Date post: | 24-May-2015 |
Category: |
Business |
Upload: | cvidya-networks |
View: | 340 times |
Download: | 0 times |
OPERATIONAL RISK MANAGEMENT & COMPLIANCE
© 2012 – PROPRIETARY AND CONFIDENTIAL INFORMATION OF CVIDYA
Fraud Management Industry Update
Webinar, September 2014
Dr. Gadi Solotorevsky
CTO – cVidya Networks
Ambassador, Distinguished Fellow and RA Team Leader – TM Forum
Agenda
CFCA survey
TM Forum classification and survey
Account take over
Fighting Fraud with Cyber Intelligence
2
CFCA Survey 2013
CFCA Survey – Fraud Growth
Global fraud loss survey trend – based on previous surveys
Global fraud losses showing a 15% increase in 2013
CFCA Fraud Survey
5
CFCA Fraud Survey
6
CFCA Fraud Survey
7
CFCA Fraud Survey
8
CFCA Fraud Survey
9
CFCA Fraud Survey
10
CFCA Fraud Survey
11
CFCA Fraud Survey
12
Telephone numbers in the United Kingdom
13 Source Wikipedia: Telephone numbers in the United Kingdom
Telephone numbers in the United Kingdom
14
Source Wikipedia: Telephone numbers in the United Kingdom
CFCA Fraud Survey
15
CFCA Fraud Survey
16
CFCA Fraud Survey
17
CFCA Fraud Survey
18
Key Analysis and Observations
Revenue Share Fraud (International and National) continues to be the biggest reported threat at GSMA
– Both in terms of the number of cases and the value of losses reported
Revenue Share Fraud (International and National) is Driving Other Fraud Types
– Most subscription Fraud and PBX Hacking cases reported were linked to revenue share service abuse
PBX Hacking involving Supplied Equipment
– Several PBX hacking cases involved equipment that was not supplied by the operator
Usage monitoring is the primary method of detection cited
– FMS, High Usage Monitoring, NRTRDE/HUR, CDR Analysis etc
Is this due to a narrow focus?
Would these issues be a
better control point
An Impact of convergence?
Is this too reactive?
Fraud Classification Model – TM Forum
Fraud Classification Model – TM Forum
• Why do we need an effective FM Classification Model?
Fraud Scenario Referred Fraud Types Statistics
“Fraudster generates a high volume of calls to a PRS number range that he owns in another country with no intention to pay.”
• PRS
• IRSF
• PRS/IRSF
• Bypass/SIMBOX
• PABX Hacking
• Clip-on
• Stolen Line
• Subscription
• Dealer
• Payment
• PBX / Voicemail
• Roaming out
Unique: 39%
Multiple: 44%
Structured: 17%
An example from the 2012 TMForum Fraud Survey
CFCA 2011 f Survey Fraud types
22
Fraud Classification Model - Challenges
• Distinct names for the same Fraud Type
• Distinct interpretation depending on the core service (Mobile, Fixed, Cable, etc.)
• Multiple Frauds perpetrated in the same Fraud Case
• Fast changing nature of Fraud
• Need for a multi-dimensional analysis
• Need for different levels of abstraction
• Existence of several similar Ad hoc “Fraud Type” lists
Proposed Classification Model - TM Forum
Summary of Relations Between
Enablers – Fraud Types
Subscription Fraud
Hacking of Network Elements
Arbitrage
Mobile Malware
ENABLERS
(Vulnerabilities)
FRAUD TYPE
(Fraudulent Scheme)
TELE
CO
MS
SER
VIC
E FR
AU
D
Cloning of SIM Card/Equipment
Protocol/Signalling Manipulation
Tariff Rates/Pricing Plan Abuse
False Base Station Attack
Misconfiguration of Network/Service Platforms
International Revenue Share Fraud
Reselling of Calls
Wholesale Fraud
Private Use
Commissions Fraud
Traffic Inflation for Credits/Bonus
Charging Bypass
Interconnect Bypass SIMBox Gateway
OBJECTIVE
(Scope)
Make Money/Profit
Obtain Free Services/Goods
Obtain Credits/Bonuses
Obtain Commissions
Obtain Money
Access User Bank Account
Pretending to Be the Operator
……….
