Along with the enormous success of mobile phone sales, wireless carriers and resellers have to contend with a variety of issues around theft and fraud. Working closely with several carriers and resellers, we’ve seen four primary fraud threats that financially impact carrier business. They include:

1. Account creation / application fraud – In this case, a fraudster uses a stolen identity to apply for an account online to order phones and services.  After initiating a shipping scheme to obtain the goods, the fraudster runs up the phone bill until the carrier or identity theft victim uncovers the charges.Much like credit issuers, carriers perform comprehensive identity and financial background checks on applicants, however, the checks are on the identity theft victim.  By adding a device check at the front of the process (which looks at the computer or Internet-enabled device being used), carriers can quickly identify suspicious activity such as when the same computer initiates multiple applications under various identities, or if the computer being used has been involved in previous fraudulent activity.
2. Account takeover – This crime targets people with existing business or personal accounts. If the cyber criminal is unable to hack directly into an existing account, a phishing attempt occurs to obtain the credentials needed to access the account. Once in, sub-accounts are created that the legitimate user may not immediately notice. The fraudster places orders for phones and service through sub-accounts against the victim’s credit lines. Criminal activity against business accounts is particularly costly to the carrier.For businesses not yet using device identification or fingerprinting techniques, they do not see the relationships that exist between fraudulent accounts.  With iovation ReputationManager, hidden relationships are exposed between fraudulent devices and their associated accounts. When the device (or set of devices) logs into multiple wireless accounts that otherwise appear unrelated, fraud rings are exposed and multiple compromised accounts can be shut down at once.
3. Hacking reseller accounts to purchase equipment – This is a costly expense for resellers because they discount the price of the phones below what they actually paid for them. For example, a $100 Blackberry on the market may have cost the carrier $300. When a fraudster purchases a phone with a stolen identity, receives it and adds a new SIM chip, they now have a perfectly good new phone. After paying for service, they will sell it on an Internet auction site. If they get as much as half the retail value, they’ve made out.
4. Prepaid phone fraud – There’s two issues around prepaid. First, there’s the use of stolen credit cards to top-up the service. Because of the anonymity of buying a prepaid phone, there’s no credit check performed if a fraudster purchases through a local retailer or orders online. So when the fraudster goes online to order additional minutes, the carrier is unaware that they’re using a stolen credentials because they don’t know who is behind the phone. Knowing that the top-up request came from a known fraudulent device is an extremely effective way of stopping all of the bad transactions coming from the device.The second issue wireless carriers deal with is answering subpoenas about prepaid phones. Because many organized criminals use multiple phones for fraud activity, when their minutes run dry they toss the phone. With iovation, if the carrier is subpoenaed about a specific phone, forensic intelligence can be provided to law enforcement about additional phone numbers associated with the device that used the stolen credit card to purchase the phones

The biggest driver behind many of these mobile phone crimes is that criminals can obtain phones without walking into a retail store – they can now run their operation from the web. As a result, the carriers are facing rising criminal threat. By layering strong anti-fraud solutions which include the device, carriers can address both the credit application side of the business as well as the retail side.

With four main areas of exposure, mobile phone carriers must be armed with a solution that covers new account origination, existing account management, and prepaid. iovation covers all three sectors. Many times these sectors are distinct and separate with a company, and have different risk and fraud departments to handle them. With iovation, we bridge the gap between all lines of business to prevent the growing fraud challenges of mobile phone theft and fraud.

Tags: account takeover, application fraud, device reputation, identity fraud, iovation, mobile phone fraud

This entry was posted on Sunday, June 6th, 2010 at 3:53 pm and is filed under Financial Services, Online Retail, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.