Free Newsletters for the Channel
Register for Your Free Newsletter Now
September 1, 1998
Expect No Mercy
Subscription Fraudsters Are Formidable Foes
By Mario McCash
Subscription fraudsters come in all types, and prey upon service providers
eager to welcome new customers in a highly competitive market. What’s your secret weapon?
One of the most pernicious of all telecommunications fraud is subscription
fraud, whereby the subscriber has no intent to pay. Domestic subscription fraud is
estimated by the Alliance to Outfox Phone Fraud to be $500 million. And it may be worse,
since its perpetrators often find obscurity in the bad debt file. In fact, 20 percent of
bad debt actually may be subscription fraud.
A significant increase in subscription fraud is projected in the wireless telecom
industry as cloning surrenders to new authentication procedures. Authentication will
defeat even digital scanners and, thus, subscription fraud will become the preferred
method of attack from telecom crooks. Increases in credit card fraud also foretell the
rise of subscription fraud throughout the telecom industry, as many credit card fraudsters
also are telecom subscription fraudsters. In fact, credit card fraud, wireless fraud and
landline fraud are all interwoven. And to make matters worse, the crimes often are
intertwined with other criminal operations such as drugs and other illegal contraband.
Against this backdrop most telecom service providers prefer solutions to subscription
fraud that are non-customer-intrusive, do not violate privacy issues and do not interfere
with marketing practices (i.e., are automated and inexpensive). This mindset and certain
regulatory considerations make telecom service providers particularly vulnerable to
In this variety of telecommunications fraud, a person establishes telephone service at
a business or residence, runs up a high volume of calls–often international–and abandons
the service without paying the bill. Frequently, subscription fraud also includes large
numbers of collect and billed-to-third-number calls as well. Those committing fraud leave
the premises before the first bill is delivered or service is cut off for non-payment.
Subscription fraudsters come in all types (see sidebar), but basically prey upon phone
service providers that eagerly welcome new customers in this highly competitive market.
While it might seem easy to keep fraudulent customers off the network, it is difficult
in practice. Telephone service providers can improve their effectiveness by implementing a
comprehensive program that encompasses business office practices, front-end tools and
programs and back-end tools and processes. For purposes of this discussion, we will look
at the plan in three parts over the next three months:
Prevention Tools & Practices
Monitoring, Detection & Intervention
Measurement, Analysis & Reporting
Prevention tools can be categorized in three areas: validating identities, controlling
usage and managing bad debt.
Positive Identification: Carriers should implement an effective authentication
identification process to verify the identity of an applicant prior to activation and to
ensure that the subscriber is not establishing service under fraudulent pretense.
In certain states, service providers are prevented from asking for positive
verification such as a driver’s license or Social Security number. In some cases,
regulatory guidelines designed to promote universal service frequently enable the person
intent on fraud to gain access to the network with a minimum of verifiable references. For
example, in many states a carrier cannot deny service due to a lack of a Social Security
number. Many carriers will facilitate identification through the use of credit
bureau-provided information and services.
The following are guidelines carriers can use in establishing their verification
Primary identification includes Social Security number and driver’s license.
Applicants must provide their legal name (i.e., not nicknames, etc). Billing statements
should only be sent to the applicant’s legal name.
Online systems should check for a positive match to the name and Social Security number,
etc. In general, a Social Security number is required to obtain a driver’s license in the
United States. The equivalent number is required in Canada.
In the event that a Social Security number or driver’s license is not available,
carriers could then require a live/public appearance at their business office.
Other forms of photo identification (ID) options include a passport and state-issued ID
card. Photo ID for positive identification purposes generally must be a government-issued
document (an employer ID card is not acceptable).
As the banking industry has already started taking photographs of its customers for
identification purposes, it may be an option that carriers take a photo of customers who
cannot produce any government-issued photo ID at their business offices.
In cases where no photo ID is available, options exist for enacting toll credit limits,
range privileges (e.g., no international calling for a specified period of time or toll
restricted to a specific geographic range, etc.), deposits or even denying service.
