Email a colleague    

August 2010

Why Selling to Business Customers Makes You a High Risk Target for Fraud

Why Selling to Business Customers Makes You a High Risk Target for Fraud

“Buying fraud software is not a priority for us.  Our wholesale carrier is monitoring our traffic, we don’t offer causal access, and we have a good credit screening system in place.  We feel we’re pretty safe.”

As the head of sales for the most widely deployed telecom fraud solution in North America, I hear these arguments all the time from carriers who fail to appreciate today’s fraud threat.  Here, for example, are the real world cases of four telecoms who figured investing in fraud software was not a high enough priority:

  • A Business CLEC toyed with the idea of buying fraud software for two years but never signed a deal.  This spring they experienced a fraud hit costing them $100,000.  The carrier sought legal arbitration arguing that their wholesale carrier was supposed to provide fraud protection.  This single instance of fraud was almost twice as expensive as fraud management systems used by similar carriers.
  • A Broadband Provider said new security measures in place obviated the need for fraud software.  Within six months, they were hit again with a fraud loss of more than $125,000.  This loss contributed to a tough financial picture that ultimately led to the firm’s sale to another operator.
  • A VoIP and Unified Communications Provider declined to invest in fraud software citing improved PBX security practices.  Within three months, they were hit with fraud costing them $60,000 — enough to cover the cost of fraud management for a carrier of their size.
  • Another VoIP Carrier agreed to purchase a fraud management system, but never got around to paying for and installing it.  They subsequently experienced a major fraud hit — which cost them more than the software!  Soon thereafter, the company was purchased by another service provider.

Obviously these carriers gambled and lost.  I hope for their sake, the next time they visit Las Vegas they skip the casinos and see the Blue Man Group instead.

Now there’s nothing wrong with gambling.  We do it all the time in life and in business.  But unfortunately, the fraud problem cannot be reduced to simple gambling odds or risk formulas — the criminal mind is too cunning and resourceful.  If you close one breach, the bad guys are flexible enough to exploit other avenues of attack.

There’s a saying in the fraud business: “It’s not a question of whether you’ll be hit by fraud, only when, how bad, and from which direction.“

It’s that “from which direction“ part that gets a lot of people in trouble.  Too many carriers assume that fraudsters are playing from the same deck of cards they used five years ago.  Yes, you may indeed be “safe” from yesterday’s threats, but you are still highly exposed to today’s threats.

These days the biggest fraud risk factor is not casual dialing, calling cards, or poor credit screening — it’s simply selling telecom services to business.

Surprising, but true: The majority of fraud we see these days is PBX fraud, and that’s precisely the niche of most competitive carriers.  They sell services to small and medium businesses with a PBX.

The Highly Vulnerable PBX

The reason a PBX is so vulnerable is, frankly, it’s a marvelous piece of equipment — with more capabilities than a recent generation, high-end Class 5 switch.  For example, an IP PBX allows you to call in, listen to your voice mail, press a button to make an outbound call, send your voice mail to your computer, and many other functions.  You can also set up complicated follow-me routing such as: If a call comes to my office, let it ring three times then route it to my cell phone.  If the cell phone doesn’t answer, ring my home phone.

Trouble is: Hackers can gain access to those sophisticated features.  For instance, hackers can often detect what type of PBX it is from the voice greetings and prompts.  And if the default password for the PBX is 1234 and it hasn’t been changed, then boom: The fraudster is in the door.  Pretty soon, with an automated dialer, they start flooding the business with phone calls.  Exploiting the follow-me feature, they redirect those calls to expensive international destinations that can charge $2 a minute or more.

The typical small business that owns a PBX is caught completely off-guard by this stuff ... many are simply not worried about the security of a device that’s sitting in a closet somewhere.  They have no idea how risky that device can be and how much financial exposure it creates.

In many cases, the service provider figures they’re safe because they run reports every workday to detect unusual usage.  Problem is, if the bad guys hit you at 6 p.m. on Friday night, by the time you run that report on Monday morning, you could be out $50,000.

