Telecoms.com periodically invites expert third parties to share their views on the industry’s most pressing issues. In this piece Carlos Marques, Head of Product Marketing at WeDo Technologies, discusses the ideal combination of measures and strategies for combatting fraud over mobile networks.

In today’s digital world, the safety of our data is in sharp focus.  During the past year alone, high profile security breaches at businesses like Carphone Warehouse and TalkTalk have dominated the headlines, with sophisticated technology giving rise to increasingly sophisticated hackers. Yet despite the risks increasing, superior intelligence, powered by technological advancement, can provide the means to defeat the dark forces lurking in the shadows. Nobody knows this better than telecom Fraud Managers.

As IP Multimedia Subsystem (IMS) starts to become the standard for delivering services, fraud and security will become increasingly intertwined, yet no amount of security will ever stop criminals from attempting to deceive. Criminals will always strive to find new, more advanced ways to dupe people, from ordinary subscribers to the smartest technology aficionado, and this is further compounded by the prevalence of smartphones.

With 76 percent of British adults now owning a smartphone, the vast majority of us are carrying a networked computer with us wherever we go. CSPs must therefore guard against both existing frauds and new frauds made possible by the hyper -connectivity of an expanding array of networked devices. IMS and Session Initiation Protocol, for example, are enabling a rich set of converged services, but at the same time open up networks to a host of known IP-based vulnerabilities.

While these can often be addressed by existing firewalls, there is now a completely new set of IMS application vulnerabilities which Fraud Managers must be aware of. However, in order for Fraud Managers to perform their role as successfully as possible, they need to be treated like other intelligence agents and be equipped with the same skills and gadgets.

Protect your network’s borders

While it is vital that security is implemented to prevent fraudsters from gaining access to networks, some will always be able to gain access.  It is therefore also important that operators also utilise ‘border controls’ to complement their security strategies.

So what do we mean by ‘border controls’?  When looking to understand hackers, we can think of them like terrorists, moving between countries and networks in order to commit crimes without detection. Like criminals who cross physical borders, hackers look for places where it’s easiest to gain entry, i.e. where border controls are weakest, and use fake IDs and false keys to trick their way inside. They may even corrupt border security and exploit weaknesses in a firewall to hijack the network. Because these borders can be compromised, it is essential that operators deploy a deep and layered fraud and security strategy that involves both detection and prevention.

Simple can be effective

However, as hackers will always find new ways to circumvent borders, border controls will never be able to completely keep out criminals. Nonetheless, it is important that operators do not overlook simple and good fundamental protections, like checking a customer’s identity, which can provide an efficient and cost-effective way of obstructing fraudsters and subsequently reducing the burden on other intelligence agencies.

For example, in addition to checking a customer’s identity, operators should be aware that fraudsters often try and evade simple checks by making small changes to details, such as spelling their name differently or providing different middle initials. In these instances, when we permit a customer to pass through our borders and enter our network, we can use the initial risk assessment to improve the monitoring of the customer’s activity and help to reduce risk. Once the border is crossed, there is a new set of intelligence that can be put in place to stop fraud treats based on security exploitations.

Integrated intelligence

While from the outside intelligence operations appear secretive, it is vital that intelligence does not exist in a vacuum. For fraud and security strategies to be most effective, integrated intelligence should form a key part of operators’ strategies. Within individual operators, different departments should therefore pool their combined knowledge and resources, while at a national and international level insights should be shared between telcos. With so much information to share, technology plays a vital role in eliminating mistakes and reducing bureaucracy, whilst ensuring sensitive information is kept safe and secure and only made available to the people who need to receive it.

Intelligence passed from security teams to the fraud departments may come from a range of varied sources, and staff should be trained on how best to identify potential red flags. Sales functions, for example, may identify concerns with a customer whilst conducting credit checks, and a positive corporate policy toward whistle-blowers can all help to unveil frauds that may not have otherwise been detected. When data breaches occur, it is also important that fraud managers play a heightened role in monitoring for frauds that exploit the compromised data.

Need for speed

To drive the best results from integrated intelligence, efficiency is paramount. Having a lot of data is not the same as being able to efficiently use that data, and here speed is key; there is little benefit to identifying a criminal after they have disappeared. Every hour it takes to perform a necessary analysis is an hour when the value of fraud losses has been allowed to climb higher, and so it is important that operators make decisions as soon as the data justifies action.

So how do we decide when to act, and where do we draw the line between saying a hacker is just penetrating the network and saying an actual fraud has taken place? Rather than depending solely on human judgement, Fraud Managers need support in making the right decisions as quickly as possible. It is for this reason, that automated analysis is a key tool in Fraud Managers’ arsenal.

As timely action is key, automated tools can be used to quickly and accurately combine data with context, synthesizing the right decisions at the right time.  Security departments, for example, gather and generate very large volumes of security alerts which can be levered for fraud management by implementing automated contextual analysis. Suspicions of fraud can then be reinforced, or challenged, by searching widely for other tell-tale signs of criminal behaviour occurring in a network. Along with information sharing between departments, machine-learning capabilities, will dramatically reduce time-consuming activities, and introduce new algorithms that can bring together data to give an instant assessment, distilling the key facts so that Fraud Managers receive the insights they need.

This contextual analysis encourages optimal decisions by repeatedly adding the latest data to the foundations of accumulated history. Automated contextual analysis broadens our perspective when evaluating how to respond to suspicious behaviour, and provides helpful background detail exactly when it is needed. When fraudsters access our networks, the challenge is to single them out of the crowd, especially when they seek to trick our controls by replicating the behaviour of ordinary customers. Rather than overloading fraud managers with too much information, we need to give them automated contextual support that helps them to quickly zoom into the relevant detail and focus on the real fraudsters.

Protecting customers and businesses

While the very nature of fraud means it will keep adapting to technological advancements, through adopting a unified approach to fraud, operators can successfully reduce risk across the organisation and stop fraud where it starts: at the security enablers.  Through this approach, operators will be able to further support Fraud Managers to protect customers and businesses, and help to make high profile fraud and security challenges much less common.