Prepaid's Perils

Fraudsters can lift profits from your prepaid system if you're not watching.

When it comes to prepaid fraud, wireless-service providers have one thing to fear - a false sense of security. Unfortunately, the moniker alone tranquilizes some ordinarily vigilant executives. The idea that money will be in the coffers long before the services are delivered deludes them into thinking of prepaid as risk-free. But in reality, crooks can exploit prepaid systems, and wireless providers can lose money as a result.

In some cases, the money in the coffers proves to be an illusion created by a fraudster's sleight of hand. According to several industry insiders, many tricks can create such an illusion. The most common deception fraudsters perpetrate is providing bogus or stolen credit-card information.

Some providers allow subscribers to replenish prepaid accounts with credit-card information. But fraudsters can obtain an active credit-card number from a Web site or steal a card from a consumer, then use the stolen number to get free airtime. By the time the charade is discovered by the provider, revenue already has been lost.

"Carriers are assuming that since they're getting money up-front, they don't really need to be concerned with verifying the identity of a subscriber," said Dennis Walters, director of industry relations for Systems/Link, a subsidiary of HNC Software.

Walters, a certified fraud examiner, said that subscription fraud is increasing as the Internet continues to gain popularity.

"The Federal Trade Commission says that 54% of all fraud schemes involving credit cards are where the card is not present," he said. "A lot of the credit-card numbers and the information are being obtained right over the Internet."

Walters pointed to Europe, where prepaid wireless phone fraud reportedly runs rampant.

"When you get into the European market, there is a lot more cloning of the debit and credit cards," Walters said. "We had the problem of (fraudsters) cloning phones in the past. Now the problem is cloning debit and credit as well as the SIM cards in the GSM phones."

Prevention by Design Not all wireless providers offer anonymous prepaid services. Take, Telecorp, for example.

"We no longer support anonymous prepaid," said Dave Chaplain, Telecorp vice president of product development. "The reason is that we want to be able to reach and communicate to our prepaid customers."

Telecorp gathers contact information from prepaid subscribers so that the company can send them information about new products and services, as it does with postpaid subscribers.

"We found that if we could communicate with our customers, we could reduce churn. We could implement promotions and plans to keep them using more cards to add to their balances," he said. "It really wasn't a fraud factor for us."

Like many wireless execs, Chaplain seemed reluctant to discuss fraud, especially in relation to his company's prepaid services. In fact, when asked whether prepaid fraud was a concern at Telecorp, he responded with a quick no.

"Our system uses an authenticatable handset," Chaplain said. "So being a 1,900(MHz) provider with newer handsets, we have less of an opening for fraud than, perhaps, the incumbents that have analog systems."

Chaplain admitted that opportunities for prepaid fraud exist. But he maintains that Telecorp's technical and procedural controls eliminate risks such as subscription and dealer fraud.

The company, AT&T Wireless' largest affiliate, uses GTE Telecommunication Services' prepaid wireless platform. According to Chaplain, Telecorp chose GTE's system because it includes a national roaming capability.

Providing roaming to its prepaid customers was important to Telecorp executives because they wanted to offer prepaid services comparable to the company's postpaid services. So when Telecorp launched in its first market in February 1999, its prepaid services included roaming.

"We were trying to make sure that the prepaid subscriber gets the same level of service that the postpaid subscriber does," Chaplain said. "For example, we give our customers directory assistance. We give them voice mail, paging, messaging and call waiting."

But Telecorp is not an aberration. U.S. wireless providers such as Alltel and Powertel also have recognized the potential of prepaid and are beginning to offer richer suites of services to prepaid subscribers. This signals a transition in the prepaid wireless arena. Instead of offering the bare minimum to the credit-challenged, some companies are marketing prepaid services to other market segments such as teens and seniors.

Unfortunately, as prepaid services become more sophisticated, the fraud risks increase.

"Every new offering to the benefit of a legitimate customer becomes just as attractive an offering to the fraudster," System/Link's Walters said. "So if you're going to open international roaming, which we certainly need to do, then you're going to be offering something that becomes very attractive to anyone who knows how to defraud the system."

Although Chaplain boasted that Telecorp's prepaid system has never been breached, he said the product-development team put a lot of thought into preventing fraud risks before the service launched.

