Fraud losses to the telecom industry were estimated to be over $28.3 billion in 2019, which can be attributed to subscription fraud, phishing attacks and robocalling, among other types of fraud. False identities are often used to set up accounts, which then gives fraudsters access to other accounts under the same subscription including television, internet, and even banking accounts. Subscription or identity fraud represents 35% of all fraud undergone by the telecoms industry.
This article will explore the current state of telecom fraud, risks involved with insufficient identity verification and the need for more sophisticated strategies.
SIM swapping and the need for digital onboarding
A growing threat, SIM swapping is the latest trick up hackers’ sleeves looking to take over victims’ accounts. Cybercriminals often call wireless network providers telling them a legitimate user’s phone was lost or stolen and then ask them to activate a new SIM card connected to the legitimate user’s phone number on a phone owned by the fraudster. If successful, fraudsters will then receive the real user’s text messages, calls and data to the newly activated device under their control. This means they can also take over the legitimate user’s other accounts, including social media, email, bank accounts, cryptocurrency wallets and other applications by simply requesting a verification code be sent to the device under their control. Once logged in, the opportunities are endless: fraudsters can easily transfer money from bank accounts, post offensive content on the user’s social media profiles, send fraudulent emails on behalf of the user and even change passwords to lock legitimate users out entirely, which is known as account takeover.
As seen when a hacker gained control of Twitter CEO Jack Dorsey’s Twitter account, it is clear that traditional authentication methods, such as two-factor authentication, can no longer be trusted to verify user identity and no one is safe. Because these types of account takeover attacks have increased 31% year over year, biometric facial recognition, machine learning and AI are emerging as ways to improve the online identity verification process.
With over 5 billion mobile subscribers and most connections linked to SIM cards, 90% are active in countries where a proof of identity is required to register and use a SIM card. Most SIM card activation is done in-person in retail stores after a person purchases a SIM card, but manual ID checks often miss fraudulent identity documents.
Mobile SIM card registration is an alternative to in-person SIM card activation but, despite many countries mandating mobile SIM card registration, only 11% require mobile network operators (MNOs) to verify customers’ identification credentials against an approved government database to verify user identity. In the United States, SIM card registration is not mandatory, leaving even more potential for fraud. Telecom companies are then faced with the challenge of how to confirm users are who they claim to be when registering a SIM card online.
Adopting a modern digital identity verification solution prevents fraud by comparing a real-time selfie (through a smartphone or webcam) and a photo of a government-issued ID (such as a license or passport) to confirm the user registering the SIM card is the person they claim to be. Digital ID verification solutions enable secure online onboarding, allowing customers to avoid a trip to the retail location to get their ID checked and SIM card activated. This method onboards good customers faster and prevents fraudsters from trying to impersonate the user when activating a SIM card.
The telecom industry and the COVID-19 pandemic
Americans have already lost $13.4 million to COVID-related fraud, and as the pandemic has increased the need for and use of telecommunications services, fraudsters are increasingly looking to telecom as a potential channel for fraud. As consumers increasingly use mobile devices to facilitate daily transactions and engage with others, they are even more vulnerable to fraudulent calls and timely phishing attacks. For example, fraudsters can pretend to be calling about local pandemic-related services in order to gain personal information. From an enterprise perspective, some telecom companies have seen huge losses since users cannot visit retail centers or authorized dealers to set up their prepaid SIM cards. This is another reason telecom companies are turning to digital onboarding to help customers activate their SIM cards remotely when in-store services are no longer available.
The telecom industry has also seen a decline in roaming/international charges, as users are rarely traveling outside their home network. With storefronts closing, layoffs have affected the telecom retail workers and overall infrastructure. As the pandemic continues, telecom companies could face less business and less revenue as customers delay payments.
Looking to the future
As shown by escalating account takeover and SIM swapping attacks, it’s clear that traditional authentication methods, such as knowledge-based authentication (using security questions to confirm identity) and SMS-based two-factor authentication (requesting a validation code be sent through a text message to confirm identity), can no longer be trusted to establish identity. Telecom companies must use a stronger method of authentication, such as biometric-based authentication (using a person’s unique human traits to confirm identity) to ensure only authorized users can execute SIM changes.
COVID-19 has fundamentally altered how businesses operate and it’s critical for enterprises to build in the necessary operational resiliency to survive this new reality. At the heart of this? A strong and secure digital customer onboarding strategy. For the telecom industry it means ensuring, beyond any doubt, that the customer registering a SIM card is indeed who they say they are and not a criminal using stolen identity data. Because SIM swapping fraud is already rampant and is only expected to increase, telecom companies need to embrace modern technologies such as biometric authentication to protect their consumers now.
