https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
    • MSP 501 Information Center
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
    • MSP 501 Information Center
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Telephony/UC/Collaboration


Expect No Mercy

  • Written by Channel
  • August 31, 1998

Posted: 09/1998

Expect No Mercy
Subscription Fraudsters Are Formidable Foes

By Mario McCash

Subscription fraudsters come in all types, and prey upon service providers
eager to welcome new customers in a highly competitive market. What’s your secret weapon?

i891p34.jpg (22275 bytes)One of the most pernicious of all telecommunications fraud is subscription
fraud, whereby the subscriber has no intent to pay. Domestic subscription fraud is
estimated by the Alliance to Outfox Phone Fraud to be $500 million. And it may be worse,
since its perpetrators often find obscurity in the bad debt file. In fact, 20 percent of
bad debt actually may be subscription fraud.

A significant increase in subscription fraud is projected in the wireless telecom
industry as cloning surrenders to new authentication procedures. Authentication will
defeat even digital scanners and, thus, subscription fraud will become the preferred
method of attack from telecom crooks. Increases in credit card fraud also foretell the
rise of subscription fraud throughout the telecom industry, as many credit card fraudsters
also are telecom subscription fraudsters. In fact, credit card fraud, wireless fraud and
landline fraud are all interwoven. And to make matters worse, the crimes often are
intertwined with other criminal operations such as drugs and other illegal contraband.

Against this backdrop most telecom service providers prefer solutions to subscription
fraud that are non-customer-intrusive, do not violate privacy issues and do not interfere
with marketing practices (i.e., are automated and inexpensive). This mindset and certain
regulatory considerations make telecom service providers particularly vulnerable to
subscription fraudsters.

What is Subscription Fraud?

In this variety of telecommunications fraud, a person establishes telephone service at
a business or residence, runs up a high volume of calls–often international–and abandons
the service without paying the bill. Frequently, subscription fraud also includes large
numbers of collect and billed-to-third-number calls as well. Those committing fraud leave
the premises before the first bill is delivered or service is cut off for non-payment.

Subscription fraudsters come in all types (see sidebar), but basically prey upon phone
service providers that eagerly welcome new customers in this highly competitive market.

While it might seem easy to keep fraudulent customers off the network, it is difficult
in practice. Telephone service providers can improve their effectiveness by implementing a
comprehensive program that encompasses business office practices, front-end tools and
programs and back-end tools and processes. For purposes of this discussion, we will look
at the plan in three parts over the next three months:

  1. Prevention Tools & Practices
  2. Monitoring, Detection & Intervention
  3. Measurement, Analysis & Reporting

Prevention Tools & Practices

Prevention tools can be categorized in three areas: validating identities, controlling
usage and managing bad debt.

Positive Identification: Carriers should implement an effective authentication
identification process to verify the identity of an applicant prior to activation and to
ensure that the subscriber is not establishing service under fraudulent pretense.

In certain states, service providers are prevented from asking for positive
verification such as a driver’s license or Social Security number. In some cases,
regulatory guidelines designed to promote universal service frequently enable the person
intent on fraud to gain access to the network with a minimum of verifiable references. For
example, in many states a carrier cannot deny service due to a lack of a Social Security
number. Many carriers will facilitate identification through the use of credit
bureau-provided information and services.

The following are guidelines carriers can use in establishing their verification
policies:

  1. Primary identification includes Social Security number and driver’s license.
  2. Applicants must provide their legal name (i.e., not nicknames, etc). Billing statements
    should only be sent to the applicant’s legal name.
  3. Online systems should check for a positive match to the name and Social Security number,
    etc. In general, a Social Security number is required to obtain a driver’s license in the
    United States. The equivalent number is required in Canada.
  4. In the event that a Social Security number or driver’s license is not available,
    carriers could then require a live/public appearance at their business office.
  5. Other forms of photo identification (ID) options include a passport and state-issued ID
    card. Photo ID for positive identification purposes generally must be a government-issued
    document (an employer ID card is not acceptable).
  6. As the banking industry has already started taking photographs of its customers for
    identification purposes, it may be an option that carriers take a photo of customers who
    cannot produce any government-issued photo ID at their business offices.
  7. In cases where no photo ID is available, options exist for enacting toll credit limits,
    range privileges (e.g., no international calling for a specified period of time or toll
    restricted to a specific geographic range, etc.), deposits or even denying service.
  8. Verify, whenever possible, that a new (wireless) subscriber’s wireline home phone number
    is listed in the telephone directory under the same name and address as given on the
    application.