"I've worked with five different prepay vendors and several types of prepaid platforms since 1994," Chaplain said. "And what I've found is that most folks haven't given this enough thought. But we have benefited from several of us here having worked with prepaid systems in the past and trying to get it better than the last time."

The result of that forethought is a prepaid phone kit that includes phone cards with personal identification numbers (PINs). The cards are activated by customers at first use or by the retailer.

"That activation card is associated with the MIN at activation," Chaplain explained. "So there's very little opportunity for someone to steal an activation card and then use it after the fact."

In addition, Telecorp does not activate its PINs prior to the sale, a measure Chaplain credits with reducing fraud risks.

"Other carriers may have problems if they activate their entire range of prepaid numbers," he said. "Then basically anybody can buy a $10 card, gain access to that number and utilize the network without a very large replenishment requirement on the front end."

Telecorp offers two kits, one at a price of $50, the other priced at $75. Theoretically, the significant up-front fees buy the company some time to discover a fraud-in-progress before racking up too many losses.

The company also has a policy that prevents customers who have been active less than three months from replenishing accounts with credit cards.

"After a customer has been active for three months, we allow them to replenish via credit card," Chaplain said. "But it's not an automatic monthly replenishment. They have to request replenishment. But we don't do a lot of that. Customer care will accept those calls, but we don't promote it."

When a subscriber roams out of the home market, Telecorp's system requests the PIN.

"Once they verify that they are who they are, then they'll hear their balance, and the call will proceed," Chaplain said. "That's just a second line of defense to ensure that we're not being defrauded."

In the future, Telecorp may offer prepaid subscribers data services, if there is enough consumer demand.

"We recognize the potential of prepaid," Chaplain said. "It's a different way of marketing the same service to a different category of customers. If the model is sound, we think it will translate to other service offerings, i.e., data or whatever comes down the pike. In our markets, we have four to five, or even six, carriers that we're competing with, and as we push into the 40%-plus penetration range, we've got to have different ways of reaching new customers, and this is one significant way."

A Reseller's Tale Simple Communications, a reseller of Sprint PCS prepaid wireless services, devotes its business entirely to prepaid.

"I hear all the hype about wireless data and wireless Internet," said Bill Coker, Simple Communications' president & COO. "But quite frankly, we don't see that need in our customer segment. They just want a phone that's reliable and allows them to talk across the state or across the country."

According to Coker, the company's current business model eliminates subscription-fraud risks at the consumer and retail levels. The company sells prepaid airtime cards to local retailers on a cash basis. Coker said subscription-fraud risks from consumers are shifted to the retailer, because retailers buy the cards outright.

"Our risk when we sell to dealers is eliminated in that the dealer pays us cash for the airtime card, and they have to protect themselves against credit fraud," he said.

Simple's business model was formulated with two goals in mind.

"We wanted to eliminate the possibility of fraud in our business model, but also we wanted the use of the cash," Coker said. "I go out and buy airtime and equipment, and I get terms from the vendors. Let's say I have a 30-day term before I have to pay. Well, I get my cash up-front, and I've got the use of that cash for 30 days."

But because the company also offers a handset-based product and has enabled roaming on the networks of Sprint and its affiliates, other types of fraud such as cloning may present a problem. Coker admitted that cloning fraud is an industry problem, but said it has not been prevalent on CDMA networks.

Simple plans to enable subscribers and dealers to purchase airtime with credit cards and from the company's Web site will begin in 1Q01.

"We have spent our first six months starting up and growing the business," Coker said. "We're now going back and putting in place the replenishment vehicles that will allow more easily accessible airtime."

The company's information-technology department is finalizing tests of a process that will enable dealers to purchase PINs through Simple's Web site. The company will use an automated clearinghouse to debit the dealers' bank accounts.

"But when we provide customers the ability to go in and purchase PINs, all of the necessary safeguards will have to be put in place for that," Coker said. "We still have to work through all of those issues."

In spite of the risks, Coker said he thinks prepaid will become a significant wireless sector.

"We've followed Europe," Coker said. "Prepaid's huge over there. There are some countries that report that as high as 60% of their activations are prepaid. That's one of the facts that caused Simple to get into the prepaid business."

The Future of Prepaid Optimism about the future of prepaid wireless also prompted Alltel to change the way it markets the services. The company, which began offering prepaid services in 1996, initially offered them only as a last resort for credit-challenged customers.

