5 Reasons why telcos should leverage real-time signaling traffic to combat fraud
Telcos are losing millions of dollars every year to fraud. Off late, we have seen that fraudsters have become smarter, and their tactics aided by smarter technologies have become more sophisticated. Further, with digital services entering the new mix of offerings, traditional tactics no longer meet the need to thwart these new types of threats. The growing complexity in the digital services ecosystem demands a future-proof approach to secure the networks and prevent revenue losses.
Underpinning the telco network is the signaling infrastructure. By monitoring the traffic on this infrastructure, telcos can leverage the first principle methodology to address new digital fraud.
Traditional fraud management (FM) systems, are post facto, detecting fraud after they have occurred. To detect and lower fraud, these FM systems rely on transaction records such as CDRs, payment vouchers, provisioning details, etc., which are generated post the transaction, and therefore they can never get ahead of the fraud. FMS will continue to have utility in addressing frauds like subscription, handset, Simbox, and so on, that are not necessarily technical by nature but are more dependent on subscriber or subscription behavioral analysis. By monitoring signaling traffic, signaling based fraud management systems can detect attacks in near real-time and stop them as they occur.
A lot of the new services that are being rolled out by the telcos do not necessarily follow the transaction record principle, services such as IPTV, IoT and those that are being rolled out on 5G, involve a plethora of technologies and multiple third-party players. While each of these services may be inherently secure, they typically tend to have vulnerabilities at the seams or integration points. The new types of fraud attacks on these services exploit such vulnerabilities. By monitoring the signaling layer, fraud teams essentially create a safety net that can monitor across traditional offerings, new services, and anything in the future, thus greatly expanding the fraud team’s coverage from voice, messaging, and data.
Signaling traffic provides a rich and deterministic feature set that can be leveraged to detect zero-days or unknown unknowns. As telcos roll out new and innovative services, attackers will likely find new ways to exploit them despite all the diligence and security procedures followed. Every day new vulnerabilities are being discovered on commonly used software packages and libraries. Such vulnerabilities are coveted and sold clandestinely before they are made public with their rootkits (software packages that automatically exploit them). When the rootkits exploit such vulnerabilities, they invariably do something anonymous that can be picked up at signaling layers by the right machine learning algorithms.
Security and fraud are an afterthought while telcos launch new digital products as the focus is initially on product functionality. This makes new digital services highly susceptible to attacks and breaches. Very often, the priority is to push the service quickly to the market, and in such situations, thorough security assessments are not possible and very possibly leaving them with open vulnerabilities that are often exploited very quickly by fraudsters. It is crucial that new digital services are put through vulnerability assessments and scenario planning so that obvious holes are plugged, and then continuous monitoring is put in place to detect any new threats to ensure profitability and prevent revenue leakages from fraud.
As fraudsters evolve their attacks and tools, it becomes the prerogative of the fraud detection team to stay abreast and quickly evolve their detection and mitigation techniques; this is becoming extremely difficult using the traditional data sets that an FMS uses. The first principle methodology of reaching into the most basic of network traffic, namely signaling, gives the team the ability to build complex detection methodologies to identify and mitigate complex fraud. For example, one of our customers, a telco based in Europe was able to identify a marker in refiling fraud scenarios, this marker was available only at the signaling level and was not carried over in transaction records (CDRs). By using that marker, they have had substantial success in preventing refiling fraud, a big source of revenue leakage for them.
Originally published at https://www.subex.com on June 2, 2020.