 |
|||||||
 |
 |
|
|||||
European Communications
Summer 1998 Fraudulent Discord
In the 4/97 issue of European Communications Michael Guidry’s presented his views on cellular fraud. His article has provoked considerable debate AT&T’s Roseanna DeMaria puts her case
In the 4/97 issue of European Communications Michael Guidry’s presented his views on cellular fraud. His article has provoked considerable debate AT&T’s Roseanna DeMaria puts her case The article, An Organised Crime, in your winter 1997 issue significantly miscategorises the state of wireless fraud management in the US. Cellular and wireless fraud is, unquestionably, big business, but it is not being ‘aided and abetted by the complacency’ of the US wireless service providers. As vice-president of the Business Security Department (BSD) for AT&T Wireless Services (AWS) I am responsible for managing wireless fraud. Consequently, I am on the front lines of the fraud war. The representations in the above article do not accurately depict what is happening on the US battlefield. In fact, fraud loss trends are exactly the opposite of those described in the article. Fraud losses as a percentage of revenue are at a record law. The cellular industry in the US has declared war on fraud and is winning. Industry loss surveys revealed that the 1995 fraud haemorrhage losses accounted for 3.8 per cent of revenue. In 1996, that number decreased to 3 per cent of revenue, and we have every right to expect additional decreases. Our business demands it, and our customers deserve nothing less. The critical success factor is the continuation of industry efforts along with the explicit recognition that security management is a core business priority for the wireless carrier. Zero toleranceAt AWS, wireless fraud is a core business priority because it directly affects ubiquitous service for our customers and revenue. We have deployed significant resources to meet this ongoing challenge, and we are adamant in our commitment to do so. Each AWS region has an interdisciplinary fraud team that is experienced in fighting fraud. This expertise in each region enables AWS to comprehensively address the present fraud problem while planning to meet its challenges in the future. The corporate BSD team is dedicated to wireless fraud management, logical security, physical security, and the co-ordination and enhancement of all regional fraud efforts.AT&T Wireless Services has launched a multi-faceted fraud attack that partners legislative initiatives and public awareness with law enforcement efforts and technological solutions. AWS has trained over 15,000 law enforcement officers on wireless fraud and has proposed legislation that has been codified in several states and the UK.
Our prevention and detection technologies have begun to change the criminal customer’s momentum
In the technological arena, AT&T Wireless Services is aggressively pursuing a number of responses to the fraud challenge. ‘Authentication’, our most powerful prevention tool, involves the exchange of secret codes based on a complex algorithm between the phone and the switch. This is a free feature that works on digital and newer analog wireless phones, as well as all Digital PCS phones. The ‘Fraud Protection Feature’ (FPF) is also provided free to our customers. It is a seven digit PIN number that can be programmed into the phone’s speed dial and dialled once prior to making any calls. Given the infrequency of its transmission this code is not easily intercepted and without it, the fraudster cannot create a usable cloned phone. Customers provisioned with Authentication d not need to use FPF when using their phones in authenticating markets. Radio fingerprinting and roaming facilities‘The Fraud Management System’ (FMS) is our computerised ‘burglary’ alarm system for identifying cloned phones. When a customer’s phone deviates from its normal activity, it trips an alarm in FMS. A fraud analyst will investigate, ascertain whether the customer has been victimised and then remedy the situation. ‘Radio Frequency Fingerprinting’ (RF Fingerprinting) identifies the unique signal frequency pattern of each wireless phone in order to validate customers attempting to place calls. Since each RF Fingerprint is unique, an illegal phone will automatically be denied.‘Roaming Authorisation per MSC’ (RAM) enables a fraud analyst to suspend roaming privileges in any market(s) where they suspect fraudulent activity is taking place for a specified length of time. As a result, the counterfeiter will be denied service in those markets, while the valid customer continues to have use of their phone at home and in all other roaming markets. The ‘Fraud Visibility System’, unlike the FMS detection system, is based on ‘unusual events’ detected throughout the AWS national network, rather than on subscriber calling activity. Examples include: simultaneous calls from different locations on what appears to be the same phone, and impossibilities such as a call placed from a phone in New York at 1PM and another call placed from the same phone in Los Angeles at 2PM ET. Once events such as these are detected, they are investigated and corrective action is taken. This multi-faceted technological attack on fraudsters is having a profound impact on fraud losses. AT&T Wireless Services’ relentless technological efforts do not end here. Blowing the whistle on cloningAWS is not alone in this effort. The wireless industry has launched an attack that has caused a meaningful change in the impulsion of the cloning entrepreneur’s business. Our prevention and detection technologies have begun to change the criminal customer’s momentum. Cloning is no longer a growth industry. Anti-cloning awareness and cloning legislation are now growth industries. Partnership with law enforcement has generated meaningful cloning arrests. Billboards, subways, and bus advertisements boldly proclaim that ‘Cellular service has gotten very sophisticated, now it can track the criminals who steal it’.Our anti-fraud technologies such as Authentications, FR Fingerprinting, PINS, Roamer Verification and Detection have effectively eroded the quality of the criminal’s clone phone product. It can be said that our service to the criminal end-user is appalling because either the clone phones do not work or they are terminated in short order. Similarly, the criminal clone manufacturer is spending time and resource to create an unmarketable product that cannot generate meaningful profits. As such, the cloning industry is no longer a good investment for the criminal entrepreneur because the direction of cloning is changing. This directional change is significant. The cloner, as we know him today, will ultimately disappear completely. We have turned the corner of the fraud war, but in fighting this battle, we are turning the corner on a circle. We have seen first-hand the breadth of the criminal customer base’s demand during the 1995 industry haemorrhage. That demand has not dried up. It still exists, and it is seeking new areas of vulnerability. We are preparing for the next criminal frontier and it is vast; roaming fraud, subscription fraud, internal compromise, physical facilities penetration, and network/systems penetration. The criminal’s manifest destiny is not an idle threat. It is quite real. Turning the corner on a curve means that we will be haemorrhaging again if we do not prepare the criminal’s evolution. The choice is clear, and we have chosen to fight voraciously, Mr Guidry’s opinion not withstanding.
Written by Roseanna DeMaria, vice-president, Business Security with AT&T Wireless Services
|
|||||||