Blog

Unfolding Telecom Frauds through Effective KYC Compliance

Richard Marley
August 26, 2021
6 minutes read
723

The growing adoption of smartphones has naturally spurred sharing of personal data. From providing information on the phone to open a bank account, to placing food orders, most everyday tasks can now be completed from the comfort of your home. While the telecom industry has made room for remote processes, it has also expedited the growth of identity fraud and financial scams.

A simple vulnerability in the mobile network can make smartphone users and telecom operators susceptible to a wide array of attacks, including identity fraud, payment scams, account takeover, and more. As per the Communications Fraud Control Association (CFCA) survey conducted every two years, approximately 1.86% of global telecom revenues could be lost to fraud by the end of 2021. To bring down these numbers in the upcoming years, the implementation of KYC (Know Your Customer) measures in the telecom industry has become more crucial than ever. But before we get to that, let’s take a closer look at the types and lifecycle of telecom fraud.

What are the Top Telecom Frauds?

Telecom fraud, (or telecommunication fraud) refers to the abuse of telecommunications services in order to illegally acquire sensitive information (such as identity card number or bank account details) from either a service provider or its customers. Examples of common telecom fraud include phishing, smishing, SIM swap fraud, and International Revenue Sharing Fraud.

The Current Threat Scenario

Telecom frauds have significantly increased within the last 5 years. In 2017, the total sum of money lost from scam calls amounted to USD 9.5 billion. By 2020, this value grew to USD 19.7 billion. The war against fraudsters within this sector seems to be never-ending, and in the coming years, risk awareness and investment in automated digital identity verification solutions will be as crucial as ever.

Vishing and Smishing Attacks

As unreal as the words may sound, they are collectively a major threat to the telecom industry. The word “vishing” is a play on the words “voice” and “phishing”. Metaphorically, a scammer “fishes” for the victim and lures them into revealing sensitive data through their “voice”. A vishing attack is usually carried out by making a call to the victim and impersonating an authority, such as a bank official. Next, the victim is asked to provide their Social Security Number (SSN), name, address, and other confidential information to prove their identity. Once this information has been stolen, the criminal can sell it on the dark web or use it to commit other financial frauds.

On the other hand, a smishing attack is conducted through an SMS. A smishing text, for example, attempts to lure a victim into revealing personal information via a link that leads to a phishing website. In 2020, the FBI’s Internet Crime Complaint Center reported over 240,000 victims of phishing, smishing, vishing attacks, causing losses worth USD 54 million.

In the next section, we will be looking at a step-by-step scenario of how a single data breach in the telecom sector can lead to disastrous consequences.

Stage 1 – Data Breach

Just when you think the fraud scenario cannot get any worse, bigger news emerges. On Friday 20th of August, a mega-scale hack affected 7.8 million T-Mobile users and 40 million customers that applied for credit. The data breach targeted T-Mobile’s system vulnerabilities and caused the exposure of sensitive information such as social security numbers, driving licences, phone numbers, addresses, and account PINs. Consequently, approximately 50 million affected users of T-Mobile have been exposed to a greater threat – SIM Swap Fraud.

Stage 2 – SIM Swap Fraud

Once a scammer gains access to another person’s password, they can easily ask the telecom company to have the SIM card linked to the phone number changed to a new SIM card and device. As a result, they can take over the victim’s phone in minutes. This is known as a SIM swap fraud. SIM hijacking further allows the criminal to take over your online accounts by gaining access to any two-factor authentication code that is received through text messages.

Unless the telecom provider implements effective KYC procedures to verify the identity of every customer prior to providing services, it can lead to an irrecoverable loss of data and even identity theft. What makes the situation more alarming is that in 2020, SIM swap criminals stole more than USD 100 million in the USA. According to Action Fraud, the UK’s reporting centre for fraud and cybercrime, SIM swap fraud reports nearly doubled in the UK compared to 2019.

