing is to enable sales managers and fraud investigators to detect and see abnormal activities.

For example, it’s normal for door-to-door salespeople selling iPhones and Blackberrys to immediately activate those phones as the sales happen.  But if that same salesperson is activating three iPhones at 4 a.m., you might suspect something is wrong.

Another indicator of fraud is checks or credit card authorizations bouncing, typically a month or two months after the user is using the service, but after the dealer received his commission.

A couple years ago, I attended a conference session where Vodafone Germany gave a presentation on a dealer fraud/assurance system that employed a cVidya platform.

That particular system pre-dates the new insider fraud solution I’m talking to you about.  The virtue of that system is that it detected how dealers were gaming the system in the way they juggled discounts or made offers in a way that maximized their commissions.

Some dealer- and in-house agents are far more daring in their fraud activities.  Take the case of a dealer’s agent who worked in one of the stores of a leading mobile company in Europe.  He was a very bright salesperson.  Unfortunately, he got himself into trouble by making some bad gambling bets, and he owed a lot of money to some bookies.  He didn’t have the money, so he cut a deal with the bookies, saying, “Come to my store every week or so, and I’ll activate for free the most expensive handsets I have in the store.  And each of these handsets will be deducted from my debt.“

So that’s exactly what happened.  Somebody came to the store on a regular basis, went directly to him and “bought“ handsets.  And because the agent was very fluent on what needed to be done to activate customers, he went undetected for a long time.  His strategy was not to open new accounts but to “glue” the illicit phones to existing corporate accounts, gambling that the corporations wouldn’t take notice if a few phone accounts were added to their bill.  But after a while, the enterprise customers were complaining about the extra charges, so he was eventually caught.  If you had been regularly monitoring this guy’s actions in the systems, you would have detected those kind of cases long before they got large enough to cause problems and jeopardize a key corporate account.

There are many cases where it would be hard to verify whether the dealer is doing right for the company.  Take the examples of special discounts for students, senior citizens, etc.

Yes, in fact, it’s a common practice to offer discounts to special demographic groups.  But at the end of the month, if 20 iPhones were sold on a student discount, how many of them were actual students?  To verify, you have to monitor ID cards and every other source of identification available.  Likewise you need to monitor the salesperson’s activities.

Nowadays, searching social-networking sites like Facebook might be another good place to find detailed information.

Actually in our latest version of Fraud View, we are integrating social networks as part of our investigation process — and we think we’re the first fraud vendor to do that.

This is our philosophy: Get the investigator as much relevant information as possible.  If it’s Facebook, MySpace, Twitter fine.  We’ve also integrated with Google Maps so if a subscriber gives you his home address and that address is in the middle of Central Park, you’ll see that immediately.  So in this way we’re giving the fraud investigator the broadest view or angle on the case to decide whether or not this is fraud or not.

From my many years as a fraud investigator, I know that the most important challenge an investigator faces is deciding whether or not the case you have in front of you is fraud or nothing at all.

This article first appeared in Billing and OSS World.

Copyright 2011 Black Swan Telecom Journal

 

About the Expert

Tal Eisner

Tal Eisner

Tal Eisner, Senior Director Product Strategy as cVidya Networks, has been active in the telecom arena for over a decade in several fraud management roles.

Tal started as a fraud prevention team leader at Cellcom, the largest mobile carrier in Israel, then served as Director of global consultancy services atCtel Ltd.  In 2008 Tal became Fraud Prevention Department Manager for Partner Communications Ltd (Orange Israel) until mid 2010.

At cVidya he manages fraud management products, strategy, road map and developments.  Tal is a graduate of the Tel Aviv University and earned his BA in political science.   Contact Tal via

Related Stories

  • Insider Fraud: How to Create an Anti-Fraud Culture in Your Telecom Organization interview with Mark Yelland — Thirteen years after the WorldCom scandal, experts generally agree that insider fraud remains a massive problem in telecom.  In this article you’ll learn the outlines of building a program to instill an anti-fund culture at your telecoms organization.
  • Converging Criminal and Technical Intelligence: Secret to Combating the Explosion in Telecom Fraud and Security Threats interview with Mark Johnson — A fraud and security expert gives a big picture talk on why industry convergence is driving the need for a broader “revenue risk intelligence.”  His prescription?  Yes, telecoms surely need to excel in technical  infrastructure such as traffic usage data, IP intrusion appliances, and physical barriers.  But just as important is the need to pair that knowledge with the real-life lessons of fighting criminals in general.
  • Insider Fraud: Detecting Criminal Activity in the Telecom Sales Process interview with Tal Eisner — One of the biggest problems telecoms now face is fraud done inside their offices, dealer stores and firewalls.  This type of fraud is especially dangerous because it’s performed by people fully authorized to transact for the company.  The story dicusses the major causes of insider fraud, presents a case study, and explains basic techniques that software uses to detect insider fraud.