Credit Management

In many cases, long distance companies, which frequently suffer the largest loss from
landline-based fraud, do not have any input prior to a subscriber signing up for their
service. Rather, they are notified of their selection after the fact. Generally, the
credit-vetting process is handled by the local exchange carrier (LEC). Service providers
in the local loop can forward account/credit information to the presubscribed
interexchange carrier (PIC) via processes such as "CARE." Carriers can require
that subscribers directly apply with them. Some long distance carriers provide standalone
calling cards that require separate credit vetting from the LEC.

The minimal advance deposit required by the LEC is an incidental cost of doing business
for the fraud professional–the use of deposits is not an effective deterrent to
curb subscription fraud. Many telecom service providers are moving away from deposits.
Carriers are more proactively establishing credit limits and enforcing them as a means to
control and reduce uncollectibles due to subscription fraud and bad debt.

In situations of bad debt/suspected (not confirmed) fraud, carriers can restrict usage
until the bill is paid in full. Carriers can create a special alert or flag to any account
activation in which ID or credit score was less than ideal. This could be tied to velocity
monitoring to ensure traffic volumes on suspect accounts do not exceed credit limits and
or become indicative of abuse/fraudulent calling patterns.

Should the applicant fail the authentication process, network access should be denied.
In cases where the database reflects a history of unpaid closed accounts, the following
actions could be implemented (where legal and appropriate):

  • Notify the PIC so it can monitor long distance usage from the local number
  • Disable the 10XXX feature
  • Disallow PIC changes
  • Establish and enforce credit limits
  • Establish and enforce range privileges (e.g., region/domestic only)
  • Deny toll service or network access.

In those cases where a prospective applicant has failed to secure service, it is
recommended that the applicant not be advised of the specific reason for service denial
(i.e., bad Social Security number). Service or credit denial letters can be provided with
generic information to avoid tipping off the fraudster of ways to get through to a
company’s defenses.

When a problem account is identified, appropriate action (such as line translation and
database updates) should be timely and coordinated, with documentation and regulatory
commission involvement, as necessary. This will limit any fraudulent collect and
bill-to-third-number calling during suspension or after disconnection.

Address Management

Carriers should monitor change-of-address reports as a subscription fraud resource. In
situations where service requests are made involving an address other than the address on
file, the service provider should send a welcome kit (or other mail notification) to the
original address to ensure legitimacy of the new service request.

In conjunction with this, carriers could provide monitoring and detection of bill-to
number changes from the same address/same party. Subscription fraud can be exacerbated via
carrier-hopping or the use of multiple lines at the same account or location. It is
recommended that carriers monitor and limit a customer’s ability to
"number-hop."

Telecom service providers who use welcome kits should monitor welcome kit/call activity
as follows:

  • Mail out welcome kit/card within 48 hours
  • Arrange with local post office to deliver return mail immediately
  • Review "No Such Address" immediately
  • Review "Unable to Deliver" immediately
  • Review "Moved, Left No Address" immediately
  • Watch for address changes after the credit approval
  • Send welcome cards to the original address if there has been an address change
  • Make welcome call within 72 hours of mailing welcome kit
  • Verify information
  • Listen for "scripts," or canned/read/memorized verbiage fraudsters use to give
    false information to customer service representatives (CSRs) over the phone in their
    attempt to activate service with no intent to pay. There are subtle but distinct tones and
    inflections in a person’s voice when he or she uses scripted dialogue over the phone, and
    these can be discerned by a careful listener as a tip-off of potential fraud.

In addition, companies should establish a mailing class for "postcard"
confirmations so that undeliverable mail is returned to the business office. Often,
undeliverable bulk rate mailings, including welcome kits, are returned to the post office
and disposed. Note that postal temporary address change requests can defeat mailed
"welcome kits" as a fraud prevention measure.

Application Profiling

Application profiling and new account fraud detection is a relatively new concept in
profiling. The idea is to profile applications (as telecom service providers already do
with call detail records) to detect fraudulent applications and reduce bad activations.
This technique began in the credit card/banking industry and is establishing for itself a
good track record. These software solutions build profiles based on the application/credit
bureau data and monitors all new traffic based on this special profile. This allows for
the automation of tasks associated with verifying information and scoring such data for
rating credit, fraud and collection probability. These products or solutions provide an
alternative for carriers to avoid costly manual, labor-intensive practices required to
detect and prevent subscription fraud. Such systems can be developed internally or
procured through a vendor.

While the credit score measures the ability to pay the fraud score measures the intent
to pay or the likelihood that the account is a case of subscription fraud. This is
distinct from bad debt in the respect that the customer had decided prior to account
activation not to pay the bill. For bad debt management, some service providers use a
"collection probability score" to aid in making informed decisions about
collection strategy and resource allocation.

