Protecting Mobile Networks from Fraudulent Attack
By: Eugene Bergen Henegouwen
The problem of fraud when delivering mobile services is a real issue not often discussed by operators. But as increasingly well-organized and sophisticated fraudsters turn their attention to wireless communications, the industry needs to audit its current anti-fraud capabilities. Eugene Bergen Henegouwen, Executive Vice President, EMEA, for Syniverse Technologies, discusses the challenges of protecting networks and their subscribers.
Fraud is almost as old as the wireless industry itself. Indeed,Syniverse launched its fi rst mobile fraud solution in the early 90s. Fighting fraud is far from finished, though. The rapid growth of the mobile industry worldwide and the exponentially increasing amount of roaming data that needs to be exchanged among operators has brought on an associated fraud problem that has grown in parallel with the industry. In fact, mobile fraud, which is being committed in many cases by organized groups who understand how to exploit technical loopholes, is considered quite a lucrative area for today’s criminals.
In an era when mobile operators are subject to increasing price pressures and are facing new, innovative competitors, this problem can no longer be considered simply a “cost of doing business.” Fraud is an issue that must be continually addressed by the entire industry. So where does mobile fraud happen? Here in the United States, operators have taken a strong stance on fraud and have ensured it is diffi cult to perpetrate on either a network or via devices. The CDMA standard, for example, was developed with fraud prevention in mind. A CDMA device is protected by an Electronic Serial Number (ESN), which acts as the authentication facility between the devices and the network. So in the CDMA world, instead of approaching fraud from the ESN side, criminals are more likely to try to obtain handsets or network access fraudulently and build their attacks from there.
Operators usually try and close the leak by using a fraud management system (FMS), such as Syniverse FraudX®, which monitors usage records. When using an FMS, data from mobile switches is used to create a unique profi le for each subscriber based upon a subscriber’s incoming and outgoing call records. Then, after the subscriber profi le is established, each subscriber’s calling activity can be compared to their regular call patterns and to known fraudulent calling patterns. There needs to be an allowance for subtle variations in subscriber activity that updates the subscriber’s profi le with new, legitimate calling patterns as they emerge. Any significant deviation from a subscriber’s normal profi le generates a system alarm, and the case is usually reviewed by a fraud analyst who can act rapidly on the information. If fraud is detected, an operator then moves to cut off access and try to recover funds.
"With GSM devices, the Subscriber Identity Module (SIM) has proven the preferred gateway of attack. International Revenue Share Fraud (IRSF) involves the cloning and resale of copied SIM cards by organized criminal organizations and can be very costly for affected operators."
Eugene Bergen Henegouwen
Executive Vice President
EMEA, for Syniverse Technologies