Related Articles

  • Stealth Test Calls: A Powerful New Weapon in the Fight to Block SIM Box Bypass interview with Kenneth Mouton — SIM Box bypass is highly challenging interconnect fraud to detect.  An expert explains the benefits of a new hybrid test call and CDR profiling systems.  Also discussed is a major anti-fraud breakthrough: stealth test calls.
  • Telecoms Need to Step Up their Game in Subscription Fraud and Customer Onboarding Control interview with Luke Taylor — Know your customer and subscription fraud systems critical investments for telcos today.  An expert discusses: delivering first-class onboarding controls; selecting risk mitigation priorities; and integrating back end systems.
  • WeDo Offers Fraud Detection via a New Cloud Platform interview with Thomas Steagall — A leading vendor introduces a cloud fraud control solution to serve the low cost, easy-to-deploy-learn-and-support requirements of many new operators, OTTs, and MVNOs.
  • Bypass Fraud Evolves: New Threats from Outgoing SIM Box Bypass & Spikes in CLI-Tampering interview with Philippe Orsini — An overview of explosive fraud threats like outgoing SIM box call dumping and CLI spoofing.  What roles do human experts play and technical platforms in battling SIM box via electronic warfare?
  • A Herculean Task: Battling Fraud in an Increasingly Complex Comms World interview with Michalis Mavis — A fraud control expert walks through some interesting cases, gives us his advice on FMS software, and offers four key lessons on the path to fraud management excellence.
  • The Race to Develop Cross-Industry “Know Your Customer” Biometrics to Verify Identity Remotely interview with Shankar Palaniandy — ground-breaking cross-industry ID verification software. India’s 1 billion-people-strong national identity database could become the model for cross-industry ID verification worldwide.  An expert trialing visual biometrics at several Indian banks explains the latest in Know Your Customer technology.  
  • The Early Warning Power of IPRN Test Call Detection in Blocking IRSF Fraud interview with Colin Yates — Detecting the test calls made to International Premium Rate Numbers (IPRN) is helping telcos block IRSF fraud.  An expert explains fraudster methods and the value of IPRN databases.
  • How Regulators can Lead the Fight Against International Bypass Fraud by Dan Baker — As a regulator in a country infected by SIM box fraud, what can you do to improve the situation?  A white paper explains the steps you can and should you take — at the national government level — to better protect your country’s tax revenue, quality of communications, and national infrastructure.
  • Global Interconnect Specialist iconectiv Ramps up its Fraud & Identity Solutions in Bypass & A2P Messaging interview with Bojan Andelkovic — Today’s IRSF, SIM Box, and SMS A2P frauds call for coordinated and broadly conceived FM programs.  A leading interconnect specialist explains the benefits of its managed services approach.
  • A Real-Time Packet-Based Solution to Detect & Block any Hijacked OTT Call interview with Paul David & Andy Gent — Two veterans of the SIM Box call bypass wars describe a new solution for stopping OTT bypass.  Get vital intel on the call hijacking of VIBER and other OTTs.  Learn why the revenue threat to roaming is as serious as it is to international calls.
  • Calculating the Fraud Risks of the Digital Era by Dror Eshet — Digital and mobile technology are an integral part of our daily lives.  Not only is the technology evolving at a frantic rate, but a leading fraud expert explains how fraudsters now team with one another to commit their crimes and magnify the risks to users, companies, and global infrastructure.
  • SIM Box Bypass: The Damage to Developing Nations and the Actions Regulators Must Take interview with Lex Wilkinson — Bypass fraud via the SIM box causes great revenue loss and poses many other dangers, especially in developing nations.  An expert discusses the regulator issues and recommended actions in the fight to control bypass.
  • Protecting the Roaming Cash Cow: Using a Global Test Network for LTE Deployments & Beyond interview with Florian Leeder — International is a premium service that operators must ensure the roaming business is reliable and optimized.  This article makes the case for a global roaming test service.  It explains the problems operators face in contracting with roaming partners, maintaining quality, and rolling out LTE.
  • Nine Simple Strategies for Protecting an Operator or MVNO from Telecom Fraud interview with Jim Bolzenius — An expert in telecom fraud management explains essential strategies for aiming a carrier’s or MVNO’s fraud prevention program in the right direction.
  • A Sweeping 239-Page Research Report on Fraud Management Solutions & Strategies by Dan Baker — TRI has released a comprehensive  analyst report on fraud management solutions.  The study is based on interviews with three dozen leading FM consultants and solution experts.  Download the free Executive Summary.