Now the customer is clearly responsible for the fraud traffic that comes through its PBX.  Most small businesses sign a contract with their carrier saying they assume full responsibility for their traffic.

Yet here’s the kicker: In the world of fraud, knowing who you’re supposed to bill doesn’t mean you get paid.  The small business may simply not have the cash to pay that $50,000 bill.  What’s more, the business could declare bankruptcy, in which case the chances of recovering that revenue will be practically nil.

Monitoring Your Network Aggressively

It’s never been a better time to monitor your network for fraud activity — and it makes sense even if you have a closed network and customers that you’ve screened for their creditworthiness.

The beauty of the latest fraud management software is it can notify you proactively.  Fraud typically doesn’t happen during business hours, so it’s essential that you receive alerts around the clock to limit the damage.

A rural LEC recently bought our Protector fraud solution and I got flack from some people for a selling our solution to a carrier with a small “low volume network.“  Yet within a month of installation, the PBX of one of their customers was hacked, prompting a weekend shutdown and a fraud loss of $200.  Without those alerts, the LEC could have easily lost $20,000 by Monday morning.

Conclusion

Just because yesterday’s fraud issues are under control doesn’t mean you’re home free.  The only secure telephone switch is one that’s not plugged in, and today’s sophisticated PBXs are proving to be a lucrative money-making machine for the fraudster.

Fraud software is a proven insurance policy for limiting your financial exposure.  Can your business really afford to delay that protection?

This article first appeared in Billing and OSS World.

Copyright 2010 Black Swan Telecom Journal

 

About the Expert

David West

David West

David West is executive vice president of Equinox Information Systems, responsible for developing and implementing the company’s long-term strategic plan, including product design and marketing.

Equinox Information Systems is one of the leading fraud and RA software vendors in the U.S.   Contact David via

Related Stories

  • IRSF Protection: Software that Blocks Telecom Fraud at the Enterprise PBX interview with Roger Ansin — The richest criminal path to International Revenue Share Fraud (IRSF) goes through the enterprise PBX.  Hijacking the PBX has cost businesses and telecoms countless billions of dollars in the past 15 years.  In this interview you’ll learn about this industry challenge and an affordable and proven tool that blocks IRSF at the enterprise.
  • Why Selling to Business Customers Makes You a High Risk Target for Fraud by David West — There’s a saying in the fraud business: “It’s not a question of whether you’ll be hit by fraud — only when, how bad, and from which direction.“  Citing four recent cases where operators were hit by fraud, this article explains why investing in a fraud soluiont — and keeping up-to-date — are so critical.  The article gives several examples of vulnerability points that fraudsters commonly exploit.

