Beware the Fraudian Slip

At November's Wireless Security '98 conference, CTIA announced that industry-wide fraud dropped during the last year from 4% to 1%. If you dig deeper, however, you might find fraud hidden in some unlikely places.

Matthew Lennarz, AMS principal, said cloning fraud is down, but subscription fraud is up and easier to hide. Some carriers are writing off a big chunk of subscription fraud as bad debt. When the bad debt is really fraud, their employees' workload increases as they churn the bad debt through their departments over and over again.

Whatever the reason for the decline in wireless fraud, carriers cannot become complacent in their fraud efforts, warned Baruch Promislow, AMDOCS product manager.

"Just because the numbers are down does not mean it will stay that way," he said. "Combating fraud has to go on, or fraudsters will find a loophole."

Integrated Tools

Iain Gillott, IDC vice president of worldwide consumer and small business telecommunications, suggested that carriers re-engineer their business processes to fight fraud.

Although authentication, RF fingerprinting and fraud profilers are effective, integrating them into one process will give carriers a decisive advantage and improve financial performance.

"Generally, fraud solutions in the wireless industry have been effective in reacting to new fraudulent cases or circumstances, but have not been effective in anticipating new fraudulent schemes," he said. "One weakness of carriers' fraud strategies to date is that fraud systems have not been integrated with other applications."

Several companies recently announced plans to integrate fraud applications, as Gillott suggested. Lightbridge announced @Risk (At Risk), a new intracarrier suspect database, and Alias, a subscription-fraud profiler that detects suspect account activity. When used together, Alias and @Risk become an integrated front-end to back-end solution for combating subscription fraud.

"Before, front and back ends of fraud systems never met," said Michelle Wheeler, Lightbridge fraud product manager. "We have pulled them together to allow the departments to share information."

Systems/Link also announced an integrated suite of fraud-control products through its alliance with Onyx Technologies to form the Fraud Star Alliance. Initially the alliance will offer Fraud Star to provide wireless carriers with enhanced risk management and protection from multiple types of fraud including technical and subscription fraud. Fraud Star uses information from Onyx Technologies' 4SCORE to create an automated data exchange between front-end application-processing systems with Systems/Link's back-end tools, FraudTec and OrionCPI.

AMS' Lennarz agreed that carriers need a pro-active process across the entire organization to manage and measure fraud. AMS measures fraud through its new third-party fraud audit. The audit looks at business operations to identify fraud risks, quantify and prioritize risks, define measurements, analyze strategies and options, and recommend solutions. AMS reviews the critical resources and components of a business including organization, systems, products and processes.

Other Fraud Innovations

Cloning fraud is down, but will it stay that way? AMDOCS' Promislow said no.

"Cellular cloning is down because RF fingerprinting and authentication have been two effective ways to combat it," he said. "But as carriers cut back on resources, it will go up again in that area. Cloning digital phones is imminent."

Several companies have new offerings to fight cloning fraud. Synacom Technology has broadened the capabilities of its CloneSafe Secure Authentication Key (A-key) Management System and CloneSafe Validator. The products now handle automated service activation, in addition to their original function as A-key management and programming. They allow TDMA, CDMA and AMPS phone vendors to program changes with number assignment module (NAM) parameters automatically or manually. Future releases will continue to add support for all CTIA-certified phones.

GTE TSI still sees A-key management as an important way to combat fraud, especially when phones need to be re-programmed. Bob McClure, GTE TSI product manager, authentication fraud- management solutions, said handset programming is necessary during service-area changes, area-code splits or for adding multiple NAMs, which allow more than one cellular phone number to work on a single handset. Carriers also should program new random A-keys in churned handsets or in the thousands of authentication-capable handsets that presently have default A-keys, he said. ORA Electronics and GTE TSI offer a new programming terminal, PalmCoder, that lets subscribers program phones themselves in seconds, then return the device to the programming center for reuse. Devices currently are available for TDMA, CDMA and AMPS units manufactured by Motorola, Ericsson and Mitsubishi, and GTE TSI plans support for additional handset models.

McClure sees interest in authentication rising with increased use of GPS technology.

"Fleet management, GPS units and wireless telemetry must support authentication," he pointed out. "Even those small devices need authentication in location-based services."

Wireless Link has contracted for GTE TSI's Encrypt-A-Key Repository authentication system as its fraud-prevention solution to be used with its AssetVision product. AssetVision is a vehicle- and asset-management tool that integrates cellular and GPS technology to remotely locate and collect data from vehicles and mobile assets. Wireless Link will generate and program A-keys into AssetVision and send those A-keys with the corresponding ESNs to the repository.

According to E. Y. Snowden, Boston Communications Group (BCGI) president & CEO, prepaid service has brought down cloning fraud because people who were once denied service because of bad credit used to resort to fraudulent wireless communications. Now that carriers offer prepaid service with no credit check, some of those people may have become legitimate customers.

But others believe prepaid may increase fraud risk. Matthew Lennarz, AMS principal, said carriers jumped on prepaid to market service to a new segment and combat fraud. Ironically, certain prepaid handsets provided a loophole that caused a security risk and fraud loss. Fraudsters could reset the timer in the handset and fool the switch into thinking they had unlimited minutes of use.

Even prepaid network solutions offer some fraud risk. Richard Russell, Aethos president and cofounder, said not all systems track calls in progress. Therefore, someone may buy a phone, call another county, keep the connection up and route international calls through it, selling airtime to people in bars or on the street. This problem is prevalent in Europe, and at least one carrier in the United States has experienced it. A real-time network prepaid solution should prevent this problem, he said.

Snowden said there are other ways to prevent prepaid fraud. Carriers can keep cards' PINs inactive until the point of sale. This method allows them to send prepaid cards to multiple distribution points without worrying about theft. If the cards are stolen, they only lose the cost to produce the cards, not the airtime. BCGI and Radio Shack offer a cardless prepaid service. A subscriber buys service at Radio Shack, and the store hooks into a national database that has prepaid PIN numbers. When it sells the service, the PIN is printed on the receipt so only the end-user can see it.

Alltel has bought two new fraud systems to battle cloning fraud. The company recently announced plans to implement KEYper fraud-management system from American Management Systems. Alltel also will deploy Corsair's PhonePrint 5.0, a fraud-prevention system that uses RF fingerprinting to detect and disconnect cloned phones and eliminate roaming fraud.

KEYper is an integrated client-server system that enables wireless carriers to offer a virtually transparent fraud-protection service. The PhonePrint Roaming Network incorporates more than 130 markets in the United States, Mexico and the Caribbean. As subscribers in these regions roam to other PhonePrint-protected markets, the system moves the phone's RF fingerprint in real time across the roaming network when calls are placed, ensuring that the serving and home markets have both the signal information and the fingerprint on file.