2017 global fraud loss survey - itweb...2017 survey on average, fraud departments reported 10% fewer...
TRANSCRIPT
2017 Global Fraud Loss Survey
Agenda Survey Type and Methodology
Review of Results Fraud Management
Organizational Snapshots
Work Loads
False Positive Rates
Fraud Trends
Top Fraud Methods and Types
Emerging Fraud Methods and Types
Where Is It Coming From?
2017 Global Fraud Loss Estimate
Executive Summary
Appendix 2017 Fraud Loss Estimate Details by Method, Type, CSP Size & Region
Fraud Method and Type Definitions
2
Survey Type & Methodology
Panel of Experts Survey: Surveys taken from fraud and security experts working within
the industry who are directly involved in identifying and
stopping communications fraud
Responses were received from:
Communications Service Providers (CSPs) located throughout the
industry and around the globe
Both Small (<1K employees) and Large (100K+) CSPs
Wireless, wireline, broadband, and narrowband CSPs
Voice, data, financial services, content distribution and Internet of Things
(IoT) service providers
3
2017 CFCA Survey Results
4
2017 Survey
In which region are you located?
Note: Local, Regional, National and International CSPs participated in the survey
5
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
35.0%
Asia SouthPacific
Centraland
SouthAmerica
NorthAmerica
WesternEurope
EasternEurope &
Russia
Africa MiddleEast
8.9%6.3%
12.7%
34.2%
15.2%
8.9%7.6%
6.3%
2017 Survey
6
How many employees are in your company?
<1,00018.75%
1,001 to 5,00029.17%
5,001 to 10,00014.58%
10,001 to 50,00020.83%
50,001 to 100,0008.33%
100,001 +8.33%
2017 Survey
7
How many subscribers does your company have?
<10,0008.70%
10,001 to 1,000,00010.87%
1,000,001 to 10,000,000
32.61%
10,000,001 to 25,000,000
10.87%
25,000,001 to 50,000,000
15.22%
50,000,001 +17.39%
Wholesale Only (no end user subscribers)
4.35%
2017 SurveyWhere is your fraud department situated?
Compared to 2015, Customer Care, Operations and Security each grew by approx. 4%.
Whereas Finance shrank by 10%+ (57% in 2015). Some Fraud departments also reported
moving to Revenue Assurance, Collections, Business Intelligence or Infrastructure orgs.
8
6.98%
46.51%
2.33%
9.30%
9.30%
25.58%
Customer Care
Finance
IT
Operations
Risk Management
Security
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
2017 SurveyWhat functions apply to your current role and
responsibilities?
9
Compared to 2015, 20% less time is being spent investigating fraud and working with law
enforcement. 5% more time is going to detecting fraud and 14% more time is going to
Customer Care, Billing and Revenue Assurance functions.
0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0%
Systems Administrator
Fraud Investigation
Sales/Marketing
Operations
Security/Physical
End User
Fraud Detection
Customer Service
Finance/Billing/Revenue Assurance
Legal/Regulatory
Security/Network
Law Enforcement
Vendor/Consultant
Internal Fraud Investigation
10.2%
81.6%
8.2%
20.4%
8.2%
2.0%
89.8%
18.4%
36.7%
14.3%
16.3%
12.2%
2.0%
38.8%
2017 SurveyHow many are in your Fraud department?
Departments with <3 employees decreased by 8% since 2015. However, organizations with
3 to 20 employees reported a 4% increase in staff. Departments with >21 employees
reported the same staffing levels. 50% reported they outsource some of their job functions.
Note: Some departments reported overlapping responsibilities including R.A., Subpoena
Compliance and Victim Assistance. Some reported as little as one staff member.