Stage 3 – Identity Theft

This brings us to the final, and perhaps the most disastrous, stage. Without proper ID verification checks, the stolen information can be used by criminals to commit identity fraud. An identity thief can potentially ruin the victim’s credit history, disqualify them from receiving loans and state benefits, drain their bank accounts, delay their tax refund, or even get them wrongfully arrested. However, telecom companies can easily detect identity thieves through KYC compliance. With KYC verification in place, the identity of each customer is authenticated during the initial stage of account opening. Additionally, biometric facial authentication can also be utilized for KYC verification, making it impossible for identity thieves to impersonate the victim.

Download Report: Global Identity Fraud Report 2020

IDV is the Way Forward

The role played by KYC verification in the telecommunication industry is exceptionally crucial. It allows a company to keep fraud at bay through the verification and authentication of ID documents that customers provide. An efficient ID verification system helps a telecom firm ensure that the customer is actually who they say they are, not an imposter in possession of stolen data Besides this, AI-powered ID verification solutions enable telecom operators to measure the risk associated with customers through various identity checks, such as in the case of facial verification that utilizes 3-D liveness detection and anti-spoof technology.

Need to learn more about KYC for your telecom firm? Talk to our experts!

Contact us

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
FinCEN and FDIC to Test the Effectiveness of Digital ID Verification Tools
What are the Top Telecom Frauds?
The Current Threat Scenario
Vishing and Smishing Attacks
Stage 1 – Data Breach
Stage 2 – SIM Swap Fraud
Stage 3 – Identity Theft
IDV is the Way Forward
Two federal regulators – the FinCEN and FDIC have called for a ‘tech sprint’ to assess the effectiveness of digital identity verification tools.

Considering the challenges faced by the financial services industry including the proliferation of online scams, data breaches, and synthetic identity frauds, the two federal regulators are gearing up for a ‘tech sprint’.

The Financial Crimes Enforcement Network (FinCEN) and the Federal Deposit Insurance Corporation (FDIC) have joined hands to hold the tech sprint aimed at analyzing the effectiveness of digital identity verification systems.

In the announcement published on Wednesday, 12 January, digital identity verification was referred to as the process of collecting, validating, and verifying information about an individual. This information is usually used by financial institutions to get proof of identity when customers attempt to gain access to online services.

With the financial services sector increasingly shifting to online platforms, scammers and fraudsters are inventing new techniques to commit financial crimes.

According to the two federal regulators FinCEN and FDIC, data breaches and hacks involving personally identifiable information (PII), as well as the increasing “synthetic identities” (a type of scam where someone creates a new identity from a combination of real and fake information) have made it increasingly difficult to establish real identities.

Although the tech sprint doesn’t have a specific start date, it is said that it will require participants to come up with a “scalable, cost-efficient, risk-based solution to measure the effectiveness of digital identity proofing to ensure that individuals who remotely (i.e., not in person) present themselves for financial activities are who they claim to be.”

Both the FDIC and FinCEN have a common goal of increasing security in the online financial services industry by reducing identity theft and fraud and combatting money laundering/terrorism financing. The regulators aim to restore customer confidence in the financial sector.

Suggested read: FinCEN and OCC Fine Texas Bank $9 Million for BSA-AML Violations

Unfolding Telecom Frauds through Effective KYC Compliance

What are the Top Telecom Frauds?

The Current Threat Scenario

Vishing and Smishing Attacks

Stage 1 – Data Breach

Stage 2 – SIM Swap Fraud

Stage 3 – Identity Theft

IDV is the Way Forward

COVID-19 and Online Marketplace: 2022 Expectations

#1 Social Commerce

#2 Technology to Become Even More Prevalent

#3 Brands expanding through D2C

#4 Live Stream Shopping

#5 More Tools for Brands

European Regulation for Online Marketplace

EU Payment Services Directive (PSD2)

Electronic Commerce (EC Directive) Regulations

How Shufti Pro Helps

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.