Why do CSPs let criminals fiddle while they and their customers are burned?


Network operators lose billions of euros a year to SIM-card fraud but ignore offers to stem the bleeding. Why? Let’s call it artificial intransigence, writes Nick Booth.

Andy Gent has seen some craziness as a 50-year veteran of the telecoms industry. Twenty years ago, he discovered how extensive SIM fraud was and created a service company, Revector, to track the activity and stem the losses for any mobile operator that was interested.

The first client was in Afghanistan, but the job soon took his digital detectives to criminal hotbeds all over the world.

Recently Europol estimated that $34 billion (€28.52 billion) annually is lost by CSPs to SIM fraud: Gent has discovered a major reason that operators don’t tackle this problem is rigid compartmentalisation – an inflexible management culture and organisational structure prevents departments from being able to collaborate easily and has created artificial intransigence.

Changing nature

SIM fraud has evolved since Revector started tracking it. Back then SIM cards were massed into racks to create a sort of metal-box Trojan Horse that allowed the criminals to commandeer the infrastructure they’d penetrated and bypass an operator’s interconnection point, denying the operator its full international fare. Now they use technology to change their calling line identity to that of a bank, say, to trick customers into handing over information and money.

Consumers have become more aware of digital crime and ask more questions, including why aren’t big businesses stamping this out? It’s not that mobile operators don’t care or are fraud friendly, it’s just that their systems and data evolved into siloes that trapped staff too.

When Gent showed he could offer massive savings, he faced blockages between the departments that controlled the information he required to deliver them.

Gent found that although Sales and Revenue Protection are affected by fraud, they often can’t be persuaded to talk, much less to pool their budgets to devise a plan of action, even though it could cost them €500,000 a year in lost revenue.

Calling line ID scams

In a roaming analysis of one large European operator group, Revector found that in one month there was evidence that 12,000 SIM cards being used to defraud the company by buying capacity from the CSP then allowing others to hop onto it for nefarious purposes.

In another instance in Peru, Revector found that 90% of international calls and revenues were bypassing operators’ designated international routes onto cheaper, nastier ones.

Certainly, these fraudsters are often dangerous criminals: one Revector investigation took it to Honduras, the murder capital of the world where it’s easy to get your head blown off as a casual act of violence, never mind trying to confront crooks who might be raising money to support trade in drugs and terrorism.

The point is, no-one is asking CSPs to tackle these dangerous people. Just imagine how angry customers would be if they knew telcos could prevent calling line ID spoofing but artificial intransigence was the block? And it seems everyone knows someone who’s been tricked into giving their banking details to a fraudster posing as their bank.

Subsidising fraud

Many consumers also realise that fraudsters are making cheap international calls off their backs because they understand that SIM fraud is another word for smuggling, and that when companies lose money, their customers ultimately make up the shortfall.

The big questions is why aren’t their service providers as rigorous with the fraudsters as they are with loyal customers? As anyone who has ever missed a payment can confirm, they can come down on you like a ton of writs.

Indeed, sometimes consumers are punished for carriers’ billing mistakes and it can take months to clear their name with the credit listings agencies.

Most of us sympathise with CSPs, appreciating that mobile operators have invested years of blood, sweat and management tiers to give us a better connection to the world and we don’t begrudge them rightful returns. Yet without a proper return on investment companies die, and haemorrhaging revenue is a dangerous condition.

If they could be persuaded to be more vigilant about SIM fraud, benefits could trickle down to honest customers – such as £500 million invested in better network coverage or lower prices. That could well inspire the customer loyalty that all CSPs strive for.