BA - Related Fields
Fraud Management
Security Management
Revenue Assurance
- Revision of Internal Procedures, Processes and Products/Services
- Implementation of Technical Solutions at Network and Service Platforms
Development, Enhancement and Reconfiguration of Fraud Management Systems (FMS)
Account Takeover
What is it?
Account Takeover Fraud (ATO, also known as ‘Facility takeover’ fraud) occurs where a
person (the ‘facility hijacker’) unlawfully obtains access to details of the ‘victim of takeover’,
namely an existing account holder or policyholder, and fraudulently operates the account or
policy for his or her own (or someone else’s) benefit.
Methodologies often form around the social engineering of existing customers or customer
service and sales processes
– Web Self Service portals
– IVR
– Upgrades, additional lines & Sim Swap
? ? ?
2008
Account Takeover Overview
As a result of the Credit crunch operator behaviours have changed encouraging the growth in ATO worldwide (particularly well developed and competitive markets)
As an example - Growth of ATO in the UK
– 330% in 2009, In 2010 a further 70% growth
Upgrades or Additional Lines?
– In 2008 - 92% additional, 8% upgrades
– In 2009 – 55% additional, 45% upgrades
– In 2010 – 37% additional, 63% upgrades
– Further growth in 2011 & 2012
This growth has been replicated worldwide
Source: Cifas
2009
2010
Issues and Causes
Pressure points in your organisation and market allowing ATO;
– Focus on Customer retention & Churn reduction
– Simplifying Customer Services (CS) processes
– Customer satisfaction
– Push for reductions in CS costs and ACHT
– Reliance on simplistic Knowledge Based Authentication (KBA)
– Internal sales pressure on staff
– Desire for growth
Fraudsters manipulate these pressure points
– KBA, can be weak (ease of use) and simply compromised via social engineering
– CS staff also liable to social engineering, based on sales & time pressures and related financial incentive
– Less restrictions and checks in place on existing customer processes (compared to new applications)
– Greater profit value for fraudsters (top offers for existing customers)
Typical flow & Pressure points
LOGISTICS AGENT
CRM
WWW
IVR
Social engineering Data Misuse
Process Abuse Logistics Manipulation
Account Takeover
30
http://diario.elmercurio.com/detalle/index.asp?id=%7B3c91699d-fa58-4d2a-a3d0-496a46fc9a55%7D
Account Takeover
31
http://diario.elmercurio.com/detalle/index.asp?id=%7B3c91699d-fa58-4d2a-a3d0-496a46fc9a55%7D
SIM Swap Fraud
http://www.finextra.com/blogs/fullblog.aspx?blogid=7766
32
Fighting Fraud with Cyber Intelligence
33
SIM Card Trade
Anonymous SIM card trade on an
underground market
− It isn't clear whether these cards are stolen from customers or the company itself
− These SIM cards are available in big quantities
Fraudsters Guides
Hand Picked Set of Guides for Beginner Fraudsters – Premium. Including fraud method of how to get your own SIM cards from anywhere.
How to steal people's information
Account Take Over Guide
Stolen Identities are cheap on the darknet
37
Source: http://www.itspecialist.com/Home/FeatureArticles/TabId/208/ArticleId/99/language/en-US/#.VBftKdK_nmI
Customer’s & Employees Information
XXX workers' emails leaked by YYYY pre-leak
Online publication of XXX clients and workers' information
– Client's details (name, cell number, ssn on file, address)
XXX.net users and passwords (published in an underground forum):
Public Web
• “How to” blogs and forums
• Customer’s complaint sites
• Paste Sites
Dark-Net
• Underground Markets – sales of fraud services,
SIMs, Identities and Internal information
• Underground Forums – Tutorials and methods to
perform different types of fraudulent activities
Sources of Information
Dark-Net Search
– The Dark-Net search, looks all over the Internet for information, located mostly in hackers and fraudsters’ forums and boards
– This information is hard to reach, sometimes hidden in closed forums or chat rooms behind passwords and vetting processes
– The Dark-Net search can be tailor-made to CSPs specific needs and gives a clear picture about the company’s reflection in the illegal zones of the web
THANK YOU! www.cvidya.com
42