  • SMS Bypass Blocking: A Service that Protects & Maximizes A2P Revenue for Mobile Operators interview with Claire Cassar — A2P messaging is a multi-billion dollar revenue stream that mobile operators need to protect.  In this interview, you’ll learn how a managed service solution blocks bulk marketing messages and other bypass fraud in enterprise-to-operator SMS traffic.
  • Device Intelligence and Big Data Linkage: Guarding Consumer Access Points from the Fraudsters interview with Matt Ehrlich — Preventing subscription fraud today means supplementing traditional identity checks with a host of new processes, technology, and big data analytics.  A credit and fraud risk expert explains the roles of predictive scores, device risk assessment, and linkage analysis.
  • Mapping the Interconnect Resale Routes of Fraudsters: How a Global Robot Network Detects Voice and SMS Bypass interview with Xavier Lesage — SIM box voice bypass is a persistent problem, but now, bypass is spreading to SMS, OTT apps on the smartphone, and ghost trunks.  This interview explains the fast evolving bypass scene, highlights the strategy of fraudsters, and provides case studies.
  • Law Enforcement & Security in a World Where Industry and National Boundaries are Blurred interview with Mark Johnson — Are we destined to be forever reactive over security, fraud, and risk issues?  Or will we put wise standards, regulations, and frameworks in place that allow us to deliver technology that’s relatively secure and fraud-resistant? 
  • Thinking Outside the Comms Box: A New, Cross Industry Fraud Check Service that Telecoms can Leverage interview with Jim Rice — For decades, telecoms have done fraud and identity checks using comms industry data.  This interview explains the power of using cross-industry data to pinpoint known fraudsters and suspicious individuals in finance, retail, and other industry data sets.
  • Integrated Test Call & CDR Analysis: A New Tool in the Fight Against SIM Box & OTT Bypass Fraud interview with Kenneth Mouton — Why not combine the virtues of FMS CDR analysis and test call generators to create a single integrated tool for bypass fraud control?  The benefits of that idea, a tutorial on test call systems in SIM box detection, and OTT bypass via mobile services like VIBER are all discussed in this interview.
  • White Paper: How to Defend Your Network Against the New SIM Server Threat by Dan Baker — SIM box bypass is a very stubborn fraud problem: fraudsters are succeeding despite carriers‘ best efforts to defeat the fraud.  This white paper explains the impact of SIM Servers as a powerful stealth weapon of the fraudsters.  In turn, the paper discusses new technologies and strategies that can defeat the more sophisticated types of SIM box fraud emerging.
  • Intelligent Routing: The Case for Blocking IRSF Fraud at the SIP Session Border Controller interview with Jim Dalton — A bad fraud event can be a huge loss, especially to OTT players who provide a VoIP service.  In this interview, you’ll learn about an anti-fraud solution that works in concert with  intelligent routing.
  • A Privacy-Enabled Data Exchange that Expands Analytics Uses in Fraud, Credit Risk and Beyond interview with Michelle Wheeler — Analytics data today is managed in a privacy-negligent way.  This interview discusses an ingenious privacy and analytics exchange that allows telecoms, banks, and money lenders to trade fraud, credit risk and other data with each other in complete confidence and control.
  • From Rules Design to Adaptive Learning Systems in Telecom Fraud Control interview with Shankar Palaniandy — Adaptive and behaviorial learning systems are at the forefront of R&D in telecom fraud management systems.  Here an expert developer explains their usefulness in use cases such as IRSF detection, subscription fraud, application fraud, and voice biometrics.
  • Protecting 900+ MVNOs around the Globe from IRSF Fraud Pirates interview with Colin Yates — Telecom fraudsters are seeking a new, more vulnerable path to riches.  Their target: 900+ MVNOs around the globe who generally own no mobile networks, but sell mobile service virtually.  This interview with a fraud control expert explains what steps MVNOs must take to protect themselves from IRSF fraud.
  • Insider Fraud: How to Create an Anti-Fraud Culture in Your Telecom Organization interview with Mark Yelland — Thirteen years after the WorldCom scandal, experts generally agree that insider fraud remains a massive problem in telecom.  In this article you’ll learn the outlines of building a program to instill an anti-fund culture at your telecoms organization.