Related Articles

  • Mobileum Brings Analytic Scans & Minimally Invasive Treatment to Fraud Removal interview with Jason Lane-Sellers — Advanced analytics-driven fraud detection has arriving.  It enables targeted treatment of fraud cases, lessening customer experience mistakes such as blocking calls to legitimate businesses.
  • Fraud Management in Music City: The 2017 Equinox Protector User Group Meeting by Dan Baker — Program details of an upcoming fraud management conference in Nashville, Tennessee in November 2017.  It’s the Equinox Protector User Group Meeting.
  • Stealth Test Calls: A Powerful New Weapon in the Fight to Block SIM Box Bypass interview with Kenneth Mouton — SIM Box bypass is a highly challenging interconnect fraud to detect.  An expert explains the benefits of a new hybrid test call and CDR profiling systems.  Also discussed is a major anti-fraud breakthrough: stealth test calls.
  • Telecoms Need to Step Up their Game in Subscription Fraud and Customer Onboarding Control interview with Luke Taylor — Know your customer and subscription fraud systems critical investments for telcos today.  An expert discusses: delivering first-class onboarding controls; selecting risk mitigation priorities; and integrating back end systems.
  • WeDo Offers Fraud Detection via a New Cloud Platform interview with Thomas Steagall — A leading vendor introduces a cloud fraud control solution to serve the low cost, easy-to-deploy-learn-and-support requirements of many new operators, OTTs, and MVNOs.
  • Bypass Fraud Evolves: New Threats from Outgoing SIM Box Bypass & Spikes in CLI-Tampering interview with Philippe Orsini — An overview of explosive fraud threats like outgoing SIM box call dumping and CLI spoofing.  What roles do human experts play and technical platforms in battling SIM box via electronic warfare?
  • A Herculean Task: Battling Fraud in an Increasingly Complex Comms World interview with Michalis Mavis — A fraud control expert walks through some interesting cases, gives us his advice on FMS software, and offers four key lessons on the path to fraud management excellence.
  • The Race to Develop Cross-Industry “Know Your Customer” Biometrics to Verify Identity Remotely interview with Shankar Palaniandy — ground-breaking cross-industry ID verification software. India’s 1 billion-people-strong national identity database could become the model for cross-industry ID verification worldwide.  An expert trialing visual biometrics at several Indian banks explains the latest in Know Your Customer technology.  
  • The Early Warning Power of IPRN Test Call Detection in Blocking IRSF Fraud interview with Colin Yates — Detecting the test calls made to International Premium Rate Numbers (IPRN) is helping telcos block IRSF fraud.  An expert explains fraudster methods and the value of IPRN databases.
  • How Regulators can Lead the Fight Against International Bypass Fraud by Dan Baker — As a regulator in a country infected by SIM box fraud, what can you do to improve the situation?  A white paper explains the steps you can and should you take — at the national government level — to better protect your country’s tax revenue, quality of communications, and national infrastructure.
  • Global Interconnect Specialist iconectiv Ramps up its Fraud & Identity Solutions in Bypass & A2P Messaging interview with Bojan Andelkovic — Today’s IRSF, SIM Box, and SMS A2P frauds call for coordinated and broadly conceived FM programs.  A leading interconnect specialist explains the benefits of its managed services approach.
  • A Real-Time Packet-Based Solution to Detect & Block any Hijacked OTT Call interview with Paul David & Andy Gent — Two veterans of the SIM Box call bypass wars describe a new solution for stopping OTT bypass.  Get vital intel on the call hijacking of VIBER and other OTTs.  Learn why the revenue threat to roaming is as serious as it is to international calls.
  • Calculating the Fraud Risks of the Digital Era by Dror Eshet — Digital and mobile technology are an integral part of our daily lives.  Not only is the technology evolving at a frantic rate, but a leading fraud expert explains how fraudsters now team with one another to commit their crimes and magnify the risks to users, companies, and global infrastructure.
  • SIM Box Bypass: The Damage to Developing Nations and the Actions Regulators Must Take interview with Lex Wilkinson — Bypass fraud via the SIM box causes great revenue loss and poses many other dangers, especially in developing nations.  An expert discusses the regulator issues and recommended actions in the fight to control bypass.
  • Protecting the Roaming Cash Cow: Using a Global Test Network for LTE Deployments & Beyond interview with Florian Leeder — International is a premium service that operators must ensure the roaming business is reliable and optimized.  This article makes the case for a global roaming test service.  It explains the problems operators face in contracting with roaming partners, maintaining quality, and rolling out LTE.
