Over the past few years, analyst research has projected exponential growth in data, video, IoT devices and network connections - with the year 2020 being the key marker of adoption and growth. As the clock counts down, Bernardo Lucas, CMO of WeDo Technologies, outlines the top fraud risks as the Gigabit Era gets ready to bite.
#1: IoT devices to surpass 20 Billion by 2020
Gartner estimates the number of connected devices will reach 20.4 billion by 2020. The IoT is a treasure trove for cybercriminals, providing billions of vulnerable devices, a huge attack surface, no regulation and vast quantities of personal data. Cybercriminals and fraudsters are now all too aware of what they can potentially gain from the IoT - and the market is being flooded with new ‘hackable’ devices every day. Can you imagine a CCTV camera or a refrigerator making calls to premium rate number services? Yes, your fridge is low on milk, but instead of communicating with the store, it is making calls to a hotline at $0.60 per minute, allowing fraudsters to collect the money on the other side.
This risk will only increase as more consumer IoT devices hit the market as the responsibility of ensuring the devices are secure is left to users installing updates and applying security patches regularly. Imagine the chaos if just the world’s wearable devices, such as smart watches and electronic fitness trackers,etc - which IDC expects the market to reach 213 million devices by 2020 - were infiltrated simultaneously, providing a very real fraud and security risk to CSPs and consumers alike.
#2: e-SIM adoption to near 1 Billion by 2021
The term "eSIM" simply means embedded SIM card. eSIMs are gaining in popularity and will become standard in many smartphones and even in wirelessly connected IoT devices.
Chief Marketing and Strategy Officer,
IHS Markit estimates that eSIM adoption will rise to 986 million by 2021. While the key benefit of eSIM technology is the ability to remotely provision and activate new services and subscriptions, this also provides a gateway for fraudsters to hack into and commit subscription fraud, International Revenue Share Fraud (IRSF), roaming or traffic pumping fraud via SIM cloning.
While pricey smartphones aren’t exactly considered to be disposable, it is likely that there will be an explosion of eSIM enabled IoT devices that may simply be thrown out after a few months use, without much thought about the risk of fraud. But there might be personal data stored on these eSIMs - putting user information at risk. These devices still pose a risk once they end up in a dumpster or a recycling center if they are not properly ‘disassociated’ from their original owner. Otherwise the previous owner’s identity remains active and can get into the wrong hands. This could lead to the illegal reuse or recalibrating of a device that was previously associated to a person’s identity - leading to avenues for identity theft. And it’s not just identity information that is at risk of being stolen. A hacked IoT device can also provide a gateway to other associated devices and networks.
#3: Identity theft to cost US consumers $20 Billion by 2020
Subscription fraud involves the use of stolen information to open new wireless accounts or take over existing ones. This is done to rack up postpaid minutes with no intent of paying the bill, or to acquire expensive smartphones or other expensive hardware, which is then resold online. Subscription fraud can also be an entry point for other types of fraud or even terrorism. Once a new account is opened it can be used to further fraud by being used for secondary authorizations (PIN code verifications) when opening a credit card under a false identity or hacking into a bank account.
Since 2014 there have been 9 billion identity credentials lost through data breaches. And the Federal Trade Commission (FTC) estimates that identity fraud will cost American consumers more than $20 billion in 2020, and $27.6 billion in 2025. Opening a fraudulent wireless account is easier than you’d think, with names, addresses, credit card info, social security numbers, usernames and passwords - all for sale on the dark web.
While banks and other financial institutions have been dealing with identity theft fraud for years, subscription fraud is a new and growing threat for telecom service providers. As the number of connected devices grows, so will the opportunity for this type of fraud.
#4: 2019 must be the year for action
As you can see, by 2020 communications service providers will be vastly outnumbered by the billions of fraud risks that are about to hit their networks. In the IoT world, finding ways to reduce telecom fraud in the gigabit age and prevent these attacks is critical. Fraud management systems must work seamlessly with security protection to constantly monitor information across an organization, watch for unusual trends and identify fraud before it happens. This way, when a security layer is breached, the fraud management system will be able to identify the threat and minimize any potential damage. It takes two layers, Security and Fraud Management, working hand in hand to prevent fraud in the gigabit era.
Advancements in machine learning, artificial intelligence and automation will help pave the way, and are critical to ensure a CSP’s fraud management team is equipped in the event of a security breach. Service providers need to be able to follow a path and identify patterns that reveal hidden relationships and suspicious movements to minimize any potential damage and for that they cannot rely solely on traditional rule-based systems. CSPs must use 2019 as the year that they not only assess but improve their fraud management systems so that they are ready for the volume, velocity and variety of fraud risks that will be associated with the rise of the Internet of Things.