Verify, whenever possible, that a new (wireless) subscriber’s wireline home phone number
is listed in the telephone directory under the same name and address as given on the
In many cases, long distance companies, which frequently suffer the largest loss from
landline-based fraud, do not have any input prior to a subscriber signing up for their
service. Rather, they are notified of their selection after the fact. Generally, the
credit-vetting process is handled by the local exchange carrier (LEC). Service providers
in the local loop can forward account/credit information to the presubscribed
interexchange carrier (PIC) via processes such as "CARE." Carriers can require
that subscribers directly apply with them. Some long distance carriers provide standalone
calling cards that require separate credit vetting from the LEC.
The minimal advance deposit required by the LEC is an incidental cost of doing business
for the fraud professional–the use of deposits is not an effective deterrent to
curb subscription fraud. Many telecom service providers are moving away from deposits.
Carriers are more proactively establishing credit limits and enforcing them as a means to
control and reduce uncollectibles due to subscription fraud and bad debt.
In situations of bad debt/suspected (not confirmed) fraud, carriers can restrict usage
until the bill is paid in full. Carriers can create a special alert or flag to any account
activation in which ID or credit score was less than ideal. This could be tied to velocity
monitoring to ensure traffic volumes on suspect accounts do not exceed credit limits and
or become indicative of abuse/fraudulent calling patterns.
Should the applicant fail the authentication process, network access should be denied.
In cases where the database reflects a history of unpaid closed accounts, the following
actions could be implemented (where legal and appropriate):
Notify the PIC so it can monitor long distance usage from the local number
Disable the 10XXX feature
Disallow PIC changes
Establish and enforce credit limits
Establish and enforce range privileges (e.g., region/domestic only)
Deny toll service or network access.
In those cases where a prospective applicant has failed to secure service, it is
recommended that the applicant not be advised of the specific reason for service denial
(i.e., bad Social Security number). Service or credit denial letters can be provided with
generic information to avoid tipping off the fraudster of ways to get through to a
When a problem account is identified, appropriate action (such as line translation and
database updates) should be timely and coordinated, with documentation and regulatory
commission involvement, as necessary. This will limit any fraudulent collect and
bill-to-third-number calling during suspension or after disconnection.
Carriers should monitor change-of-address reports as a subscription fraud resource. In
situations where service requests are made involving an address other than the address on
file, the service provider should send a welcome kit (or other mail notification) to the
original address to ensure legitimacy of the new service request.
In conjunction with this, carriers could provide monitoring and detection of bill-to
number changes from the same address/same party. Subscription fraud can be exacerbated via
carrier-hopping or the use of multiple lines at the same account or location. It is
recommended that carriers monitor and limit a customer’s ability to
Telecom service providers who use welcome kits should monitor welcome kit/call activity
Mail out welcome kit/card within 48 hours
Arrange with local post office to deliver return mail immediately
Review "No Such Address" immediately
Review "Unable to Deliver" immediately
Review "Moved, Left No Address" immediately
Watch for address changes after the credit approval
Send welcome cards to the original address if there has been an address change
Make welcome call within 72 hours of mailing welcome kit
Listen for "scripts," or canned/read/memorized verbiage fraudsters use to give false information to customer service representatives (CSRs) over the phone in their attempt to activate service with no intent to pay. There are subtle but distinct tones and inflections in a person’s voice when he or she uses scripted dialogue over the phone, and these can be discerned by a careful listener as a tip-off of potential fraud.
In addition, companies should establish a mailing class for "postcard"
confirmations so that undeliverable mail is returned to the business office. Often,
undeliverable bulk rate mailings, including welcome kits, are returned to the post office
and disposed. Note that postal temporary address change requests can defeat mailed
"welcome kits" as a fraud prevention measure.
Application profiling and new account fraud detection is a relatively new concept in
profiling. The idea is to profile applications (as telecom service providers already do
with call detail records) to detect fraudulent applications and reduce bad activations.
This technique began in the credit card/banking industry and is establishing for itself a
good track record. These software solutions build profiles based on the application/credit
bureau data and monitors all new traffic based on this special profile. This allows for
the automation of tasks associated with verifying information and scoring such data for
rating credit, fraud and collection probability. These products or solutions provide an
alternative for carriers to avoid costly manual, labor-intensive practices required to
detect and prevent subscription fraud. Such systems can be developed internally or
procured through a vendor.
While the credit score measures the ability to pay the fraud score measures the intent
to pay or the likelihood that the account is a case of subscription fraud. This is
distinct from bad debt in the respect that the customer had decided prior to account
activation not to pay the bill. For bad debt management, some service providers use a
"collection probability score" to aid in making informed decisions about
collection strategy and resource allocation.