"Now we're going after the credit-challenged, the security user, mothers with teens, soccer moms and customers that have not established credit yet," said Michele Meadors, Alltel's prepaid services staff manager.

Alltel, which services several markets with large Hispanic populations, plans to offer special promotions in these markets to lure Hispanic subscribers. The company also is considering lowering its prepaid rates and plans to introduce caller ID and voice mail to its subscribers during 1Q01.

"Fraud is always a concern in every product," Meadors said. "But we treat fraud on prepaid just like we do any of our other products. Just like on our postpaid, all of our calls are monitored as far as usage patterns."

Many facets of prepaid will begin to resemble postpaid services as providers recognize the opportunity, according to Charul Vyas, IDC analyst. She said providers will abandon the idea of prepaid as a last-resort service.

"In other countries, Latin America, for example, prepaid is about 60% or 70% of all subscribers," she said. "But there are only about 5.5 million, we estimate right now, out of almost 90 million total wireless subscribers in the U.S. (about 7.4%). It's a really small number, but I think that's starting to change. I've seen some carriers in the last year or two start marketing their prepaid plans toward everybody."

IDC predicts that by 2004, 23% of all cellular and PCS subscribers in the United States will come from the prepaid sector. The company has not conducted fraud studies that isolate prepaid. However, Vyas said that IDC's research on wireless fraud has revealed that subscription fraud will continue to grow.

Fraud analysts typically break fraud into two sectors, technical, which includes hacking and cloning, and subscription.

"In 1999, technical fraud was about 39% of all wireless fraud and 61% was subscription," Vyas said. "Going out to 2004, I think technical fraud is going to drop to about 25%, and subscription fraud is going to grow to about 75%. That's mostly due to the fact that we're going to have a lot more faceless transactions."

When asked how fraudsters typically exploit prepaid systems, two wireless insiders cited several tricks.

Dennis Walters, System/Link director of industry relations, noted that personal identification number (PIN) compromises are common in European markets. The numbers often are transported in computer files, he said. Employees of wireless providers or vendors usually have access to the files and can steal the PINs.

Second, many providers use recharge vouchers to upgrade or refresh accounts, particularly in GSM markets in Europe.

"Those recharge vouchers can be duplicated or modified to increase the face value," Walters said. "A lot of them are being stolen during transit and sold on the street."

The vouchers, which resemble coupons, indicate a recharge value for prepaid accounts. But the amounts on the face of the vouchers can be modified by the providers' retail staff.

Subscribers also can alter their accounts' free-call list, and employees can recharge accounts manually, according to Walters.

Then there's the old trick of altering handsets. Walters said that European hackers have found a way to alter certain types of handsets so that they don't debit the prepaid system after airtime has been used.

Like Walters, Mike Waddell cited handset tampering as a problem.

"One of the comments I heard from a U.S. fraud manager is that there's one handset manufacturer whose schematics tend to hit the streets before the phones do," he said.

Waddell is a systems engineer that has worked around the telecommunications industry since 1996. He agreed with Walters' list but added to it. The Nortel Networks fraud solutions business development manager lives in England, where he works with wireless providers to prevent fraud in the networks.

He's witnessed the exploitation of premium-rate services such as sex lines or information services. Operators of the services usually compensate the host telco with a 50% share of the revenues garnered from the service, Waddell said. Some of these operators defraud telcos by charging a prepaid phone with a fraudulent credit card, then using it to call the premium-rate service to generate revenue. The telco then gives the operator half of the revenue earned as a result of credit-card fraud.

Waddell also listed social engineering as a typical fraud tactic. A subscriber may, for example, call the service provider's customer-service department and convince the CSR to credit the prepaid account by claiming that a voucher malfunctioned and prematurely discontinued the service.

- Most credit-card fraud is committed without the physical card.

- Most telephone purchases require only the information on the card.

- Sources of card information include: discarded receipts, stolen mail, duplicate or cloned cards.

- Subscription fraud is outpacing technical-fraud schemes in many countries.

- Some nations do not have credit bureaus or other data banks to help screen new subscribers.

- False or stolen identities are easy to obtain.

- Corporations can be held criminally responsible for the acts of employees, if those acts are done in the course and scope of their employment.

Source: Systems/Link