Blog

Unfolding Telecom Frauds through Effective KYC Compliance

Richard Marley
August 26, 2021
6 minutes read
723

The growing adoption of smartphones has naturally spurred sharing of personal data. From providing information on the phone to open a bank account, to placing food orders, most everyday tasks can now be completed from the comfort of your home. While the telecom industry has made room for remote processes, it has also expedited the growth of identity fraud and financial scams.

A simple vulnerability in the mobile network can make smartphone users and telecom operators susceptible to a wide array of attacks, including identity fraud, payment scams, account takeover, and more. As per the Communications Fraud Control Association (CFCA) survey conducted every two years, approximately 1.86% of global telecom revenues could be lost to fraud by the end of 2021. To bring down these numbers in the upcoming years, the implementation of KYC (Know Your Customer) measures in the telecom industry has become more crucial than ever. But before we get to that, let’s take a closer look at the types and lifecycle of telecom fraud.

What are the Top Telecom Frauds?

Telecom fraud, (or telecommunication fraud) refers to the abuse of telecommunications services in order to illegally acquire sensitive information (such as identity card number or bank account details) from either a service provider or its customers. Examples of common telecom fraud include phishing, smishing, SIM swap fraud, and International Revenue Sharing Fraud.

The Current Threat Scenario

Telecom frauds have significantly increased within the last 5 years. In 2017, the total sum of money lost from scam calls amounted to USD 9.5 billion. By 2020, this value grew to USD 19.7 billion. The war against fraudsters within this sector seems to be never-ending, and in the coming years, risk awareness and investment in automated digital identity verification solutions will be as crucial as ever.

Vishing and Smishing Attacks

As unreal as the words may sound, they are collectively a major threat to the telecom industry. The word “vishing” is a play on the words “voice” and “phishing”. Metaphorically, a scammer “fishes” for the victim and lures them into revealing sensitive data through their “voice”. A vishing attack is usually carried out by making a call to the victim and impersonating an authority, such as a bank official. Next, the victim is asked to provide their Social Security Number (SSN), name, address, and other confidential information to prove their identity. Once this information has been stolen, the criminal can sell it on the dark web or use it to commit other financial frauds.

On the other hand, a smishing attack is conducted through an SMS. A smishing text, for example, attempts to lure a victim into revealing personal information via a link that leads to a phishing website. In 2020, the FBI’s Internet Crime Complaint Center reported over 240,000 victims of phishing, smishing, vishing attacks, causing losses worth USD 54 million.

In the next section, we will be looking at a step-by-step scenario of how a single data breach in the telecom sector can lead to disastrous consequences.

Stage 1 – Data Breach

Just when you think the fraud scenario cannot get any worse, bigger news emerges. On Friday 20th of August, a mega-scale hack affected 7.8 million T-Mobile users and 40 million customers that applied for credit. The data breach targeted T-Mobile’s system vulnerabilities and caused the exposure of sensitive information such as social security numbers, driving licences, phone numbers, addresses, and account PINs. Consequently, approximately 50 million affected users of T-Mobile have been exposed to a greater threat – SIM Swap Fraud.

Stage 2 – SIM Swap Fraud

Once a scammer gains access to another person’s password, they can easily ask the telecom company to have the SIM card linked to the phone number changed to a new SIM card and device. As a result, they can take over the victim’s phone in minutes. This is known as a SIM swap fraud. SIM hijacking further allows the criminal to take over your online accounts by gaining access to any two-factor authentication code that is received through text messages.

Unless the telecom provider implements effective KYC procedures to verify the identity of every customer prior to providing services, it can lead to an irrecoverable loss of data and even identity theft. What makes the situation more alarming is that in 2020, SIM swap criminals stole more than USD 100 million in the USA. According to Action Fraud, the UK’s reporting centre for fraud and cybercrime, SIM swap fraud reports nearly doubled in the UK compared to 2019.

Stage 3 – Identity Theft

This brings us to the final, and perhaps the most disastrous, stage. Without proper ID verification checks, the stolen information can be used by criminals to commit identity fraud. An identity thief can potentially ruin the victim’s credit history, disqualify them from receiving loans and state benefits, drain their bank accounts, delay their tax refund, or even get them wrongfully arrested. However, telecom companies can easily detect identity thieves through KYC compliance. With KYC verification in place, the identity of each customer is authenticated during the initial stage of account opening. Additionally, biometric facial authentication can also be utilized for KYC verification, making it impossible for identity thieves to impersonate the victim.

Download Report: Global Identity Fraud Report 2020

IDV is the Way Forward

The role played by KYC verification in the telecommunication industry is exceptionally crucial. It allows a company to keep fraud at bay through the verification and authentication of ID documents that customers provide. An efficient ID verification system helps a telecom firm ensure that the customer is actually who they say they are, not an imposter in possession of stolen data Besides this, AI-powered ID verification solutions enable telecom operators to measure the risk associated with customers through various identity checks, such as in the case of facial verification that utilizes 3-D liveness detection and anti-spoof technology.

Need to learn more about KYC for your telecom firm? Talk to our experts!

Contact us

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
Danish Gambling Operator Reports Tipwin to the Police for AML Failings
The Current Threat Scenario
Vishing and Smishing Attacks
Stage 1 – Data Breach
Stage 2 – SIM Swap Fraud
Stage 3 – Identity Theft
IDV is the Way Forward
Then danish gambling operator Spillemyndigheden has reported Tipwin to the police for violating the Danish Money Laundering act

According to the sources, Spillemyndigheden, the government office based in Odense, Denmark, has reported to the police that the business has failed to create risk assessments of retail bets with a lack of written policies on its retail offerings.

It is also worth mentioning that the operator also lacks complete business procedures and controls for the offerings based on land or in regards to money laundering until 25 May 2022.

In the official statement of the regulator to the police, it stated all the shortcomings of Tipwin in compliance with the anti-money laundering standards. It stated: “Spillemyndigheden notes that the rules on risk assessment, policies and business procedures are absolutely fundamental in the Money Laundering Act. By failing to prepare a risk assessment, Tipwin has not had a useful tool that has provided an overview and understanding of where and to what extent Tipwin is exposed to money laundering or terrorist financing, and what measures are in place are necessary to mitigate the risks involved.”

This clearly states that the german based gambling operator, Tipwin is exposed to the illicit crimes of money laundering and terrorist financing and has failed to comply with the AML regulations. The Danish regulator also focused on the lack of preparation from the operator on assessments of risks which are fundamental components of the anti-money laundering act.

Spillemyndigheden also added: “Preparing a risk assessment of the company’s business model is a very fundamental means of limiting the risk of money laundering. Tipwin has thus also not had policies and operational procedures that stem from the risk assessment. By failing to prepare a risk assessment, the Gambling Authority has therefore handed over the case to the police investigation.”

The authority also launched an injunction on the breach of rules and procedures in regard to the online casino and betting operations. With the main emphasis on money laundering, the regulator released a statement last month which reminded businesses in the industry of the obligations. It mentioned the regulations most firms are complied with, which are in order to prohibit the financial interactions with individuals, groups, legal bodies or countries.

In addition, Spillemyndigheden issued a 3 months deadline to Tipwin to sort out the situation.

Suggested Read: Danish Gaming Regulator Sanctions Unibet Over AML Violations

Unfolding Telecom Frauds through Effective KYC Compliance

What are the Top Telecom Frauds?

The Current Threat Scenario

Vishing and Smishing Attacks

Stage 1 – Data Breach

Stage 2 – SIM Swap Fraud

Stage 3 – Identity Theft

IDV is the Way Forward

Crown and Star Casinos – A Stain on Australia’s Reputation

Australia’s Anti-Money Laundering Regime

How Casinos and Businesses Can Secure their Operations

What Shufti Pro Offers

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.