  • Nine Simple Strategies for Protecting an Operator or MVNO from Telecom Fraud interview with Jim Bolzenius — An expert in telecom fraud management explains essential strategies for aiming a carrier’s or MVNO’s fraud prevention program in the right direction.
  • A Sweeping 239-Page Research Report on Fraud Management Solutions & Strategies by Dan Baker — TRI has released a comprehensive  analyst report on fraud management solutions.  The study is based on interviews with three dozen leading FM consultants and solution experts.  Download the free Executive Summary.
  • SMS Bypass Blocking: A Service that Protects & Maximizes A2P Revenue for Mobile Operators interview with Claire Cassar — A2P messaging is a multi-billion dollar revenue stream that mobile operators need to protect.  In this interview, you’ll learn how a managed service solution blocks bulk marketing messages and other bypass fraud in enterprise-to-operator SMS traffic.
  • Device Intelligence and Big Data Linkage: Guarding Consumer Access Points from the Fraudsters interview with Matt Ehrlich — Preventing subscription fraud today means supplementing traditional identity checks with a host of new processes, technology, and big data analytics.  A credit and fraud risk expert explains the roles of predictive scores, device risk assessment, and linkage analysis.
  • Mapping the Interconnect Resale Routes of Fraudsters: How a Global Robot Network Detects Voice and SMS Bypass interview with Xavier Lesage — SIM box voice bypass is a persistent problem, but now, bypass is spreading to SMS, OTT apps on the smartphone, and ghost trunks.  This interview explains the fast evolving bypass scene, highlights the strategy of fraudsters, and provides case studies.
  • Law Enforcement & Security in a World Where Industry and National Boundaries are Blurred interview with Mark Johnson — Are we destined to be forever reactive over security, fraud, and risk issues?  Or will we put wise standards, regulations, and frameworks in place that allow us to deliver technology that’s relatively secure and fraud-resistant? 
  • Thinking Outside the Comms Box: A New, Cross Industry Fraud Check Service that Telecoms can Leverage interview with Jim Rice — For decades, telecoms have done fraud and identity checks using comms industry data.  This interview explains the power of using cross-industry data to pinpoint known fraudsters and suspicious individuals in finance, retail, and other industry data sets.
  • Integrated Test Call & CDR Analysis: A New Tool in the Fight Against SIM Box & OTT Bypass Fraud interview with Kenneth Mouton — Why not combine the virtues of FMS CDR analysis and test call generators to create a single integrated tool for bypass fraud control?  The benefits of that idea, a tutorial on test call systems in SIM box detection, and OTT bypass via mobile services like VIBER are all discussed in this interview.
  • White Paper: How to Defend Your Network Against the New SIM Server Threat by Dan Baker — SIM box bypass is a very stubborn fraud problem: fraudsters are succeeding despite carriers‘ best efforts to defeat the fraud.  This white paper explains the impact of SIM Servers as a powerful stealth weapon of the fraudsters.  In turn, the paper discusses new technologies and strategies that can defeat the more sophisticated types of SIM box fraud emerging.
  • Intelligent Routing: The Case for Blocking IRSF Fraud at the SIP Session Border Controller interview with Jim Dalton — A bad fraud event can be a huge loss, especially to OTT players who provide a VoIP service.  In this interview, you’ll learn about an anti-fraud solution that works in concert with  intelligent routing.
  • A Privacy-Enabled Data Exchange that Expands Analytics Uses in Fraud, Credit Risk and Beyond interview with Michelle Wheeler — Analytics data today is managed in a privacy-negligent way.  This interview discusses an ingenious privacy and analytics exchange that allows telecoms, banks, and money lenders to trade fraud, credit risk and other data with each other in complete confidence and control.
  • From Rules Design to Adaptive Learning Systems in Telecom Fraud Control interview with Shankar Palaniandy — Adaptive and behaviorial learning systems are at the forefront of R&D in telecom fraud management systems.  Here an expert developer explains their usefulness in use cases such as IRSF detection, subscription fraud, application fraud, and voice biometrics.
  • Protecting 900+ MVNOs around the Globe from IRSF Fraud Pirates interview with Colin Yates — Telecom fraudsters are seeking a new, more vulnerable path to riches.  Their target: 900+ MVNOs around the globe who generally own no mobile networks, but sell mobile service virtually.  This interview with a fraud control expert explains what steps MVNOs must take to protect themselves from IRSF fraud.
  • Insider Fraud: How to Create an Anti-Fraud Culture in Your Telecom Organization interview with Mark Yelland — Thirteen years after the WorldCom scandal, experts generally agree that insider fraud remains a massive problem in telecom.  In this article you’ll learn the outlines of building a program to instill an anti-fund culture at your telecoms organization.