  • IRSF Protection: Software that Blocks Telecom Fraud at the Enterprise PBX interview with Roger Ansin — The richest criminal path to International Revenue Share Fraud (IRSF) goes through the enterprise PBX.  Hijacking the PBX has cost businesses and telecoms countless billions of dollars in the past 15 years.  In this interview you’ll learn about this industry challenge and an affordable and proven tool that blocks IRSF at the enterprise.
  • Combating SIM Box Fraud: Network Protocol Analysis to the Revenue Rescue interview with Lex Wilkinson — International call bypass is fraud perpetrated through SIM boxes equipped with dozens to hundreds of SIM cards that disguise international calls as local domestic phone calls.  This article give a backgrounder on SIM box detection techniques and talks about a new, rapid-detection technology based on network protocol analysis.
  • Making the Retail Operator Case for Anti-Fraud Protection via Wholesalers interview with Jan Dingenouts — Small retail operators are highly vulnerable to fraud, so enlisting the anti-fraud assistance of wholesalers is a great idea.  This interview explains useful negoiating tactics for retail operators and shows how wholesalers can lend support and grow their business at the same time.
  • A Wholesaler’s Fraud Prevention Creed: If You Lose the Trust, You Lose the Traffic interview with Robert Benlolo — Large wholesalers play a major role in keeping a lid on international telecom fraud.  In this interview, a wholesale voice and fraud management expert explains the role of its vendor systems and multi-threaded internal processes in protecting customers from fraud losses and shady wholesale suppliers.
  • Telecom Fraud & Credit Protection: A Desperate Need in Unbanked Regions of the World interview with Luke Taylor — Mobile money plus related fraud and credit protection are crucial to the prosperity of developing nations where most “unbanked” people live.  This article discusses the special issues of the unbanked market as well as broader revenue protection challenges and opportunities.
  • The Grey Market in Prepaid: Tactics to Combat International Bypass via the SIM Box interview with Ahmad Nadeem Syed — SIM box fraud is one of the toughest revenue threats that telecoms face.  It is the redirection of international calls via the internet to drop illegal VoIP traffic onto mobile networks.  This interview with an expert RA and fraud manager provides a detailed overview of the threat scenario, current SIM box tactics, and some creative ideas for bringing this problem under control.
  • Why Deep Packet Inspection Analysis is Essential for Detecting IP Fraud by Dror Eshet — The IP and mobile broadband revolution is in full swing: time for fraud managers to totally rethink their existing controls and areas of exposure.  In this article, a fraud expert discusses the power of DPI technology and the key impact its analysis is having in an FM world where knowing what’s inside the packets is as important as figuring out where those IP packages are going.
  • Flexibility & Fraud Management Systems: 8 Questions for Luke Taylor of Neural Technologies interview with Luke Taylor — Meeting today’s fraud threats is not just about technology, but also the speed of threat detection, the scanning of data outliers, and being enormously flexible.  A leading fraud management vendor takes a bead on current FM issues and points to where software is headed.
  • Recruiting Smartphone Users as Partners in Telecom Fraud & Security Control by Tal Eisner — Premium Rate Service (PRS) fraud and spyware on a mobile phone can ruin an operator’s relationship with a  subscriber.  The attacker uses malware to automatically generate phone calls, SMSs and data sessions to high cost (premium) phone numbers.  This article discusses a new crowd sourcing mobile app that addresses the problem and helps operators better manage the threat.
  • Roaming — if Managed Correctly --  Can Be a Spark to Revenues by Brian Silvestri — Major analyst firms are predicting that roaming revenues will almost double in five years.  What’s more, roaming remains at the pivot point of Wireless Carrier strategy.  Drawing lessons from the incredible rise of AT&T’s Digital One Rate Plan, this article points to future challengtes and raises key  questions about how mobile operators will ultimately come to terms with smartphone market profitability, service quality, and data roaming.
  • What Makes Good Fraud Management Software?  9 Questions for Tal Eisner of cVidya interview with Tal Eisner — How do you know if the fraud management software you own or are considering is a good one?  That’s the starting point of a conversation Black Swan had with a product strategist of a leading FMS vendor.  The article discusses everything from maturity and customer collaboration... to PBX hacking and enabling the FMS to actually enhance the relationship a telco has with its enterprise customers.
