Vanishing Point

Fraud, once the constant companion of digital world, is being tamed. From carrier billing fraud to SMS and voice services, there are signs that all is getting better. But, as Paul Skeldon reports, it has far from gone away.

First, the good news. Annual fraud losses from voice and operator messaging channels is likely to decline to around $17bn in 2028, 9% less than 2024’s projected losses. It is also encouraging that carrier billing fraud, while not falling per se, is being wrestled under control. Why, you may ask, has the dark shadow of cyber crime, the once constant companion of the digital world, taken its foot off the gas?

That brings us to the bad news: it hasn’t. However, many of the processes and technologies that have been devised and deployed to make the online and mobile world a safer place, are now bearing fruit.

VOICE AND SMS

The latest report from Kaleido Intelligence, a leading roaming and connectivity market research firm – Mobile Network Fraud & Security: 2024 Outlook – suggests that improved security around 5G, along with the phasing out of old circuit switched networks is seeing fraudsters move away from SMS and voice fraud, instead targeting new channels and digital environments instead.

Kaleido notes that, while voice and SMS fraud will cause fewer material losses over time, the need to maintain backwards compatibility in the networks will keep older vulnerabilities from SS7 and Diameter proto-

cols present long into the 5G era. As a result, Kaleido expects fraud from these channels to plateau rather than disappear altogether, with the rate of decline falling throughout the forecast period.

In the case of SMS, we expect to see declines because of increased adoption of RCS following Apple’s announcement of support for the standard.

However, despite increased encryption, variable implementation will leave messaging open as a potential channel for fraudsters, keeping messaging fraud over $6 million in 2028.

Report author James Moar comments: “The security problems with RCS implementations

are emblematic of many security issues within the telecoms space; flexibility and variation in standards implementation, while helpful to operators dealing with diverse infrastructure, continues to make high security an option, rather than a necessity.”

TELCO APIS

Similarly, Kaleido notes that while standardised telco APIs will help with service delivery and in some instances provide a new set of anti-fraud tools, they also broaden the attack surface, giving more potential points of ingress and disruption to the telecoms network.

Telcos’ inexperience in dealing with API security is a key reason why more advanced forms of attack will increase to almost $8 billion by 2028.

HOTSPOTS

While voice and SMS fraud have declined, new digital fraud hotspots are likely to emerge in the coming years.

As the number of connected devices increases, the risk of IoT-related fraud will also grow. Attackers may target vulnerable IoT devices to launch attacks on networks and systems.

The increasing reliance on cloud-based services creates new opportunities for fraudsters. Data breaches, phishing attacks, and unauthorized access to cloud-based resources are potential threats.

Fraudsters are becoming increasingly sophisticated in their social engineering tactics. Phishing attacks, smishing (SMS phishing) and vishing (voice phishing) will continue to be a significant challenge.

The growing popularity of cryptocurrencies has led to a surge in cryptocurrency-related scams, such as phishing attacks and Ponzi schemes.

DCB FRAUD

The popularity of Direct carrier billing (DCB) (see page 1 and

8) has been accompanied by a parallel rise in fraudulent activities. Over the past three years, the landscape of DCB fraud has evolved significantly, reflecting the increasing sophistication of cybercriminals and the need for robust countermeasures.

Fraudsters have refined their techniques, leveraging advanced technologies and exploiting vulnerabilities in the DCB ecosystem. This includes the use of malware, phishing attacks, and automated bots to initiate unauthorised transactions.

DCB fraud has also become more widespread and organised, with criminal syndicates engaging in large-scale operations. The financial impact of these fraudulent activities has grown substantially, affecting both consumers and businesses. New trends have emerged, such as the use of deepfakes and social engineering to

deceive consumers. Additionally, the integration of DCB with other payment methods, like mobile wallets and cryptocurrencies, has created new avenues for fraud.

According to fraud prevention companies such as Evina, there are several ways in which the industry, along with specialist companies, can tackle DCB fraud, starting with raising awareness among consumers about the risks of DCB fraud is crucial. Telecom operators and regulatory bodies have intensified their efforts to educate users on how to protect themselves from scams.

Telecom operators and technology providers have implemented advanced security measures to detect and prevent fraudulent transactions. These include fraud analytics, machine learning algorithms, and realtime monitoring systems.

Increasingly, collaboration between telecom operators, technology providers and regulatory bodies has been used to combat DCB fraud effectively (see panel). Sharing information, best practices, and resources can help strengthen defences against emerging threats.

Governments and regulatory authorities have also introduced stricter regulations to address DCB fraud. These regulations aim to protect consumers, hold businesses accountable, and establish clear guidelines for preventing and mitigating fraud.

WHAT LIES AHEAD

Looking ahead to the next two years, several trends are likely to shape the landscape of billing and mVAS fraud. Naturally, Artificial intelligence (AI) will play an increasingly important role in fraud detection – as witness by how the likes of

Evina and MCP Insights are already fighting fraud. These AI-powered systems can analyse vast amounts of data to identify patterns and anomalies that may indicate fraudulent activity.

Biometric authentication methods, such as fingerprint recognition and facial recognition, will become more prevalent in DCB transactions. These technologies can enhance security and reduce the risk of fraud.

Similarly, cloud-based security solutions will gain popularity due to their scalability and flexibility. These solutions can provide realtime threat detection, prevention, and response capabilities. And of course, regulatory frameworks will continue to evolve to address emerging fraud threats. New regulations may be introduced to enhance consumer protection, strengthen data privacy, and impose stricter penalties on fraudulent activities.

How Telecom Egypt drove a 90% reduction in incoming scam calls with voice firewall

Since Telecom Egypt, Egypt’s primary telecom operator, deployed Enea’s voice firewall to protect against scam calls and unwanted robocalls, more than 90% of incoming calls with spoofed caller IDs have disappeared from its network.

When the firewall solution was initially deployed, 8+% of all calls were identified as fraudulent and immediately blocked. This has acted as a deterrent to scammers, who have now ceased targeting the network, resulting in a roughly 90% reduction in spoof calls on the network.

According to a 2023 report from the Global Anti-Scam Alliance (GASA), phone calls are the leading channel for scam attempts worldwide, a sobering fact that underscores the importance of robust telecom security measures. Like many other countries, Egypt suffers from voice call scams where spoofing is used to mislead subscribers about the caller’s identity.

Caller ID spoofing means that the number displayed to a subscriber when receiving a call is not the number from which the call is being

made. Scammers use this method to hide their identities and trick subscribers into believing the call is legitimate. It is often used to impersonate banks or authorities, facilitating the first steps of a financial fraud scheme or personal data theft.

To protect its subscribers, Telecom Egypt has deployed Enea’s voice firewall, a cutting-edge solution that operates on a zero-trust approach. It accurately detects and blocks any spoofed calls coming into the network, ensuring that only genuine calls reach the subscribers and preventing scams at the very first stage before potential victims are reached.

Mohamed Al Fowey, Vice President, Chief Technology Officer at Telecom Egypt says: “Protecting our subscribers is a strategic priority. Improving end-user security to mitigate fraud and abuse in our network adds value to all our users. Enea is instrumental in our work to secure our network against voice call threats such as caller ID spoofing.”