Fighting a $40 billion heist
Fraudsters steal up to $40 billion from the industry a year, says Judit Albers of A1 Telekom Austria. She tells Alan Burkitt-Gray about A1’s work with the GLF to reduce the cost of crime
The international carrier industry is about to present its latest report on how it can combat fraud. Estimates of the losses due to fraud vary, but it is a few per cent of the industry’s global service revenue. This sounds small in a competitive market, but it is large compared with most carriers’ margins.
Some estimates put the losses at US$30-$40 billion – money that is used for laundering or other criminal purposes that could be invested in building better networks and providing better services for everyone. “It’s hard to judge, as it’s hidden,” says Judit Albers, of the Al Telekom Austria Group. “It’s a huge, huge, business.”
Life at A1
Albers is head of A1 Telekom Austria’s international business, which has more exposure to fraud than most telcos. A1 has been leading the work in combatting fraud carried out by the Global Leaders Forum (GLF), an international group of chief executives and other industry figures that is managed by Capacity’s team.
I spoke to Albers in September about the challenges the business faces. “Fraud has a very long history in our industry,” says Albers. “For example, the revenue-sharing scam with Papua New Guinea numbers began more than 20 years ago.
Later, many other numbers were added to it, and today the list of countries with numbers used for fraudulent revenue shares is very long.”
Fraud was one of the topics for action identified early on by the GLF. The group launched its anti-fraud code of conduct in 2018, and since then it has driven dialogue and collaboration in the carrier community to find ways to reduce, and ultimately eradicate, fraud from the international voice business.
At Capacity Europe, the GLF will present its 2022 fraud report and further advance the attestation process it developed. Participants at the conference will discuss how to ensure the industry is better equipped to fight fraud in international telecoms. (See here for conference report.)
Albers says A1 took a bold attitude to fraud very early on. When the first revenue share frauds emerged 20 years ago, back when A1 was Mobilkom Austria, the company “started to be more aggressive”.
During Albers’ 22 years in the industry she has worked for three carriers, and during her career, the industry has evolved “from being a toddler to adulthood. I joined A1 last year. I head the whole team for international business,” she says.
As voice and data calls are connected along a chain of carriers, the consequences of fraud can be hard to explain, even to those in the industry.
“Nobody in the chain understood,” says Albers. “We were the transit carriers.”
There is one type of fraud – PBX frauds – in which criminals hack into a business’s internal telephone exchange. This allows them to make calls at that company’s expense. Alternatively, a hacked exchange can be used to make calls to revenue-sharing numbers owned by fraudsters – the PBX’s owner or a carrier pays the criminals for the calls, who then disappear with the cash.
“If we stopped the money, we could stop the flow,” says Albers.
Going to the police about telecommunications fraud can be pointless, Albers says. “Some police don’t take it seriously. They don’t understand it. In some countries we’re not able to get police reports.”
The United States is a particular challenge, she explains. It has 18,000 police forces, some of which are extremely small. “That’s why it’s so attractive” to fraudsters, she says.
But who are the people running these multi-billion frauds?
“People who know what they do,” she says. “I’ve never met them. It’s a revenue share, so when they’re paid, then the money is split up.” Things are not all bad, says Albers. The industry is doing a good job of controlling some criminal activities, and the rates for these are going down. However, “people are creative and that’s not so good”.
A third of the GLF’s members say there is a significant increase in fraud.
“This is what we are now concentrating on,” Albers adds. She runs through some of the more common types of scams, such as SIM farms and A-number fraud.
SIM farms are frequently used in SMS and voice call phishing scams. Large numbers of regular consumer SIM cards are connected to modems, and are then used to send identical text or voice messages to thousands of people. The scammers can even take advantage of the free SMS and voice call allowances that come with the SIMs.
Think of a number
In A-number frauds, fraudsters falsify the geographical location of originating numbers (A-numbers), to trick carriers into sending calls along cheaper routes to the receivers (B-numbers). The scammers charge for the expensive route, pay for the using the cheap one, and then pocket the difference.
The telecoms industry is not the only one having its money stolen, warns Albers. “A more harmful version is hitting the end customers: stealing personal data or deploying malware on their phones,” she says.
Fortunately, these activities have attracted the attention of police forces, including the European Union’s Europol.
“[Europol] is involved in investigating the use of gangs,” says Albers.
While police forces can destroy the technical equipment that gangs use to run their crimes, the criminals can just buy more and start things up again, working from ordinary apartments. SIM farms can be set up using gear purchased on the high street.
“It’s a bit like drug-dealers. There are many countries involved, so it is tricky,” says Albers.
The hacking of personal phones is also a growing issue.
Malware is typically delivered in “a message saying a package is on the way. Click it and you lose,” says Albers. “Or it can be embedded in an SMS – those can also include some sort of malware.”
No checks for malware
One possible solution for malware attacks is for carriers to examine the content of messages to check for malware, as companies such as Google and Microsoft do with their web-based email services.
I put this to Albers. She says that the EU’s General Data Protection Regulation (GDPR), and its equivalents in other parts of the world, prevent this.
“GDPR is hindering telcos,” she says. “It doesn’t allow the carrier to scan what’s in these messages. I cannot know what is in your SMS. I can’t see if there’s [infected] HTML in a message from your hairdresser.”
But she adds that a few regulators do understand that examining messages for malware is a safety and security issue, and so is important to fight fraud. “Regulators in Europe are considering what they can do,” she says.
In France, regulators are differentiating between reading a message’s private content and malware, so that carriers can do technical checks. Despite, this Albers says telcos are still “not allowed to block an SMS for any reason”.
But she says things are shifting around the world, pointing to moves in Australia and Norway. “Regulators are looking sympathetically at what can be changed. They are understanding what’s going on,” she says.
For the last two years, the GLF has provided an attestation system that enables carriers to say they adhere to an anti-fraud code of conduct. So far, 18 companies have made attestations, says Albers. “Any carrier can join,” she says. “This is a step forward. We commit to monitoring and reporting fraud.”
The GLF’s 2022 report will say half of carriers have increased their manpower to deal with fraud, and many are using AI to identify it.
One form of fraud on target lists of telcos are wangiri scams. “Wangiri” is a Japanese word for “one ring and cut”. In a wangiri scam, a criminal dials a number and hangs up before the recipient answers. When the recipient sees a missed-call message on their phone and dials back, they call an expensive, potentially revenue-sharing, number, from which the fraudster earns a share.
“We’re deploying an anti-wangiri solution for all subscribers and for other companies,” says Albers.
The GLF and A1 are also cooperating with other forums on the voice side of the industry, including i3forum, the Mobile Ecosystem Forum and the GSMA, on the principle that exchanging information is a most important part of fighting fraud.
“This kind of cooperation, and exchange of knowledge and experiences with different fraud scenarios, is fundamental to our fight against the fraudsters in the world,” says Albers.
Carriers cannot sell anti-fraud solutions separately as their customers expect them as part of the solutions they pay for, so they have become a standard requirement of carriers’ services.
“It’s very cumbersome work and we’re deploying systems. There’s loads of effort, and no one pays you for that.”
The Global Leaders Forum presented its 2022 fraud report on 19 October at Capacity Europe.