National Bad Debt Databases: All telecom service providers can tap into national
bad debt databases as another tool to combat subscription fraud. Carriers should use these
online bad debt databases, both internal and external. There are front-end subscription
fraud vendors, such as credit bureaus, that provide current and historical information
about customers and accounts on a national scale, culled from accounts from all
contributing carriers. These external databases are used to facilitate the exchange of
information among carriers or the industry as a whole. The goal is to detect patterns in
fraudulent activation attempts on a multicarrier scale and then share bad debt information
and history from other carriers. Such databases can be linked with the FMS (fraud
management system) and the fraud application detection system or application profiler.
This exchange of information reduces fraud exacerbated by carrier-hopping.

It is recommended that the telephone service provider enter both unpaid closed account
information and failed attempts to secure service (with reason for service denial) into
these databases that would be accessible by all participating telephone service providers.
The historic account data maintained in the database provides information on subscription
fraud accounts/locations. This process will create a mechanism for service providers to
track non-payers as they move from place to place or from carrier to carrier. It also will
allow the service provider to monitor for potential fraud.

Biometrics: Biometrics is an emerging technology now being used as part of the
front-end subscription fraud system. Voice prints, finger/thumbprints and retina prints
currently are being deployed to varying degrees. These techniques have been trailed and
used in the banking industry, and the biometric vendors have already targeted telecom for
these applications. Designed as an identity verification technology, one of its purposes
is to detect fraudulent identity manipulations, such as fake IDs. For some, this is viewed
as the next generation in fraud management. Carriers can research the various biometric
options on the market today to determine viability for implementation.

Mario McCash is is the Business Development Manager for Fraud Services at Illuminet
and co-chair of the Subscription Fraud Task Force for the Toll Fraud Prevention Committee.
He can be reached at [email protected]
 

Editor’s Note: This is the first in a three-part series on subscription fraud. The
first part covers Prevention Tools & Practices. Next month, Part II will cover
Monitoring, Detection & Intervention. In November’s issue, Part III will discuss
Measurement, Analysis & Reporting.

Enemy File Fraudsters’ Many Faces

When setting up new accounts, carriers should be aware of the many masks worn by
subscription fraudsters and take countermeasures to combat each schemer.

True-Name Fraudster

The most difficult to prevent and detect, the true-name fraudster submits an accurate
application for credit and service, which slips through most front-end application
detection nets because the credit is good and there are no apparent anomalies with the
application data. Note also that:

  • True-name fraud may or may not involve address changes;
  • True-name fraud may or may not be associated with prior schemes or fraud cases;
  • True-name fraud may or may not have historical fraudulent calling patterns–especially
    if the account is resold–as in call-sell operations.

Identity-Theft Fraudster

Unlike the true-name fraudster, the identity thief steals the identity of an individual
in its entirety. Credit cards, calling cards and phone service are all affected.

"Domestic Dispute" Fraudster

A variation on the identity thief, this person preys upon people whom he/she knows
(e.g. relative, boyfriend, girlfriend, etc.). This is considered subscription fraud and not
bad debt.

Take-Over Fraudster

The take-over fraudster assumes a legitimate account by moving service to a new
location. This could include sending in a written request to have a new calling card
mailed to a different address, or to have a new card mailed to an existing location
wherein the fraudster puts in a temporary mail forward order at the post office. The
fraudster also may request a new line at a new location, using the name and good credit of
an existing customer at another location.

False-Application Fraudster

This fraudster applies for service with phony application data. The application could
include fake names, Social Security numbers, birth dates, names of deceased persons,
inverted data, etc.

False-Claim Fraudster

Here, the account holder makes a false claim that his or her bill has fraudulent calls
on it and requests credit. The calls could have been resold to another party or given to
an associate or accomplice for use. Dialed-digit analysis may or may not catch a pattern
of or tie-in to past calling history. The perpetrator may carrier-hop to continue the
scheme.

Account-Holder Fraudster

This person applies for service as his true self with no intent to pay. The fraud is
facilitated through carrier-hopping. In many cases, such accounts are tagged by carriers
incorrectly as bad debt.

Most Likely to Defraud

The following are major indicators most vendor-provided solutions use to create a fraud
profile score:

Invalid/bad Social Security numbers (deceased Social Security numbers, age/Social
Security number mismatch, etc.)