  • IRSF Protection: Software that Blocks Telecom Fraud at the Enterprise PBX interview with Roger Ansin — The richest criminal path to International Revenue Share Fraud (IRSF) goes through the enterprise PBX.  Hijacking the PBX has cost businesses and telecoms countless billions of dollars in the past 15 years.  In this interview you’ll learn about this industry challenge and an affordable and proven tool that blocks IRSF at the enterprise.
  • Combating SIM Box Fraud: Network Protocol Analysis to the Revenue Rescue interview with Lex Wilkinson — International call bypass is fraud perpetrated through SIM boxes equipped with dozens to hundreds of SIM cards that disguise international calls as local domestic phone calls.  This article give a backgrounder on SIM box detection techniques and talks about a new, rapid-detection technology based on network protocol analysis.
  • Making the Retail Operator Case for Anti-Fraud Protection via Wholesalers interview with Jan Dingenouts — Small retail operators are highly vulnerable to fraud, so enlisting the anti-fraud assistance of wholesalers is a great idea.  This interview explains useful negoiating tactics for retail operators and shows how wholesalers can lend support and grow their business at the same time.
  • A Wholesaler’s Fraud Prevention Creed: If You Lose the Trust, You Lose the Traffic interview with Robert Benlolo — Large wholesalers play a major role in keeping a lid on international telecom fraud.  In this interview, a wholesale voice and fraud management expert explains the role of its vendor systems and multi-threaded internal processes in protecting customers from fraud losses and shady wholesale suppliers.
  • Telecom Fraud & Credit Protection: A Desperate Need in Unbanked Regions of the World interview with Luke Taylor — Mobile money plus related fraud and credit protection are crucial to the prosperity of developing nations where most “unbanked” people live.  This article discusses the special issues of the unbanked market as well as broader revenue protection challenges and opportunities.
  • The Grey Market in Prepaid: Tactics to Combat International Bypass via the SIM Box interview with Ahmad Nadeem Syed — SIM box fraud is one of the toughest revenue threats that telecoms face.  It is the redirection of international calls via the internet to drop illegal VoIP traffic onto mobile networks.  This interview with an expert RA and fraud manager provides a detailed overview of the threat scenario, current SIM box tactics, and some creative ideas for bringing this problem under control.
  • Why Deep Packet Inspection Analysis is Essential for Detecting IP Fraud by Dror Eshet — The IP and mobile broadband revolution is in full swing: time for fraud managers to totally rethink their existing controls and areas of exposure.  In this article, a fraud expert discusses the power of DPI technology and the key impact its analysis is having in an FM world where knowing what’s inside the packets is as important as figuring out where those IP packages are going.
  • Flexibility & Fraud Management Systems: 8 Questions for Luke Taylor of Neural Technologies interview with Luke Taylor — Meeting today’s fraud threats is not just about technology, but also the speed of threat detection, the scanning of data outliers, and being enormously flexible.  A leading fraud management vendor takes a bead on current FM issues and points to where software is headed.
  • Recruiting Smartphone Users as Partners in Telecom Fraud & Security Control by Tal Eisner — Premium Rate Service (PRS) fraud and spyware on a mobile phone can ruin an operator’s relationship with a  subscriber.  The attacker uses malware to automatically generate phone calls, SMSs and data sessions to high cost (premium) phone numbers.  This article discusses a new crowd sourcing mobile app that addresses the problem and helps operators better manage the threat.
  • Roaming — if Managed Correctly --  Can Be a Spark to Revenues by Brian Silvestri — Major analyst firms are predicting that roaming revenues will almost double in five years.  What’s more, roaming remains at the pivot point of Wireless Carrier strategy.  Drawing lessons from the incredible rise of AT&T’s Digital One Rate Plan, this article points to future challengtes and raises key  questions about how mobile operators will ultimately come to terms with smartphone market profitability, service quality, and data roaming.
  • What Makes Good Fraud Management Software?  9 Questions for Tal Eisner of cVidya interview with Tal Eisner — How do you know if the fraud management software you own or are considering is a good one?  That’s the starting point of a conversation Black Swan had with a product strategist of a leading FMS vendor.  The article discusses everything from maturity and customer collaboration... to PBX hacking and enabling the FMS to actually enhance the relationship a telco has with its enterprise customers.