National Bad Debt Databases: All telecom service providers can tap into national
bad debt databases as another tool to combat subscription fraud. Carriers should use these
online bad debt databases, both internal and external. There are front-end subscription
fraud vendors, such as credit bureaus, that provide current and historical information
about customers and accounts on a national scale, culled from accounts from all
contributing carriers. These external databases are used to facilitate the exchange of
information among carriers or the industry as a whole. The goal is to detect patterns in
fraudulent activation attempts on a multicarrier scale and then share bad debt information
and history from other carriers. Such databases can be linked with the FMS (fraud
management system) and the fraud application detection system or application profiler.
This exchange of information reduces fraud exacerbated by carrier-hopping.
It is recommended that the telephone service provider enter both unpaid closed account
information and failed attempts to secure service (with reason for service denial) into
these databases that would be accessible by all participating telephone service providers.
The historic account data maintained in the database provides information on subscription
fraud accounts/locations. This process will create a mechanism for service providers to
track non-payers as they move from place to place or from carrier to carrier. It also will
allow the service provider to monitor for potential fraud.
Biometrics: Biometrics is an emerging technology now being used as part of the
front-end subscription fraud system. Voice prints, finger/thumbprints and retina prints
currently are being deployed to varying degrees. These techniques have been trailed and
used in the banking industry, and the biometric vendors have already targeted telecom for
these applications. Designed as an identity verification technology, one of its purposes
is to detect fraudulent identity manipulations, such as fake IDs. For some, this is viewed
as the next generation in fraud management. Carriers can research the various biometric
options on the market today to determine viability for implementation.
Mario McCash is is the Business Development Manager for Fraud Services at Illuminet
and co-chair of the Subscription Fraud Task Force for the Toll Fraud Prevention Committee.
He can be reached at [email protected]
Editor’s Note: This is the first in a three-part series on subscription fraud. The
When setting up new accounts, carriers should be aware of the many masks worn by
subscription fraudsters and take countermeasures to combat each schemer.
The most difficult to prevent and detect, the true-name fraudster submits an accurate
application for credit and service, which slips through most front-end application
detection nets because the credit is good and there are no apparent anomalies with the
application data. Note also that:
True-name fraud may or may not involve address changes;
True-name fraud may or may not be associated with prior schemes or fraud cases;
True-name fraud may or may not have historical fraudulent calling patterns–especially if the account is resold–as in call-sell operations.
Unlike the true-name fraudster, the identity thief steals the identity of an individual
in its entirety. Credit cards, calling cards and phone service are all affected.
A variation on the identity thief, this person preys upon people whom he/she knows
(e.g. relative, boyfriend, girlfriend, etc.). This is considered subscription fraud and not
The take-over fraudster assumes a legitimate account by moving service to a new
location. This could include sending in a written request to have a new calling card
mailed to a different address, or to have a new card mailed to an existing location
wherein the fraudster puts in a temporary mail forward order at the post office. The
fraudster also may request a new line at a new location, using the name and good credit of
an existing customer at another location.
This fraudster applies for service with phony application data. The application could
include fake names, Social Security numbers, birth dates, names of deceased persons,
inverted data, etc.
Here, the account holder makes a false claim that his or her bill has fraudulent calls
on it and requests credit. The calls could have been resold to another party or given to
an associate or accomplice for use. Dialed-digit analysis may or may not catch a pattern
of or tie-in to past calling history. The perpetrator may carrier-hop to continue the
This person applies for service as his true self with no intent to pay. The fraud is
facilitated through carrier-hopping. In many cases, such accounts are tagged by carriers
incorrectly as bad debt.
Most Likely to Defraud
The following are major indicators most vendor-provided solutions use to create a fraud
Invalid/bad Social Security numbers (deceased Social Security numbers, age/Social
Read more about:Agents
You May Also Like
Zero Trust World: ThreatLocker Unleashes New Tools to Stop ThreatsFeb 27, 2024
Mobile World Congress: VMware Talks SASE, 5G, SD-WANFeb 27, 2024
Zero Trust World: ThreatLocker Providing an Action Plan for Preventing AttacksFeb 26, 2024
The Gately Report: Trellix Partners Shielding SMBs from RansomwareFeb 26, 2024