[ 19.03.2018 ]
On a global scale, the telecom industry is being driven by a dramatic growth in the number of connected devices. Market researchers expect the number of connected devices to almost double from today’s 15 billion to more than 28 billion by 2020.
While video identification is becoming a secure and comfortable approach to enable mobile network operators (MNOs) to offer online mobile contracts with ID verification, 2018 is widely expected to be a breakthrough year for biometrics, whereby body measurements such as finger prints, iris or retina recognition are starting to be used as a customary form of authentication.
While the Mission: Impossible movies have been showcasing this technology for decades, it is finally moving beyond science fiction and becoming part of our daily lives. Major moves are being made across financial, consumer tech and automotive industries, to name a few, to get this technology into the hands of consumers. For example, the auto industry’s adoption of biometrics is expected to grow 38% during 2016-2025. While the benefits have been highly touted – 80% of consumers recently polled(*) see biometric authentication as more secure than passwords – biometrics shouldn’t be seen by CSPs as the silver bullet for protecting their networks.
Identity and Access Management (IAM) and security leaders must ensure that, in addition to biometrics, one or more additional methods are implemented to provide a second layer of security. At the same time, it is especially important to provide a balance between Security and User Experience to maintain consumer confidence and promote the growth of connected services.
In today’s mobile-centric world, the use of mobile phones as a token for subscriber identification has become standard practice for most people. However, SIM swap fraud, where scammers cancel and re-activate new SIM cards to hack services such as bank accounts, has been on the rise.
Currently SIM swap fraud is quite difficult to detect. Since it is a fairly new type of scam - telcos and banks are still trying to find effective ways of identifying when a customer’s mobile number has been fraudulently swapped and ported onto a new device. With fraudsters continuing to exploit this weakness, better authentication processes are now vital to be put into place.
The rise of embedded SIMs (eSIMS) is one development that CSPs can use to provide another layer of protection. Instead of storing user authentication details on physical SIM chips, which can be swapped out and put into other devices to avoid detection, each eSIM is embedded into the handset, along with its user’s unique biometrics and security passcodes. This way, each phone is only able to be accessed by the owner. In addition, CSPs also have more control over the types of applications that are accessible via the GSMA’s Security Accreditation Scheme (SAS), which enables CSPs to prevent malicious apps being downloaded onto a handset. However, with so many stakeholders involved (MNO, subscription manager and eUICC manufacturer), it may be difficult to quickly identify and fix the root cause of fraudulent activity, because it can occur at so quickly and at so many various levels.
This is where an integrated approach to security and fraud management is required, so that information can be constantly monitored across an organization, watching for unusual trends and identifying fraud before it happens. That way, when security is breached, the fraud management system will be able to follow its path and identify patterns that reveal hidden relationships and suspicious movements, and minimize any potential damage.
In this environment, CSPs need to go beyond traditional rule-based fraud detection. Rule-based detection is effective for identifying simple, recognized patterns, such as validating black lists of fraudsters. But in today’s high-stakes environment, we need to take it up a notch. Artificial intelligence is required in order to create actionable insights in this age of big data. Machine learning technologies can quickly identify abnormal patterns and correlations from disparate data sources, making fraud detection faster and more efficient. In addition, machine learning algorithms can also be used to target more complex risks, including those which haven’t even been identified. This will enable CSPs to rapidly spot and react to different threats as they arise.
While the advancement of technologies such as biometrics are an exciting development for cyber security, they cannot be used in isolation as a panacea for protecting networks. CSPs must take a multi-prong approach that encompasses multi-factor authentication, eSIMs, and the use of AI-powered fraud detection systems.
For more information on how to upgrade your fraud detection capabilities, check out our Subscription Fraud solution.
Let me know your thoughts and please feel free to Contact Us should you have any questions.