  • International Revenue Share Fraud: Are We Winning the Battle Against Telecom Pirates? interview with Colin Yates — International Revenue Share Fraud (IRSF) is one of the telecom industry’s most enduring problems.  Yet many of us have only a foggy notion of how IRSF works and how operators around the globe are coping with the issue. This interview covers the bases: the origins of IRSF, typical fraud scenarios, efforts to get international cooperation on the issue, and the future outlook of IRSF.
  • Fraud Management at Kyivstar in Ukraine interview with Anton Pivala — Kyivstar from Ukraine is a leading mobile operator in both  voice service quality and consumer value.  This case study gives details on Kyivstar’s fraud control program, reveals some of the unique operator challenges faced in Eastern Europe, and explains how Kyivstar is successfully winning the battle against  IRSF and SIMbox fraud.
  • Converging Criminal and Technical Intelligence: Secret to Combating the Explosion in Telecom Fraud and Security Threats interview with Mark Johnson — A fraud and security expert gives a big picture talk on why industry convergence is driving the need for a broader “revenue risk intelligence.”  His prescription?  Yes, telecoms surely need to excel in technical  infrastructure such as traffic usage data, IP intrusion appliances, and physical barriers.  But just as important is the need to pair that knowledge with the real-life lessons of fighting criminals in general.
  • Gratifying Ghana: Why Listening to Operators Trumps Vendor Technology and Size interview with Ludvig Lindqvist — The value of technically excellent software is negated if the solution is not implemented right.  This article makes a strong case that vendors need to focus on first things first — get in full synch with a service provider’s business, capabilities and unique needs before you recommend or implement any software.  Topics discussed include: the benefits of retaining in-house expertise, implementation challenges in Africa, and the meaning of “thorough engagement” with the client.
  • Roaming Fraud: The Importance of Real-Time Data Exchange and Analysis interview with James Stewart — The Near Real Time Roaming Data Exchange (NRTRDE) is a GSM standard allowing operators to gain fast access to the roaming records of service providers half way around the world.  The article explains how 65 carriers are using this data to combat fraud through a service bureau.  Learn about the dangers of international roaming fraud and the value a roaming service bureau brings to the table.
  • Is the M2M Device in Your Refrigerator a Telecom Fraud Threat? interview with Simon Collins — Machine to machine (M2M) technology is being applied in hundreds of monitoring apps, such as smart metering and health diagnosis.  It’s even being used to monitor driving patterns tied to auto insurance rates.  But this article shows the serious M2M fraud and security threat that stem from the theft of the SIM/USIM device used in every M2M device.  The article discusses the RA and fraud strategies operators need to employ to manage the risks that will come from wider M2M deployments.
  • “Fraud Is a Wind that Always Blows” and Other Wisdom From a 28-Year Old Software Firm interview with Gary Beck — Here’s the amazing story of how Beck Computers was pulled out of a Tier 1 account only to be brought back in a few months later.  The article explores software vendor service and support challenges, real-time computing requirements, advanced fraud management functions, and ways to educate management on the value an FMS investment.
  • Insider Fraud: Detecting Criminal Activity in the Telecom Sales Process interview with Tal Eisner — One of the biggest problems telecoms now face is fraud done inside their offices, dealer stores and firewalls.  This type of fraud is especially dangerous because it’s performed by people fully authorized to transact for the company.  The story dicusses the major causes of insider fraud, presents a case study, and explains basic techniques that software uses to detect insider fraud.
  • Fraud & Credit Risk Software: Setting the Client Free to Innovate interview with Luke Taylor — Not every operator wants the freedom to configure its own fraud management solution, but certain providers wouldn‘t live without such a “framework” approach .  This article discusses: the reasons why operator choose this strategy as it covers many other fraud and credit software implementation issues.
  • Why Selling to Business Customers Makes You a High Risk Target for Fraud by David West — There’s a saying in the fraud business: “It’s not a question of whether you’ll be hit by fraud — only when, how bad, and from which direction.“  Citing four recent cases where operators were hit by fraud, this article explains why investing in a fraud soluiont — and keeping up-to-date — are so critical.  The article gives several examples of vulnerability points that fraudsters commonly exploit.