Preventing Subscription Fraud and SIM Swap Attempts with Real-Time Anti-Fraud Systems

Mavenir Blog Image with SIM Cards
19 November 2018
Authored by: Ilia Abramov

The SIM swap problem is becoming a headache for businesses and for mobile operators but the issue is even more painful for the mobile subscribers as fraudsters are gaining control of their messaging accounts as well as bank accounts. This is a pain that everyone can feel immediately.

What is SIM Swap?

The article from Hackread clearly describes how SIM swap works. While referencing the Turkish market, the mechanics would be the same in every geography, e.g. in UK and in the US.

What is common here is that the victim is a mobile subscriber who is under the impression that his/her data is safe with the mobile operator and communication with the retail channel is secure. While in many cases, consumers are exposing themselves for certain security issues though unsafe surfing the web or providing personal details to a stranger, with SIM swap an individual is not in position to protect him/herself. The only place where protection can be implemented is with the mobile operator and eventually at organization providing service to the consumer.

What the mobile operator can do.

As it is clear from the mechanics of SIM swap, fraudsters are often using fake IDs. The same methods used by criminals in the case of so-called subscription fraud or subscription never pay fraud, where a criminal would use fake IDs to obtain an expensive subscription or get a premium phone without paying the installments.

Clearly this type of fraud cannot be prevented by an employee of a retail store. Moreover, in some cases some of the individuals there might be part of a criminal chain and therefore a manual check cannot be trusted.

However, an efficient anti-fraud system that in real-time prevents Subscription fraud or SIM swap attempt is quite feasible. Using supervised Machine Learning algorithms, it is possible to achieve 99% detection accuracy for the SIM swap or subscription fraud detection. The check can be performed real-time and when guarded by proper procedures any internal fraud can be prevented as well.

At the same time, an ML based anti-fraud system requires certain investment from the Telco provider. It also takes time to get it implemented as well as to train Machine Learning algorithms. Therefore, another approach Telco providers can take is to simply block any A2P message or A2P call sent to a customer when they get a new SIM card for 24 or 48 hours.

This measure can be quite efficient in the majority of cases as the consumer would likely notice a lack of mobile service caused by the activation of an alternative SIM and complain to their Telco provider. However, this measure would be efficient only in cases where the mobile operator can distinguish the application originated activation SMS from normal P2P traffic. And that represents another issue.

Many medium and small financial services companies as well as OTT applications are trying to minimize their costs when sending activation SMS to consumers and therefore utilize the so-called grey-route mobile aggregators. Messages sent via grey routes are not visible to Telco providers as a premium A2P message and therefore they are not in position to enable the policy suggested above.

Clearly, a proper approach to the grey-route management and proper detection of A2P bypass can enable mobile operators to address more security and fraud issues representing an increment revenue with very short ROI.

Finally, it is also in the interests of small and medium sized businesses to use trusted and secure telco services, considering that in some geographies, it is they who would potentially carry the cost of SIM swap fraud.

Of course, the solutions suggested above are potentially introducing costs to telco businesses as well as to enterprises. However, from the ethical perspective each and every business is responsible to secure services provided to the consumers. A fraudster target can be anyone, including people taking budget/investment decisions. Therefore, reasonable investment into security and anti-fraud should be a part of a daily agenda for the businesses. That would prevent negative exposure in the press and eventually financial losses caused by legal actions and consumer complaints.

Share:

Ilia Abramov
Ilia Abramov

Ilia Abramov

Ilia Abramov is the VP and General Manager of the Security Business Unit at Mavenir.  He has focused on security, fraud detection and revenue assurance in mobile networks for the last five years. Ilia is a member of The GSM Association’s Fraud and Security Group  (FASG), participating in various discussions on security improvements within the industry. Under Ilia’s leadership, Mavenir has developed and successfully deployed new generations of products leveraging Artificial Intelligence and Machine Learning principles significantly increasing the efficiency of fraud detection, network protection and revenue recovery.

Prior to Mavenir, Ilia was with Xura/Acision, where he began forming the security proposition and held various positions in R&D and Product Management.

Prior to working in the telecom industry, Ilia was a business consultant and solution architect at IT Co., focusing on process automation and industrial applications.

Ilia holds a Master’s degree in Applied Mathematics and Computer Science from Moscow State University.