9.7 Telecommunications Crime MOs

Previous page
Table of content
Next page

9.7 Telecommunications Crime MOs

Wireless telephony fraud is a worldwide phenomenon. The $1.5 trillion phone industry loses approximately 10% to fraud, that is, $150 billion at current estimates. Nearly 70% of this fraud is "fraud for profit." The remaining fraud is social or expense-saving fraud. More disturbing are estimates that the telephony industry is growing at an average annual rate of 3% to 8%. Wireless crime, however, is growing at a rate of 11% to 25%, or even faster in some parts of the world.

Industry reports indicate that nearly 70% of all phone fraud, wittingly or unwittingly, originates inside the telecommunications company. Unscrupulous or venal company personnel can be knowingly working with outside criminals to defraud the phone company. Alternatively, unwitting company personnel may be used by outside criminals. Antifraud management systems must therefore be secure from internal, as well as external, threats and attacks. Because of the nature of this crime, senior security management needs to monitor the day-to-day activities of subordinates and conduct periodic security audits. Clearly, data mining can assist in detecting crime. However, in situations such as this, it is also a case of monitoring employees closely. Systems must be put in place to monitor personnel closely in search of deviations from standard measurements.

The basic strategy used by telecommunications criminals is very simple and is twofold: (1) they counterfeit their identity, and (2) they mechanically trick the systems and networks. Tactics, however, are another story; there are literally hundreds of tactics, with many changing daily, even hourly. For this reason, it is estimated that most carriers, even those using fraud-detection management systems, will miss 45% to 55% of the fraud that takes place in their networks.

Types of phone fraud can be subdivided in many ways, depending on how they are classified. There are several methods of classifying telecommunications crimes. Briefly, the following are the most two most common:

  1. Technical cloning and network alterations: This is done by copying or changing the telephone mechanical equipment, switches, PBX, etc., or by spoofing and surfing, involving the capturing of calling-access information electronically or visually.

  2. Counterfeit identity: This can be as simple as a dishonest application for subscription telecom service or use of a stolen name identify (identity theft).

Because of advances in security management systems, the trend of telecommunications crime is moving away from technical cloning and toward identity theft. However, identity fraud and wireless cloning fraud operations are often very similar. The distinction is in the technique used. Clone brokers counterfeit valid mobile identification number—electronic serial numbers (MIN-ESNs). Identity brokers counterfeit valid identities.

Indeed, identity fraud threatens to be the preferred wireless fraud of the new millennium. A likely scenario is the blending of cloning fraud and identity fraud operations. Due in part to anticloning technology, the migration of cloning fraud will most likely be to identity fraud, and a new type of criminal: the identity broker. An identity broker is a criminal who sells stolen accounts to other individuals. When carriers discover bogus accounts, most often an identity broker is involved, and usually a behavioral signature is found—an MO. The MO of the identity broker commonly has the following signatures.

9.7.1 Reuse of Identity Patterns

An identity broker will often reuse the same call-back telephone number with different accounts. They often reuse the same or a very similar billing address. Also their customers tend to use the stolen services within the same geographic areas. More often a local carrier will have checked the credit on the same identity. This inquiry will be present on their credit report for several months. This fact is a clue that can be used when "scoring" applicants because these inquiries will be present in all credit reports (see Chapter 2).

9.7.2 Signature Calling Patterns

There is often a set of commonly dialed numbers originating in a consistent geographic area. Upon activation, there may be a signature test call that fits a pattern. If international calling is important, the broker will often make a trial direct-dial international call, just to see if it works, before delivery to the customer. Another signature call pattern includes calls to obtain the time (767-2676) or information (411) to see if the number is activated. These test calls will be performed to these nondescript numbers because the perpetrators will not want to make a test call to a dialed number that might link the calls back to them.

9.7.3 Delay Patterns

Often there is a delay in usage beyond the test call. This pattern occurs for a few days until the new service is delivered to customers who buy the stolen accounts.

9.7.4 Association Patterns

Often the customers of identity brokers call each other on common pager numbers. Since business is often via word-of-mouth, common links often exist. This pattern of association lends itself to link analysis, as well as analysis via decision trees.

9.7.5 Telecommunications Crime Detection Techniques

An initial task is to develop models designed to identify the MO of operating identity brokers, to search for the patterns discussed above. These indicators of identity fraud can be matched to a specific MO. After all, analysis of known past fraud yields hard data that can be used to combat future fraud. Quantification of reoccurring indicators and the various patterns discussed here can be used to score and identify accounts with a probability of being obtained by fraud. This includes classic fraud indicators such as the reuse of a Social Security number, call back number or address, suspicious change requests, and unusual calling activity and call destinations.

But, the eventual solution is to authenticate the identity of the person applying for an account. This may entail the use of digital signatures, biometrics, and authentication processes designed to verify the identity of the faceless customer. Data mining, specifically the use of rule generators can be used to extract conditions, such as those covered in the patterns of these MOs to assist investigators in filtering suspected stolen accounts. The analysis can be complex and convoluted, but the rewards may be high. If a single identity broker organization can be identified and stopped, hundreds, or even thousands, of cases can be stopped at their source. Identity fraud has become so lucrative that a cottage industry of newly-minted identity brokers now flourishes in most big cities. According to the FBI, most of these perpetrators specialize in the wireless industry; however, some brokers also specialize in credit-card fraud, especially with regard to e-commerce and on-line auctions.



Previous page
Table of content
Next page
Investigative Data Mining for Security and Criminal Detection
Investigative Data Mining for Security and Criminal Detection
ISBN: 0750676132
EAN: 2147483647
Year: 2005
Pages: 232
Authors: Jesus Mena
BUY ON AMAZON
CISSP Exam Cram 2
Java How to Program (6th Edition) (How to Program (Deitel))
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Information Dashboard Design: The Effective Visual Communication of Data
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy