<img height="1" width="1" alt="" style="display:none" src="https://www.facebook.com/tr?id=168897526784320&amp;ev=PixelInitialized">

Subscribe to Email Updates

When we think of telecom risk, we tend to think of external factors. The same is of course true for fraud. If you were to think about the people taking advantage of your network vulnerabilities, you would probably imagine a group of people with a SIM box in a room very far away from your corporate head office. Given how easy it to actually buy a SIM box online, or even at telecom events, this is not exactly the worst thing to be thinking.

However, for some operators this can become almost the only concern they focus on. Perhaps because it is quite easy to detect these problems in near-real time and take mitigation actions with modern fraud management systems, most fraud teams can point to quick and continuing telecom fraud events as points of success.

In contrast to the quick and dynamic face of external threats is the problem posed internally by telecom employees and partners. This is a devastating kind of fraud that is harder to detect which is why it can take up to 18 months to resolve – a hugely costly window of opportunity for smaller operators. WeDo Technologies know the costs of internal fraud threats for a wide range of issues including mobile money and incentives management. So assuming you have a few bad employees in your organisation, what is the worst that can happen?

Prepaid fraud

Depending on the region you operate in, the impact of this can vary from hugely damaging to “just” quite damaging. While in the US only 30% of subscribers are pre-paid, this number rises to 90% in some parts of the world. Yet this is an area that is commonly driven from internal fraud in the sense that the people enabling it are very closely connected to the organisation. Between call-centre employees handling top-ups, departments with access to sensitive data like credit card info, people involved in top-up card design and distribution, and vendors responsible for selling them, there are a huge number of vectors for people to commit this kind of fraud. We estimate this to cost operators about $1 billion annually, but the real problem is that prepaid fraud can act as a portal to other more costly kinds of fraud. Let’s think about two common scenarios here.

High Usage

Imagine that an internal source is supplying pre-paid credit to people who aren’t paying for it. At a low level, we can consider this pre-paid fraud in the sense that they are receiving access to a network through illegitimate means. But what happens when a fraudster takes this action to a completely different level of use? This is when we start moving into the realms of high usage fraud. Responsible for about $1.6 billion in losses each year for operators, this kind of fraud is accelerated by the pre-paid fraud. By intensely using a network’s services without a need to pay, the operator incurs huge losses.

Roaming fraud

Roaming fraud is the biggest source of loss for operators, with costs estimated to be in excess of $15.6 billion annually. But how much of this can be traced back to an internal fraudster? In the case of pre-paid fraud, the story is quite simple. An employee manipulates the recharge data of the pre-paid phone of a third party. This person then travels to a visitor network either as part of an organised attempt to commit roaming fraud, or simply because they need a holiday. The result though is that without being personally responsible for the costs incurred in their roaming activities, the operator is the one who ultimately needs to pick up the tab.

Subscription fraud

We’ve already seen how prepaid fraud can be enabled by internal sources, and from there it is can easily lead to high usage or roaming fraud. But subscription fraud is also another area that should be of concern. 47% of WeDo Technologies’ clients say that subscription fraud is their main priority for 2019, which shouldn’t be a surprise. Currently $4 billion is lost to subscription fraud, but as OTT services and mobile money services become more prevalent, this number can soar.

Although we typically think of fraudsters in this space using phishing techniques to get info from direct from unsuspecting subscribers, in many cases the problem originates internally. Anyone with access to subscriber details can pass on info to fraudsters. Anyone who authorizes subscriptions can give access to fraudsters. Anyone approving SIM swaps can enable fraudster account takeovers. From a criminal organisation’s point of view, life is a lot easier with someone on the inside.


As with prepaid fraud once again, subscription fraud is just one part of the puzzle. In the case of IRSF, the costs of not managing this situation can rapidly spiral. IRSF works on the premise that traffic can be pumped to premium rate numbers, meaning the owners receive an artificially inflated cut of the revenues. When you add subscription fraud into the mix, the damage to the operators increases further. By accepting fake subscriptions, the operator will take on the full share of the costs as it’s unlikely these fake accounts will have the means to pay. Even more costly would be the consequences of account takeover. Most subscribers don’t know their accounts have been compromised until they receive the bill, which means at the first instance you’re dealing with a huge customer confidence and brand reputation issue. Secondly, you have the costs of the actual fraud itself (assuming you feel an obligation to pay). Thirdly, you have the costs of reconfiguring and re-on boarding the affected accounts.

Bypass fraud

Worth over $4 billion per year, bypass fraud relies on manipulating call records to avoid certain fees and charges. This kind of fraud can be turbo charged by subscription fraud in the sense that it makes ownership and address of SIMs and devices much harder to track. Further causing complications is that because of the high churn rate among telecom operators, there are many tariffs which deliver lower revenues to operators that interconnect rate they make from international operators. With an inside person on their side, it makes it very easy for subscription fraudsters to exploit this as their first step in setting up a sophisticated bypass fraud scam

So what does it all mean?

There are two essential things you need to take away from this:

- Internal fraud is a very real threat! External fraud will always be your priority, but never under-estimate how much rogue employees can hurt your business.

- No fraud happens on its own. Regardless of whether it is internal or external in nature, the web of fraud makes it very easy (and damaging) makes it very easy to jump from pre-paid fraud to roaming fraud. Or subscription fraud to IRSF.

The (Almost) Real Adventures of a Fraud Management Department

George Woodworth

RAID.Cloud Global Business Manager