  • International Revenue Share Fraud: Are We Winning the Battle Against Telecom Pirates? interview with Colin Yates — International Revenue Share Fraud (IRSF) is one of the telecom industry’s most enduring problems.  Yet many of us have only a foggy notion of how IRSF works and how operators around the globe are coping with the issue. This interview covers the bases: the origins of IRSF, typical fraud scenarios, efforts to get international cooperation on the issue, and the future outlook of IRSF.
  • Fraud Management at Kyivstar in Ukraine interview with Anton Pivala — Kyivstar from Ukraine is a leading mobile operator in both  voice service quality and consumer value.  This case study gives details on Kyivstar’s fraud control program, reveals some of the unique operator challenges faced in Eastern Europe, and explains how Kyivstar is successfully winning the battle against  IRSF and SIMbox fraud.
  • Converging Criminal and Technical Intelligence: Secret to Combating the Explosion in Telecom Fraud and Security Threats interview with Mark Johnson — A fraud and security expert gives a big picture talk on why industry convergence is driving the need for a broader “revenue risk intelligence.”  His prescription?  Yes, telecoms surely need to excel in technical  infrastructure such as traffic usage data, IP intrusion appliances, and physical barriers.  But just as important is the need to pair that knowledge with the real-life lessons of fighting criminals in general.
  • Gratifying Ghana: Why Listening to Operators Trumps Vendor Technology and Size interview with Ludvig Lindqvist — The value of technically excellent software is negated if the solution is not implemented right.  This article makes a strong case that vendors need to focus on first things first — get in full synch with a service provider’s business, capabilities and unique needs before you recommend or implement any software.  Topics discussed include: the benefits of retaining in-house expertise, implementation challenges in Africa, and the meaning of “thorough engagement” with the client.
  • Roaming Fraud: The Importance of Real-Time Data Exchange and Analysis interview with James Stewart — The Near Real Time Roaming Data Exchange (NRTRDE) is a GSM standard allowing operators to gain fast access to the roaming records of service providers half way around the world.  The article explains how 65 carriers are using this data to combat fraud through a service bureau.  Learn about the dangers of international roaming fraud and the value a roaming service bureau brings to the table.
  • Is the M2M Device in Your Refrigerator a Telecom Fraud Threat? interview with Simon Collins — Machine to machine (M2M) technology is being applied in hundreds of monitoring apps, such as smart metering and health diagnosis.  It’s even being used to monitor driving patterns tied to auto insurance rates.  But this article shows the serious M2M fraud and security threat that stem from the theft of the SIM/USIM device used in every M2M device.  The article discusses the RA and fraud strategies operators need to employ to manage the risks that will come from wider M2M deployments.
  • “Fraud Is a Wind that Always Blows” and Other Wisdom From a 28-Year Old Software Firm interview with Gary Beck — Here’s the amazing story of how Beck Computers was pulled out of a Tier 1 account only to be brought back in a few months later.  The article explores software vendor service and support challenges, real-time computing requirements, advanced fraud management functions, and ways to educate management on the value an FMS investment.
  • Insider Fraud: Detecting Criminal Activity in the Telecom Sales Process interview with Tal Eisner — One of the biggest problems telecoms now face is fraud done inside their offices, dealer stores and firewalls.  This type of fraud is especially dangerous because it’s performed by people fully authorized to transact for the company.  The story dicusses the major causes of insider fraud, presents a case study, and explains basic techniques that software uses to detect insider fraud.
  • Fraud & Credit Risk Software: Setting the Client Free to Innovate interview with Luke Taylor — Not every operator wants the freedom to configure its own fraud management solution, but certain providers wouldn‘t live without such a “framework” approach .  This article discusses: the reasons why operator choose this strategy as it covers many other fraud and credit software implementation issues.
  • Why Selling to Business Customers Makes You a High Risk Target for Fraud by David West — There’s a saying in the fraud business: “It’s not a question of whether you’ll be hit by fraud — only when, how bad, and from which direction.“  Citing four recent cases where operators were hit by fraud, this article explains why investing in a fraud soluiont — and keeping up-to-date — are so critical.  The article gives several examples of vulnerability points that fraudsters commonly exploit.