Dustin Clinard, Managing Director at RISK IDENT, on how to reduce romance fraud and account takeover in the telecommunication industry
Identity theft has always been a nightmare for banks, insurers and financial institutions. Over the past few years, however, the threat has infiltrated the telecommunication sphere. So much so, telecoms are now considered one of the hardest hit industries.
Identity theft has reached epidemic levels, largely due to the onslaught of recent data breaches around the world. But telecoms have been particularly vulnerable, with Cifas reporting that the identity fraud rate in the mobile telecommunication industry went up by almost 50% in 2017. Some of the fraud patterns are new, others have been hitting telecoms for longer periods of time. Nevertheless, all have left both the companies and their customers in shock.
Account takeover threats skyrocket
The telecommunication industry has taken such a fraud beating because of its standard business model. Fraudsters are especially attracted to the model used in Europe, where customers that sign a new contract receive a high-value device up front and pay for it via monthly instalments. This contract model has proven particularly attractive to fraudsters because it’s quite simple to use a data breach victim’s stolen account details to access an account, collect an expensive phone, immediately sell off the device, and leave the victim with the bill and other issues that arise.
Employee ATO adds to the problem
Unfortunately, telecommunication companies don’t experience only outside ATO threats. Account takeover fraud committed by telecom employees themselves is also on the rise. Similar to the ATO fraud described above, companies’ employees use their administrative access to take over customer accounts, create fake contract renewals and collect the phones themselves. Resellers and company partners have also begun to commit ATO fraud within the telecommunication industry, which has contributed to the high ATO rates in the mobile sphere.
Romance fraud takes center stage
Romance fraud — which is when a fraudster fakes romantic intentions in order to gain a victim’s affection and then uses that goodwill to commit fraud — is also on the rise in the telecommunication world. Typical romance scams involve the fraudster convincing the victim to transfer large amounts of money, but romance fraud in the telecom industry is slightly different.
One of the ways fraud prevention software detects fraud is by comparing the delivery address of goods to the customer address. Telecommunication fraudsters have caught on to this and use romance fraud to trick fraud prevention programs. The fraudster will enter into an online romance with a victim, gain that person’s affections and then strike by:
- Stealing the victim’s account info or convincing the victim to share account details
- Secretly using the account details to order an expensive phone
- Asking the victim to accept the delivery of the phone and forward the package to a different address.
This type of fraud tricks fraud prevention systems because the delivery address of the phone matches the customer address. Meanwhile, the victim readily hands over their ID to accept the delivery because they are unaware they’re signing for a phone purchased in his or her name.
What telecom companies can do to lessen identity theft threats
There’s only one surefire way to thwart fraudsters who targeted telecommunication companies, and that is to close the gaps that arise from the mobile phone contract model. This entails predicting where customers are most vulnerable to fraud and considering that when constructing a telecom company’s fraud prevention strategy.
1. Reducing ATO
Since its inception in 2012, RISK IDENT has identified several account and transaction characteristics that can assist telecom companies in detecting ATO fraud, whether committed by classic fraudsters or a company’s own employees. They include:
- Recent account changes: The majority of confirmed ATO cases come with a password, address or e-mail address changed within 10 days prior to the transaction.
- Expensive purchases: The average order value in ATO cases is four times higher than other orders. For example, fraudulent orders often consist of a much more expensive phone than the victim’s previous device.
- Customer age: As they usually have significantly less technical expertise, elderly customers are more likely to be victims of identity theft and account takeovers.
2. Reducing romance fraud
Though romance fraud can be difficult to detect, there are some red flags fraud managers can look out for. One is that victims tend to be women aged 45 to 50. The other is that the fraudulent orders typically happen via a device located in a different country than where the account and account holder are located.
Paying attention to warning signs like the above and incorporating systems that further predict identity theft vulnerability have the power to significantly reduce ATO fraud and romance fraud in the telecommunications industry. After all, the more difficult a company makes it for criminals to commit fraud, the less likely it will become a target.
See the article published by The Paypers here.