Subscription Fraud: A gateway to other crimes

5 ways crooks exploit subscription fraud and what can be done to prevent it

Posted by Fico

Though subscription fraud may not be the most common type of fraud that communications service providers suffer any longer, the problem has still grown since 2019 by nearly 6% from $1.92B to $2.03 billion, according to CFCA’s 2021 Fraud Loss Survey Report.

Subscription fraud can be a symptom of or gateway to other frauds. For example, a synthetic identity could be used to create a fraudulent subscription. This in turn helps build a false identity associated with a mobile number. These are then used to defraud multiple banks with fraudulent accounts, credit cards, and loans.  But subscription fraud also continues in traditional ways, like those who subscribe with no intent to pay, and those who seek to acquire incentivized devices falsely just to sell them online at a profit.

Here are five other ways crooks use subscription fraud to commit crimes against customers and service providers, with advice on how to stop them.

1. Fraud masquerades as bad debt. There exists in the telecom fraud world a sort of purgatory where fraudsters disguise themselves as bad debtors. More than 40% of the experts CFCA surveyed say less than 10% of their bad debt is actually due to fraud. But whether CSPs define bad debt the same ways or have programs in place to differentiate bad debt from scams like synthetic identity fraud, may call this conservative estimate into question.

For example, though half of those surveyed say their organization distinguishes between bad debt and synthetic identity fraud, the other half either know they do not (13.3%) or are not sure (36.7%). If fraud is categorized as bad debt, it will not be investigated or stopped. As a result, scammers can return again and again to different CSPs with different types of identity frauds with little concern of being caught, much less prosecuted.

FICO’s advice: Many forward-looking enterprises have moved from traditional rules-based fraud management solutions (FMSs) to those that leverage more sophisticated analytics. On the one hand, defining and identifying different types of subscription fraud will help to differentiate them from bad debt. At the same time, using analytics to detect patterns and data linkages across subscriptions can help CSPs to identify and stop the fraud rings that re-use stolen and synthetic identities to commit crimes continuously while remaining “under the radar” of a rule-driven FMS.

2. Frauds hide among false positives. Fraudsters exploit the fact that CSPs have not traditionally shared fraud data with each other. It can be a difficult choice for a company to share its ugly truths with its competitors, but in the fraud world, collaboration is key to prevention. Though some CSPs are managing and reducing the volume of false positives they investigate, others are struggling. CFCA reports that CSPs’ “fraud management systems tend to detect fraud cases with an average False Positives rate of either 13% or 88%” while 26% of those surveyed report spending more than 20 hours per week – or even more than 40 hours per week – researching false positives. At the same time, 52% report using no third-party data in fraud management to help gain the intelligence and insight necessary to differentiate real fraud from false positives.

FICO’s advice: Two-thirds (67%) of those CFCA surveyed say they are either willing (29%) or very willing (38%) to share fraud intelligence within industry forums – with a full third willing to share data directly. Coupling greater industry-wide data sharing with modern, analytics-based FMS is crucial to the evolution of fraud models that stay ahead of the crooks and not allow them to exploit blind spots between CSPs any longer.

3. IoT increases fraud opportunities. The dreadful potential of fraud in the Internet of Things (IoT) is evident in CFCA’s survey data as only 41% of CSPs report monitoring IoT traffic for fraud and abuse. Simultaneously, those surveyed report DDoS attacks; abuse of unlimited data services; and SIM swaps as the most common ways IoT devices are being used to commit fraud. This means fraudsters have a near free-for-all before them with an insufficiently defended yet expanding IoT attack surface which can enable some of the most damaging crimes, like when SIM swaps are used to take over personal bank accounts.

FICO’s advice: CSP fraud teams will benefit from better defensive tools in the battle against frauds the IoT can enable. Given the scale, complexity, and interconnectedness across operators inherent to the IoT, machine learning, AI, automation, and third-party data insights are crucial to modern FMS practices in this evolving and extremely vulnerable environment.

4. Fraud management roles expand, exposing siloed data and processes to fraud

Back-office inefficiency and siloed systems are contributing to rising fraud losses.  Sales and marketing, credit risk, fraud, and collections are frequently operating different systems. Each collects valuable information, but the data is rarely shared across departments. This creates two problems for fraud teams:  they may make improperly informed fraud decisions and they may create experiential friction by prodding customers for duplicate information another group in the organization has collected already.

Fraud teams are also taking on a wider range of responsibilities. CFCA reports 39% of fraud teams are taking on customer service responsibilities while 20 percent are involved in sales and marketing. This changing role for fraud managers makes having limited access to siloed information a barrier to doing an expanding job well.

This siloed thinking can be compounded when the different departments have opposing objectives, as can be the case for sales and fraud management. Salespeople are incentivized to close business while fraud departments work to prevent fraudsters from using the sales process and marketing incentives to steal subscriptions and devices.  Because it is counterproductive to turn salespeople into fraud experts, built-in real-time fraud controls are needed in the sales process to sustain the balance between maximizing sales and minimizing fraud.

FICO’s advice: Though a single platform that can manage all departments and provide a single customer view may seem difficult to attain, it is time to make a start. A rip and replace approach to current systems is not likely to be feasible, but these disparate systems can be brought together. Service providers can deploy the FICO Platform to manage multiple use cases, including fraud. FICO Platform enables unparalleled data access, import, format, and deployment capabilities to apply the right data to each decision, even when that data resides in disparate systems. Over time, the FICO Platform capabilities used to address fraud can be expanded to manage more use cases, like originations and the customer lifecycle.

5. Streaming opens a new fraud vector. CSPs worldwide have pursued the ability to offer multi-play services for the better part of a decade as they have transitioned their businesses to focus on broadband and content rather than communications alone. But as the content market has moved, so have the consumption models, which means streaming is now taking over as customers’ preferred way to access video content. Major streaming services – Netflix in particular – have often done little to prevent customers from violating their user agreements by sharing their passwords with non-subscribers. So long as the streaming brand is in customer acquisition and brand-building mode, this method of guerilla marketing made sense. As these markets mature, however, and begin to reach saturation, revenue assurance comes into focus and therefore so does subscription fraud. Suddenly, being lenient about password sharing can become a barrier to revenue growth, which in turn has negative impacts on stock prices and valuations when streamers miss their subscriber addition targets.

FICO Advice: CFCA reports that 90% of those surveyed spend less than 5 hours per week adjusting fraud rules and thresholds. While this can be seen as a sign of stability, it is also the case that new types of fraud can be fast moving and can take on entirely different profiles than traditional fraud – password sharing being just such an example. Expanding the ability to monitor for fraudulent or abusive usage, if not data sharing with other CSPs to identify patterns and repeat offenders, and to analyze those new data sets rapidly is becoming table stakes in the ongoing battles against fraud and for subscribers who want streaming in their CSP broadband and entertainment mix.

Reference = CFCA Fraud Loss Survey – https://cfca.org/fraudloss-survey/