Misdirection, deception and an uncanny ability to make things disappear - these are the hallmarks of a good magician. Yet, if you’ve ever been the victim of fraud, you’ll know these are also the makings of an effective fraudster. Except this time, the trick seems neither funny nor impressive. Disguising themselves as trustworthy businesses or people, fraudsters have a knack of taking what they want before vanishing into thin air: a simple ‘Now you see me, now you don’t’ trick.
This ‘trick’ has wide-reaching consequences. The CFA report that around $2.03 billion leaks from the economy every year as a result of subscription fraud through impersonation. By this, we mean fraudsters obtaining the necessary customer information to sign up to new telecom contracts with a valid authorisation, but without the intention of paying for the products and services used. The impact of subscription fraud on businesses, people and reputations is huge. When you take into consideration the various other forms of subscription fraud, such as through applications and ‘credit muling’, a further $3.68 billion is lost. These numbers clearly represent a major problem. What used to be isolated cases have escalated into a systematic concern for the global telecommunications industry. Fraudsters are pulling the wool over our eyes, and it’s working. However, by adopting the latest technology, Telco companies can take the fight back to fraudsters.
A guide to fraud detection
By grooming synthetic identities or impersonating vulnerable customers through social engineering, fraudsters are able to circumvent existing controls and perpetrate fraud. In simpler terms, they are manipulating data submitted through the onboarding process, primarily to gain access to high-value handsets. However, there is a silver lining. The same data can be used to detect application anomalies and when cross-referenced against credit bureau data or device reputation databases, they often present red flags indicative of misrepresentation. Since manipulated identity information is a growing precursor of fraud, telecoms companies really ought to do more to proactively interrogate their data and derive actionable intelligence. For instance, entity resolution is an effective way of establishing a ‘golden record’ for each entity of interest (e.g. applicants, devices, dealers, etc.) to mitigate risks of identity manipulation.
Small packages, big prizes
The reality though is that fraud attacks are unlikely to dwindle in the short term, with mobile devices soaring in popularity and in value. Devices such as the Samsung Galaxy S10 and the iPhone X now retail for a 3-digit sum and act as the perfect bait. It’s therefore a very lucrative business for the fraudsters, given that the average person in the UK roughly earns between £569 and £707 a week (circa $745 and $925), according to statistics published by the ONS. A single successful fraud a week would thus deliver a great opportunistic result, but we know that organised fraud groups aim for a much bigger jackpot.
In fact, a lot of fraudulent activity is currently shifting from the financial services industry to telecommunications. Financial organisations have had to improve their defences due to unbearable operational losses, regulatory pressure and reputational risk. In contrast, the historical inertia within Telcos meant that they had become the weakest link. Since then, Telco operators have been improving their customer onboarding processes at pace.
Machine learning: The ace in the pack
If fraudsters, metaphorically speaking, can masquerade their identity seemingly by a sleight of hand, Telcos can also have a few tricks up their sleeves. Like most people, fraudsters are creatures of habit. Despite often changing aliases, devices and other information across several applications, there is still enough commonality to draw a behavioural pattern. Whether it’s a case of comparing these applications to a peer group or against known watchlists, new algorithms such as machine learning can help detect these ‘outliers’ and flag potentially risky subscription requests.
Competition is fierce amongst Telcos since they all offer the same devices with more or less the same service. Customer experience is, therefore, becoming a strong differentiator to help promote growth. Analytics can also be applied to optimise new business workflows and deliver automation where required. This can provide a seamless end-to-end customer onboarding process. Examples includes covertly detecting fraud through social network analysis to uncover hidden collusive links as well as automatically calling out to third party data assets to augment the fraud scoring process.
These analytically-derived insights can be fed back into operations to make the process less permeable to fraud. For instance, field studies undertaken by SAS on samples of application data have shown that customers flagged in a social network were 4 times more likely to commit fraud. It was also about 3 times more likely to find fraud cases within dealerships than other types of stores.
A formula for success
The circle of life in SAS fraud detection systems broadly entails ingesting relevant data and preparing it in the optimal format to extract information. We apply the most appropriate detection techniques and feed back the learnings from true positives back into the analytics execution engine. hakuna matata! Certainly, no surprises here as this is what most operational teams claim they already do.
So, how do we expose the illusion of subscription fraud and beat it? Well, it comes down to how much you can frustrate fraudsters. Operating with a layered security approach ensures that you’re asking questions of the fraudster at every juncture of the application process. By making things difficult for them, you’ll either stop them in their tracks or discourage them enough that they’ll move on. Ensuring that the customer demographic is segmented for each product portfolio and then protected by tailored anti-fraud strategies is an effective frustration tactic. Other approaches you can take include using both supervised and unsupervised algorithms to optimise detection, as well as developing fraud propensity models for vulnerable groups.
Protecting yourself and your company from subscription fraud can save you both trouble and money. It may seem like an arduous task, but it’s a worthwhile one made easier by technology. However, companies shouldn’t stop at subscription fraud. Using the same SAS analytics-driven platform, you can protect yourself against a wider level of fraud to double down on protecting your company. The old saying rings true here: By failing to prepare, you are preparing to fail.
Sundeep Tengur, Senior Business Solutions Manager, SAS