  • Date of birth
  • Drivers license numbers (state of issuance)
  • High-risk or invalid phones and addresses
  • Bankruptcy filings
  • High-risk/invalid ZIP codes
  • Phone/ZIP code mismatch
  • Names (deceased, etc.)
  • Area code splits
  • Nearby addresses and phones (neighbors)
  • Relatives
  • Property ownership transfers
  • Vehicle ownership
  • Others using same address
  • Employment information
  • Business/company information (if not individual/private account)

 

  • Demographics:
  • Income
  • Gender
  • Length of residence
  • Homeowner status
  • Number of mortgages
  • Bank card holders
  • Premium bank card holders
  • Upscale retail card holders
  • Married (% married)
  • Average age
  • Median household income
  • % renters
  • % homeowners
  • Median home value
  • Median years of education
  • % high school graduates
Tags: Agents Telephony/UC/Collaboration

Most Recent


  • Chatbot on laptop
    Avaya Reshapes Partner Landscape with New Cloud Products for a Hybrid World
    The company is offering more low code, no code solutions as well.
  • Conversation Intelligence Improves Outcomes for Contact Centers, Observe.AI Research Shows
    However, two-thirds of contact centers still rely on manual processes for critical workflows like agent coaching and quality assurance.
  • Unified Communications
    Vonage, GoTo, Cisco Among Key Companies in UC Market Approaching $190 Billion
    The rising adoption of mobility is increasing the demand for unified communication solutions.
  • Adam Wilson Vonage CP Europe Still
    Vonage a 'Single Communications Stack Provider' for Partners, Customers
    These are the biggest opportunities for Vonage partners today.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Microsoft Teams app
    Microsoft Primes Partners to Build Next Wave of Teams Collaborative Apps
  • Business growth chart
    8x8 Signs Sandler Partners as Partner Earnings Jump 38%
  • Growth funding
    Successful Bridgepointe Partners Agree to Upstack Acquisition
  • Call Center
    RingCentral, Nice Extend Partnership to Offer RingCentral Contact Center

Upcoming Events

View all

MSP Summit

September 13, 2022 - September 16, 2022

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Galleries

View all

7 Channel People Making Waves This Week at Datto, New Relic, Kyndryl, More

July 1, 2022

Cybersecurity Experts: July 4th Weekend Ripe for Ransomware, Other Attacks

July 1, 2022

Images: HPE Discover 2022 Expo Hall Featuring Microsoft, Ingram Micro, VMware

July 1, 2022

Industry Perspectives

View all

How to Make Embracing Change Part of Your Company Culture

July 1, 2022

How to Differentiate to Leverage 5G’s Revenue Opportunity

June 28, 2022

Why MSPs are Attractive Cyberattack Targets

June 24, 2022

Webinars

View all

VEP Platform for Delivery of uCPE, SD-WAN and SASE

June 29, 2022

The Digital Worker: How to Empower Customers with a Flexible, Scalable VDI Solution to Enable Remote Work

June 30, 2022

Growing Partner Revenue and Customer Satisfaction with Power Management Services

June 23, 2022

White Papers

View all

Work Goes Remote – (and Other Top ITOps Trends)

May 25, 2022

The New Bottom Line: How MSPs Can Meet the Healthcare Crisis While Evolving Their Businesses

April 19, 2022

How to build a Security Operations Center (on a budget)

April 4, 2022

Channel Futures TV

View all

Vonage a ‘Single Communications Stack Provider’ for Partners, Customers

IBM, Partners and the $1 Trillion Hybrid Cloud Opportunity

June 26, 2022

Agents Share ‘Secrets,’ Industry Opportunity

May 11, 2022

AT&T, Microsoft, Cisco, ThreatLocker on Unlocking Partner Potential

May 6, 2022

Twitter

ChannelFutures

Channel people making waves this week include: @jpdepa3rd, @RiyaShanmugam, @sandyhogan dlvr.it/STCM6S https://t.co/oVB86ztTtP

July 1, 2022
ChannelFutures

#Cybersecurity experts say July 4th weekend ripe for #ransomware, other attacks. @blumirasec @Netenrich @Vectra_AI… twitter.com/i/web/status/1…

July 1, 2022
ChannelFutures

New @PureStorage #ITchannel leader details jump from Veritas. dlvr.it/STBsLB https://t.co/BFSmZ5ubff

July 1, 2022
ChannelFutures

New Pure Storage EMEA Channel Leader Details Jump from Veritas dlvr.it/STBrPQ https://t.co/LjFXo6FbVF

July 1, 2022
ChannelFutures

.@qumulo latest channel business to confirm layoffs impacting 80 workers. #storage dlvr.it/STBh1L https://t.co/hE10wBA3ka

July 1, 2022
ChannelFutures

Ranking on the #MSP501 isn't just an industry accolade... it brings pride to each company and their team. Congratu… twitter.com/i/web/status/1…

July 1, 2022
ChannelFutures

Company culture is ever changing in today's society - here are ways to embrace that change with @coxbusiness… twitter.com/i/web/status/1…

July 1, 2022
ChannelFutures

#HPEDiscover expo hall images. Featuring @IngramMicroInc @msPartner @Veeam @Commvault and more.… twitter.com/i/web/status/1…

July 1, 2022

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X