Pickpocketing Fraud

2 min read Cybersecurity

Hackers are getting more sophisticated. According to Carl Boraman, Director of Strategic Partnerships at Tollring, Comms Business Magazine winner of Best Security Award 2018, the cloud can increase the problem but can also provide the solutions.

Telecoms fraud is a key area of cyber security and a multi-billion-pound business for criminals. With monetary damages more than double that of credit card fraud, it is an ongoing and ever-evolving threat with global calculations at £25.5bn per year and the UK being the 3rd most targeted country.

Tollring estimates that it has saved its Service Provider resellers and customers (across all platforms and partners) a staggering £91 million in fraud damages in the past year. This figure is based on the widely published average cost of damage of £10,000 per fraud attack (source: NEC and many other companies on the internet)

Further illustrating the scale of the problem, Tollring reports that of the 9100 fraud incidents captured by their iCall Suite fraud and credit management solution iCS Protect since its January 2017 launch, only 5% were based on reseller-imposed credit limit breaches. 95% of incidents were fraud related and were stopped by iCS Protect’s intelligent analytics.

CBM: What has been the reaction from users and the channel to the increased risk of fraud?

Carl Boraman (CB): User spend capping has been a common reactive approach to tackling fraud but fraud will occur and capping is simply an attempt to cap losses. Tollring’s findings of 95% of fraud incidents across platforms in the past year captured by intelligent analytics suggests that relying on credit capping is vastly insufficient in the fight against fraud especially as techniques evolve to make detection and prevention more difficult.

For example, a recent trend is for fraudsters to go undetected by taking smaller more frequent ‘pickpocket’ hits across multiple customer systems that don’t trigger standard spend limit based alarms. Now that such a high percentage of fraud attacks are being captured by intelligent analytics, we believe this will cause a major shift in the channel’s approach to fighting fraud.

CBM: How is Tollring keeping up with the hackers?

CB: New technology from Tollring proactively identifies and kills fraud, uniquely combining fraud protection and credit management in one single solution. Seamless integration with leading Hosted-UC and SIP trunking services delivers SPs competitive differentiation, making security central to value propositions. Having launched iCS Protect in 2017, Tollring currently monitors over 288,000 endpoints across platforms, mining data to produce sophisticated business intelligence and dashboards facilitated by the cloud’s infinite scalability. Designed to machine-learn, the product not only checks against a global database of fraudulent destinations but also profiles on a customer by customer basis, typical calling behaviour and looks for unusual patterns.

CBM: Do you think technology is keeping pace with the changes in fraud threat types and can you ever get ahead of the game?

CB: In some areas it is and in others it’s not. The classic approach is to use service assurance products and network monitoring tools from carriers but these are only alerts. Fraud has fragmented; it used to be a Friday night/weekend attack but it is more sophisticated today. Typically, a SIP trunk break in to use outgoing service – but with really short calls once a low profile test calls has established the number has not been blacklisted. Over a weekend these robo-dialled calls can generate a £250k loss. Often these operations are set up as fake customers with20/30 lines and softphones preying on naïve sales people. The need for educational awareness is paramount.

The move to IP is creating more opportunity for fraud – there are more devices a hacker can target and you have to provide solutions on a wholesale bases. Big Data, AI and machine learning are now commonly used to tackle the problem.

CBM: Are resellers really recognising this fraud threat as an opportunity or is there a reluctance to initiate user conversations?

CB: Smaller SPs are interested but resellers are still reluctant to get involved as they see mentioning fraud puts off customers. Some resellers handle it really well and use their willingness to discuss the subject as a differentiator.