Saturday, October 1, 2022

Top UK operators join forces to fight online identity fraud

The UK’s four mobile network operators – EE, O2, Three, and Vodafone – have teamed up in developing a new application that aims to fight online identity fraud.

The app, called Number Verify, aims to strengthen consumer safety online and works as a verification software that allows customers to authenticate their user identities through matching phone numbers used in a web or app session to ensure the details being provided are the same registered on the customer’s account.

“Working collaboratively, as an industry the four operators can offer service providers and app developers reach that covers 65m mobile data connections, which is a powerful weapon in the fight against fraud,” Gareth Elliott, Head of Policy and Communications at Mobile UK said in a statement.

The app will allow businesses with mobile apps such as financial services (banks, building societies), e-commerce, gig economy platforms and social networks to enable their consumers to prove their identity when completing transactions on their mobile phones.

This will help businesses stay confident that customer identities are genuine – reducing fraud whilst still preserving their privacy.

“In a world of increasing digital transactions, the launch of Number Verify is an evolution in how customers can be protected against cybercrime and social engineering attacks,” Elliott added.

Prior to the launch of Number Verify, a common way for businesses to verify users was by sending a one-time passcode to the consumer’s mobile phone. This was then input into the business’s mobile app or website to confirm possession of the mobile phone.

Number Verify simplifies this process and is PSD2 SCA (Strong Customer Authentication) compliant, which means it adheres to regulation that has been adopted by the UK to protect business and consumers from the growing amounts of fraud in digital payments online.

Online identity fraud has been on the rise, especially during the Covid-19 pandemic.

According to a recent survey conducted by U.S.-based analytics, telco security, risk management firm, Mobileum Inc. 75 percent of operators polled were experiencing new or emerging incidences of fraud and 61 percent said network security threats increased or significantly increased since the beginning of the Coronavirus pandemic.

The company surveyed more than 200 executives from 90 Communications Service Providers (CSPs) on the effect of Covid-19 on their operations, it found that:

  • 47 percent said fraud events increased or significantly increased
  • 55 percent said they will implement new approaches to customer interactions
  • 71 percent said the impact of COVID-19 would not change their 5G rollout plans
  • 75 percent said they will not change their IoT roaming plans
  • 30 percent said accounts receivable increased by at least 10 percent

“The onset of the pandemic saw a growth in customers seeking advice on how to manage the emerging security, risk management, and business assurance challenges. The findings from the survey underline how CSPs need to be constantly vigilant and put in place the mechanisms to protect their customers, network and overall business sustainability,” commented Bernardo Lucas, Mobileum CMO.

Telecom fraud is considered one of the most serious threats the industry has faced; as it refers to the abuse and manipulation of telecom products – such as telephones and mobile phone – or services with the intention of illegally and illicitly acquiring embezzling money from communication service providers or its customers.

According to the EU’s law enforcement cooperation, telecom fraud can take a plethora of different forms, among them:

International Revenue Sharing Fraud (IRSF)

This is the most damaging fraud scheme to date, where a criminal partner with an International Premium Rate Number (IPRN) provider charges high rates for call termination and agrees to share revenue for any traffic generated by the fraudster.

IRSF is characterized by:

  • High volume of international calls, often with long duration, to a single high-cost destination.
  • Some calls are automatically generated by the fraudsters (e.g. botnets and servers running stolen SIM cards) while others are done by consumers.
  • High revenue for the criminals obtained because of the inter-carrier trust between telecom operators. As there is no customer to bill because the connection is fraudulent, the originating operator must pay and carry that loss.

Telecom Fraud – How does it Work?

This crime can have a significant impact on you as customers:

  • Loss of connectivity due to being blocked at the carrier/telecom infrastructure level
  • Prolonged outages while you justify to the carriers involved that you are the victim and not the perpetrator
  • Extremely expensive phone bills

Not all International Premium Rate Number (IPRN) providers are fraudsters. There are legitimate operators offering genuine services.

One (ring) and cut – Wangiri fraud

Wangiri is a Japanese word meaning ‘one (ring) and cut.’

It’s a telephone scam where criminals trick you into calling premium rate numbers. A fraudster will set up a system – for instance using botnets – to dial many random phone numbers. Each call rings just once, then hangs up, leaving a missed call on the recipient’s phone.

Users often see the missed call and, believing it was legitimate, call back.

What are the signs? The call…

  • Takes place at night or during working hours (reducing the chances for the recipient to answer the call).
  • Rings only once.
  • Displays an unusual international country code.

What can you do?

  • If you have a missed call from an unknown number, don’t call back. A legitimate caller will either leave a message or call back.
  • If you receive several such calls, let your phone operator know.

Vishing calls

Vishing (a combination of the words Voice and Phishing) is a phone scam in which fraudsters trick you into divulging your personal, financial or security information or influence you to transfer money to them.

What can you do?

  • Beware of unsolicited telephone calls.
  • Take the caller’s number and advise them that you will call them back.
  • To validate their identity, look up the organization’s phone number and contact them directly.
  • Don’t validate the caller using the phone number they have given you (this could be a fake or spoofed number).
  • Your personal details may be available online (e.g. on social media). Don’t assume a caller is genuine just because they have such details.
  • Don’t share your credit or debit card PIN number or your online banking password. Your bank will never ask for such details.
  • Don’t transfer money to another account on their request. Your bank will never ask you to do so.
  • If you think it’s a bogus call, report it to your bank and let your phone operator know
  • Block unknown and unwanted calls – ask your phone carrier about available blocking tools.

The ongoing battle against online identity fraud is evident. As long as new technologies continue to emerge, hackers and cyber criminals will always try to worm their way into the system; but by applying the right fraud prevention and detection techniques and solutions, customers can shield themselves from these attacks.