Fraud in the Telecom industry and how KYC can help it stay protected
It’s been almost 40 years since the earliest models of mobile phones, so-called Motorola “bricks” were introduced to the market. Today over 3 billion people use smartphones worldwide and this number is predicted to further grow by several hundred million in the next couple of years.
Humanity is slowly but surely moving towards a mobile-only world, where a smartphone effectively replaces radio, television, computers, cameras, travel agents, retail stores, wallets and everything else one can imagine, even a flashlight.
With the dramatically growing use of telecom technology, the industry becomes an extremely attractive target for fraudsters abusing it. According to the compliance experts of BASIS ID, there are known more than 200 types of telecommunication fraud that involves financial scams, manipulation with personal data and identity theft.
Continue reading to discover the most common types of telecom fraud and learn how effective KYC can help to combat it.
Fraudulent calls have risen significantly over the past few years. In 2016-2017, scams represented less than 4% of all incoming mobile calls. In 2018, this number hit almost 30%. 2021 shows the greatest increase in fraud calls so far, already accounted for roughly 48% of the total volume.
The financial damage caused by telecom fraud is estimated to be €29 billion a year.
The battle against fraudsters is evolving into a never-ending arms race, and in the coming years, industry collaboration and investment in new solutions will be as crucial as ever.
Phishing. Vishing. Smishing.
These words may sound like some gibberish composed by children for a silly rhyme game. Nevertheless, these are real and extremely dangerous threats to both businesses and individuals.
Phishing is a common term for a massive category of telecom frauds, during which cyber criminals impersonate legitimate organisations and interact with the victim by phone, text messages, ads or emails in order to steal confidential information.
The name itself is a wordplay of “phone” and “fishing”. Allegorically speaking, fraudsters throw fake “lures” in “the sea” of mobile users and wait patiently for the “bite”.
First described in 1987, phishing has significantly evolved since then. In February 2021, the FBI’s Internet Crime Complaint Centre has recorded over twice as many cases of phishing as any other type of digital crime, which makes phishing the most common malicious activity performed by fraudsters nowadays.
The vast variety of phishing forms include spear phishing, pharming, CEO fraud, malvertising, business email compromise, man-in-the-middle attack… the list goes on and on.
Most types of phishing involve so-called social engineering technique. It means a victim is psychologically manipulated into performing a certain action such as clicking a link, opening an attachment, or sharing sensitive data.
Vishing is one of the most popular phishing methods that involve social engineering over telecom technology to gain access to the victim’s sensitive data and private financial information. The name is a portmanteau of words “voice” and “phishing”.
Classic vishing is typically performed by two distinctive scenarios:
1. It starts with an email pretending to be sent from a bank and requesting to call a certain number to solve some issue with an account; when the victims calls, they hear an answering machine instructing them to enter their account number and all the required passwords.
2. Fraudsters themselves contact a victim by phone, convincing him/her that it is an urgent call from some representative of an official organisation. Eventually, the person will be also asked for their credentials or even a money transaction.
Although vishing targets individuals most of the times, often It is also used to attack businesses by tricking employees and convincing them to share account information.
To put it simply, Smishing is SMS phishing. It can be either an autonomous scam or a part of the more complex fraud scheme. Often it takes the form of a text message containing a link to a phishing site, where the victim needs to sign in and enter his/her personal data. The message may also tell them to call a specific number to resolve “problems”.
Frequently, a fraudulent site requests victim to send SMS to a given number or to enter user’s cell phone number. In the first case, a sum of money gets withdrawn from the victim’s mobile phone account. In another case(or both), the victim’s phone number gets saved in the spam database and is used later for further phishing activities.
Smishing comes out to be a quite effective fraud method since a lot of people tend to trust a text message more than an email. Somehow, people are still not aware enough of the security risks when it comes to text messages.
SIM swapping, also known as sim splitting or sim hijacking is a relatively new type of fraud that lately has become extremely popular among cybercriminals. This method focuses on moving control of the victim’s phone account from their sim card to one controlled by the villain.
How does it work?
Fraudsters call telecom providers impersonating a legitimate user. They tell the phone was lost/broken/stolen and ask to issue a new SIM card and to reroute all incoming data to this new card.
After getting their hands on SIM and activating it, fraudsters start to receive the real users calls and text messages on their device. This allows them to take over other legitimate users accounts, such as emails, social media, bank accounts, cryptocurrency wallets etc by simply requesting a verification code via SMS or automatic voice message.
Once logged in, fraudsters perform all sorts of malicious activity: make online purchases and money transfers, send fraudulent emails, post offensive content on social media on behalf of legitimate users and even permanently lock real owners out of their accounts simply by changing passwords. It is also known as account takeover.
Sim Swap fraud always implies social engineering and different phishing techniques as a preparatory work.
KYC in the Telecom industry
It is obvious, that traditional methods can’t be trusted to establish identity anymore. Both knowledge-based authentication (id confirmation by answering security questions) and SMS-based two-factor authentication (identity is confirmed by receiving a validation code by SMS) have proved their ineffectiveness, and yet continue staying industry standards.
As Identity fraud techniques are constantly evolving, telecom companies must stay ahead of the game and implement more secured and productive methods of scam detection and prevention: like, for example, biometric verification. Confirming identity on the basis of users’ unique human traits and machine algorithms guarantees that only authorised users can perform SIM changes or do any other mobile account activity.
It also ensures that the person registering a new SIM card is who he/she claims to be and not a criminal with stolen or faked identity data.
Equally, Digital ID verification solutions provide secure, fast and frictionless online onboarding. It allows customers to avoid the burden of visiting a retail shop to verify identity and mitigates the risks of manual KYC procedure.
To fight the rising telecom fraud, governments of 155 countries have started to demand mandatory registration of prepaid mobile cards with valid proof of identity.
Since 90% of mobile device owners live in these regulated countries and 73% of all SIM cards globally are prepaid, telecom businesses require the best know your customer (KYC) procedures as never before.
Why is a robust identity verification/authentication service crucial for the telecom industry?
- Companies need to ensure they are compliant with all required regulations;
- Companies need to reduce the heavy financial burden of fraud;
- Companies need to protect their reputation as operators that people can trust.
Experts of BASIS ID believe that an effective identity verification service is a key to detect and prevent telecom fraud before it even happens.
Driven by customers and fraud intolerance, BASIS ID is a digital verification vendor that helps to protect your core business and revenues.
BASIS ID is a listed company group in NASDAQ First North Sweden (ZIGN: SE0012930105) and follows every regulatory obligation meaning strong reporting, corporate governance, licensing, and compliance with international laws such as GDPR, data localization laws, and FATF.
BASIS ID verification service involves full biometric identification which consists of 500 video frames biometric and liveness analysis, 3D face modelling for motion, rotation and blinking analysis, facial expressions analysis and comparison with the identity document. It is simply impossible to trick such a system.
Feel free to reach BASIS ID experts for any queries and additional information.
Most recent articles
Start Free TrialApply now and get a free 7-day trial.
We guarantee full support during the trial period.