Identity Fraudsters Stole over $16 Billion from US Consumers in 2017. How can CSPs Reduce the Risks?

ORDER REPRINTS DOWNLOAD COMMENT DISCUSS SHARE

SIEM security logs can be used to temporarily adjust thresholds to impose channel limitations, helping to prevent fraud

One of the areas that has exposed consumers to identity fraud through their social media accounts is the growing adoption of single sign-on and the use of social media accounts (like Facebook) to log in to other third-party sites. This has quickly become popular with consumers because in one click, you are immediately signed up or logged in. It's the perfect way to bypass the cumbersome, time-consuming process of entering in your information or remembering countless passwords. It is estimated that, when given the option, 65% of consumers will choose a social login vs. typing in an email address.

Enterprises are also quick to get on board and are currently seeing registration rates increase by 50% when they offer social logins. Today, 80% of the top 100 U.S.-grossing iOS and Android apps allow users to log in using their Facebook credentials. While consumers see this convenience as highly beneficial, in an era of enormous data breaches, social logins also provide an opportunity for fraudsters to utilize fake social media accounts to sign up for all sorts of services.

The good news is that while social media may be at the heart of the issue, it can also be used in the fight against synthetic IDs. Social media platforms have become a valuable open source of data that enables the passive acquisition of information about people, cultures, places and events around the world. Valuable new insights can be gained just by scrolling down a user’s timeline. However, when we understand the sheer volume of social media activity in a given ‘internet second’ (e.g. 7,599 Facebook posts sent, 1,779 Instagram photos posted, 69,100 YouTube videos viewed) it would seem an overwhelming task for a fraud department to take this on single-handedly.

However, using new technologies, CSPs can now take publicly available online social data, along with other records collected in their OSS/BSS systems, to create a Digital Profile of every user, to help determine a person’s risk profile. Using AI and Machine Learning capabilities, this analysis enables CSPs to establish an effective way to identify potential synthetic IDs, flagging high-risk individuals or businesses before they even become customers, and better understand the structure, hierarchy and methods of criminal, terrorist and fraudulent networks.

This is where an integrated approach to security and fraud management is required. With this approach, information can be constantly monitored across an organization, noting unusual trends and identifying fraud before it happens. That way, when security is breached, the fraud management system will be able to follow its path and identify patterns that reveal hidden relationships and suspicious movements and minimize any potential damage.

Marketing, sales, customer care, billing and charging, and network operations all have a part to play in protecting your network. Additionally, they hold data within their systems that can provide intelligence to identify the occurrence of potential fraud. For example, charging teams can provide valuable data from their Policy and Charging Rules Function (PCRF) solutions. CSPs can identify fraud by monitoring charging rules, then correlating this data with the information coming from the deep packet inspection (DPI) system to ensure traffic is being assigned and charged for appropriately. In addition, your security information and event management (SIEM) logs can be used to support active fraud detection by helping to identify when fraudulent apps have been installed. By defining which events are of interest, and how they should be responded to, the SIEM security logs can be used to temporarily adjust your thresholds to impose channel limitations or enforce caps, helping to prevent fraud and abuse.

In this environment, CSPs can go beyond traditional rule-based fraud detection. Rule-based detection is effective for identifying simple, recognized patterns, such as validating black lists of fraudsters. But in today’s high-stakes environment, we need to take it to the next level. Artificial intelligence is required to create actionable insights in this age of big data. Machine learning technologies can quickly identify abnormal patterns and correlations from disparate data sources, making fraud detection faster and more efficient. In addition, machine learning algorithms can also be used to target more complex risks, including those which haven’t even been identified. This will enable CSPs to rapidly spot and react to different threats as they arise.

The lines are becoming increasingly blurred between telecom fraud and cyber-security. The ability to stop this type of fraud at the front door, so to speak, will help reduce the incidence of all types of cybercrime and should be a critical component of every service provider’s fraud management toolkit. What’s more, as IoT grows and newly connected devices come onto the market by the billions, the ability to ensure that people are real, that identities are not compromised, and that businesses and consumers are being protected is imperative. Without these protections in place, consumer trust will erode, and the promise of the digital transformation could be compromised.