Subscription Fraud Overview:
Subscription fraud, despite the many controls in place, is still vicious and widespread. According to multiple CFCA surveys, virtually every service provider is affected by Subscription Fraud. The impact of subscription fraud does not stop with revenue loss alone. The effects could be catastrophic in terms of escalating complaints, poor customer experience, dissatisfaction among support staff, and diminishing investor confidence.
Several studies put the annual fraud loss figure between 3-8% of annual revenues. The 2013 CFCA fraud loss survey pegs the Subscription Fraud losses at a staggering $5.22 billion or roughly 40% of all fraud losses. And communication service providers confirm that Subscription Fraud continues to be the top fraud methods perpetrated (Source: CFCA Fraud Loss Survey 2013). Subscription fraud doesn’t end with obtaining just a new phone. It is usually the pre cursor to other types of fraud such as Premium Rate Fraud, International Revenue Share Fraud and Roaming Fraud which are lethal in their own rights.
Subscription fraud is characterised by a fraudster using own, stolen or fabricated identity to get services with no intention to pay. The theft here is plain and simple but hard to detect ‘intent’ at the point of sale. The motive might be no more than being opportunistic or attempting to exploit a known vulnerability. However, this is now run by organised criminals – building multiple fraudulent identities over long periods. Furthermore, fraudsters have gained detailed fraud system knowledge and continually test the thresholds to exploit the loopholes in the systems. They even go as far as placing and grooming insiders to exploit the internal fraud systems.
One interesting aspect of subscription fraud is that it’s often classified as bad debt rather than fraud. The modus operandi goes something like – customer acquires services – the customer fails to pay – amount written off if unable to recover monies owed – reported as bad debt – the customer comes back again with a different identity and carries on as above. Some operators estimate that nearly 40% of all bad debts are actually subscription fraud, which if carefully analysed and classified can be avoided through sophisticated fraud management systems and controls.
Current Detection Methodologies:
Traditional and often market-leading fraud management solutions utilise unusual usage to generate fraud alerts; for example, high spending or usage outside of normal behaviour to indicate fraudulent activity. Our experience working with some of the biggest Telecom companies suggests that detecting fraud in this manner generates a false positive rate of over 80%, and also prevents a large proportion of fraud incidents from being detected – largely because active fraudsters do not spend highly in comparison to genuine high-usage customers.
Vast majority of fraud alerts from unusual usage – after investigation – turn out to be legitimate usage. One fraud manager at a leading Telco supports this view by stating: “high false positives (i.e. legitimate high usage call alerts) wastes valuable operator time in unnecessary reviews and undetected cases (i.e. fraudsters circumventing thresholds) leads to further losses”.
Organised fraudsters have quickly adapted to the traditional rules based fraud controls and have since learnt to circumvent the high usage and risky destination and hotlist controls. They operate on high volume of low impact calls but at scale to remain below the alert thresholds. Only when the opportunity strikes do they substantially increase the call volumes.
The Patented Orpheus Subscription Fraud Methodology:
Orpheus fraud management system works on the concept of building networks of customers linked by their calling profile. By mapping and understanding the fraudster’s extended network, Orpheus can bring a group of linked customer for review as opposed to bringing just the individual customer who has exceeded a pre-defined threshold. This has proven to vastly improve the rate of detection, and identify the activities of organised criminals, even in cases where no thresholds have been exceeded.
Furthermore, Orpheus exploits the proven fact that a high proportion of active subscribers with strong links to known fraudsters are themselves involved in fraudulent activity. Orpheus generates fingerprints of known fraudsters from the network call data records. The profiles are then used to highlight links to other active subscribers, who can then be investigated by fraud analysts. This has proven to reduce false positives and improve Analyst productivity several folds. Current users see a false positive rate as low as 35% and in some cases just 20% – Traditional rules based systems have a false positive rate of around 80 – 95%.
Strong application fraud controls followed by a rock solid subscription fraud detection system can go a long way to protect the bottom lines of businesses and provide a high quality mobile experience to legitimate consumers.
About the Author: Shankar is a certified fraud examiner and is the Founder and CEO of Fraud Risk and Security Research Labs. Shankar has over 18 years of experience in developing complex intelligence and fraud prevention systems for Telecoms, Financial Institutions and Governments.