Fraud exploits weaknesses and weaknesses occur at the intersections of processes. Weaknesses also tend to happen where the focus is not. Whilst telecoms companies throw resources at combating online fraud, hacking and online theft, there is now a weakness in another, more physical part of the process – the Point of Sale (POS).
The very point at which customers are signed up has become a focus for fraudsters. With the value of mobile devices far greater than ever before – in the hundreds of dollars – the risk is now worth it for fraudsters. The challenge is to prevent this phone theft while preventing potentially valuable customers leaving the store or web site because of long delays while checks are made. The problem is not simply fraudsters trying to steal phones, but there are also risks from top ups and the purchase of new services or signing up to large monthly subscriptions in order to get a smartphone as part of the deal.
This was the situation at a large operator in South Asia. They were losing money at the Point of Sale, shouldering their fair share of the $5.5 billion that the CFCA cites as being lost each year at this critical initial intersection of customer and company. In the UK alone it is a £136 million problem. With the weaknesses identified as coming from MVNOs, their own retailers and their web site, the brief was to shore up the defenses while keeping checks to less than five seconds. Subex’s proven inline fraud management was chosen and integrated with the company’s POS process.
Using fuzzy logic, phonetics and other techniques, such as integration with Google Maps to check whether an address exists, 50-60 rules were designed as the framework for queries (that take less than a second), so when a new customer signs up, there are three outcomes:
1) checks are fine, the new customer is welcomed
2) checks find a match with an identity flagged in a black list and the customer is refused at that point
3) something is not quite right and the decision is deferred, and referred to the fraud team for clarification and investigation
These variations can be caused by ordinary discrepancies. A house number might have been inadvertently entered inaccurately or a name might have been misspelled. On the other hand these variations might have been made on purpose, thus the referral to the fraud team.
The initial results were eye catching. In the first month, the company ‘saved’ $2 million, the hit rate in identifying fraudsters was an admirable 62% during the week, a staggering 100% at the weekends. It proves that inline systems can be used to great effect in an offline situation, or, as in this case, a hybrid offline/online environment.
Whilst this stands alone as a spotlight on the threat and the solution, the threat is multiplied in large, regional or global carriers. There are seldom centralized black lists when one company operates in several countries as a result of mergers and acquisitions. We know that the most likely situation will involve separate systems for separate OpCos and the integration of the systems and processes will be ongoing and complex. Without a centralized system, however, POS fraud could be happening in each of the countries where the carrier operates and could be reduced if the national checks could be extended across boundaries. Better still, a list shared by all operators must also make sense but the problem is that until now the value of the fraud has not warranted that level of co-operation. Perhaps now it does.
However big the problem, success hinges on being pro-active. In the world of real time data and the ever-increasing use of mobile data, the threat level increases at the same pace – in fact, in most cases the operators are playing ‘catch up’ as fraudsters prove their agility again and again. Pro-active means real time in today’s environment, whatever the channel. When an order is received the system must be able to evaluate and check parameters such as location, using Google Maps, demographics of the subscriber, type of order and type of retailer in a second or less. These solutions are use in partnership with the credit card companies, who have been credit and balance checking in real time for years. Together, they form a robust defense against this previously unnoticed but emerging area of fraud.