Unfolding Telecom Frauds through Effective KYC Compliance

  • Richard Marley
  • August 26, 2021
  • 6 minutes read
  • 723

The growing adoption of smartphones has naturally spurred sharing of personal data. From providing information on the phone to open a bank account, to placing food orders, most everyday tasks can now be completed from the comfort of your home. While the telecom industry has made room for remote processes, it has also expedited the growth of identity fraud and financial scams. 

A simple vulnerability in the mobile network can make smartphone users and telecom operators susceptible to a wide array of attacks, including identity fraud, payment scams, account takeover, and more. As per the Communications Fraud Control Association (CFCA) survey conducted every two years, approximately 1.86% of global telecom revenues could be lost to fraud by the end of 2021. To bring down these numbers in the upcoming years, the implementation of KYC (Know Your Customer) measures in the telecom industry has become more crucial than ever. But before we get to that, let’s take a closer look at the types and lifecycle of telecom fraud.

The Current Threat Scenario 

Telecom frauds have significantly increased within the last 5 years. In 2017, the total sum of money lost from scam calls amounted to USD 9.5 billion. By 2020, this value grew to USD 19.7 billion. The war against fraudsters within this sector seems to be never-ending, and in the coming years, risk awareness and investment in automated digital identity verification solutions will be as crucial as ever.


Vishing and Smishing Attacks

As unreal as the words may sound, they are collectively a major threat to the telecom industry. The word “vishing” is a play on the words “voice” and “phishing”. Metaphorically, a scammer “fishes” for the victim and lures them into revealing sensitive data through their “voice”. A vishing attack is usually carried out by making a call to the victim and impersonating an authority, such as a bank official. Next, the victim is asked to provide their Social Security Number (SSN), name, address, and other confidential information to prove their identity. Once this information has been stolen, the criminal can sell it on the dark web or use it to commit other financial frauds. 

On the other hand, a smishing attack is conducted through an SMS. A smishing text, for example, attempts to lure a victim into revealing personal information via a link that leads to a phishing website. In 2020, the FBI’s Internet Crime Complaint Center reported over 240,000 victims of phishing, smishing, vishing attacks, causing losses worth USD 54 million. 

Suggested Read: SMS Phishing Scams are Impersonating State Agencies – FTC Warns

In the next section, we will be looking at a step-by-step scenario of how a single data breach in the telecom sector can lead to disastrous consequences.

Stage 1 – Data Breach

Just when you think the fraud scenario cannot get any worse, bigger news emerges. On Friday 20th of August, a mega-scale hack affected 7.8 million T-Mobile users and 40 million customers that applied for credit. The data breach targeted T-Mobile’s system vulnerabilities and caused the exposure of sensitive information such as social security numbers, driving licences, phone numbers, addresses, and account PINs. Consequently, approximately 50 million affected users of T-Mobile have been exposed to a greater threat – SIM Swap Fraud

Stage 2 – SIM Swap Fraud

Once a scammer gains access to another person’s password, they can easily ask the telecom company to have the SIM card linked to the phone number changed to a new SIM card and device. As a result, they can take over the victim’s phone in minutes. This is known as a SIM swap fraud. SIM hijacking further allows the criminal to take over your online accounts by gaining access to any two-factor authentication code that is received through text messages. 

Unless the telecom provider implements effective KYC procedures to verify the identity of every customer prior to providing services, it can lead to an irrecoverable loss of data and even identity theft. What makes the situation more alarming is that in 2020, SIM swap criminals stole more than USD 100 million in the USA. According to Action Fraud, the UK’s reporting centre for fraud and cybercrime, SIM swap fraud reports nearly doubled in the UK compared to 2019. 

Suggested Read: US Officials allege student defrauded Apple as part of SIM swap attack

Stage 3 – Identity Theft

This brings us to the final, and perhaps the most disastrous, stage. Without proper ID verification checks, the stolen information can be used by criminals to commit identity fraud. An identity thief can potentially ruin the victim’s credit history, disqualify them from receiving loans and state benefits, drain their bank accounts, delay their tax refund, or even get them wrongfully arrested. However, telecom companies can easily detect identity thieves through KYC compliance. With KYC verification in place, the identity of each customer is authenticated during the initial stage of account opening. Additionally, biometric facial authentication can also be utilized for KYC verification, making it impossible for identity thieves to impersonate the victim. 

Download Report: Global Identity Fraud Report 2020

IDV is the Way Forward

The role played by KYC verification in the telecommunication industry is exceptionally crucial. It allows a company to keep fraud at bay through the verification and authentication of ID documents that customers provide. An efficient ID verification system helps a telecom firm ensure that the customer is actually who they say they are, not an imposter in possession of stolen data Besides this, AI-powered ID verification solutions enable telecom operators to measure the risk associated with customers through various identity checks, such as in the case of facial verification that utilizes 3-D liveness detection and anti-spoof technology. 

Need to learn more about KYC for your telecom firm? Talk to our experts!