10
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Analysts Investigators Administrative &Case Management
Outsourced
< 3 3 to 5 6 to 20 21 to 50 51 +
2017 SurveyHow many are in your Fraud department?
11
# Subscribers
Average #
Employees
Average #
Outsourced
Average Total
Department Size<10,000 5 1 6
10,001 to 1,000,000 6 3 9
1,000,001 to 10,000,000 9 1 10
10,000,001 to 50,000,000 19 2 21
50,000,001+ 67 14 81
Wholesale Only
(no end user subs)6 1 7
2017 Survey
When is your fraud department staffed?
Compared to 2015, Fraud departments are working 30% more extended and non-
business hours–including holidays. Off-hours coverage by other organizations also
remained unchanged in 2017.
12
42%79% 66%
41%47%
32%
23%
58%29%
44%25%
42%
45%
45%
37%53% 44% 55%
23%
11%18% 22% 22% 19%
10% 5% 8% 6% 6% 6%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Holidays Holidays Weekdays Weekdays Weekend Weekend
2015 2017 2015 2017 2015 2017
Off-Hours CoverageProvided by AnotherExternal Organization
Off-Hours CoverageProvided by AnotherOrganization
Non-Business Hours (24Hours)
Extended BusinessHours
Business Hours
2017 SurveyWhere are job functions are outsourced?
Compared to 2015, 8% of outsourced jobs have moved to external
organizations.
13
20.51%
28.21%
5.13%
46.15%
Internally (e.g: NOC,Group Shared ServiceCenter))
Externally (e.g. Vendor)
Other (Please Specify)
None
2017 Survey
New Fraud Department Positions:
• Cyber Security Professional
• Data Scientist
• Internal Fraud Analyst
• Data Visualization SME
• Additional headcount
14
Have you created any new positions or new
job functions within your organization? If so, what?
2017 Survey
Many CSPs reported being a member of more than one organization
15
Are you a member of any other organizations?
CFCA, 28%
GSMA (FF, FASG, SEGP),
32%
FIINA, 14%
ETNO, 3%
ATFRA, 4%
TUFF, 4%
ACFE, 1%
CINNA, 1%NCFTA, 1%
TRMA, 5%
DFF, 3%
ITSFF, 1%RAG, 1%
CCSG, 1%
ATIS, 1%
CFCA Partners
Work Loads
16
2017 Survey
On average, fraud departments reported 10% fewer cases per month since
2015. The majority of cases are reported by North American and Western
European service providers.
17
How many fraud incidents does your department
handle per month?
40.91%
4.55%
27.27%
6.82%
20.45%
< 50
51 to 100
101 to 500
501 to 1,000
1,001 +
2017 Survey
18
# Subscribers
Average Total
Department Size
Average # Incidents
per Month<10,000 6 51 to 100
10,001 to 1,000,000 9 51 to 100
1,000,001 to 10,000,000 10 101 to 500
10,000,001 to 50,000,000 21 501 to1,000
50,000,001+ 81 1001+
Wholesale Only
(no end user subs)6 101 to 500
How many fraud incidents does your department
handle per month?
On average the # incidents per month have decrease by 10%.
However, this masks the fact that the number of attempted fraud has
increased significantly since 2015.
2017 Survey
Overall, 12% more cases are being reported to law
enforcement than in 2015.
19
How many cases does your department refer
to law enforcement per YEAR?
< 10, 48.78%
11 to 100, 31.71%
101 +, 4.88%
None, 14.63%
2017 Survey
In 2017, 7% fewer cases resulted in prosecution—down from 90% in
2015.
20
Of the cases reported to law enforcement, how
many result in a law enforcement action per YEAR?
0
2
4
6
8
10
12
< 1 1 to 5 6 to 10 11 to 100 101 +
# R
esp
on
se
s
# Cases
Investigation Initiated Prosecution
2017 Survey
Some investigations and prosecutions can take more than a year to
complete.
21
Of the cases reported to law enforcement, how many
were related to internal fraud investigations that
resulted in a law enforcement action per YEAR?
< 1 1 to 5 6 to 10 11 to 100 101 + None
0%
5%
10%
15%
20%
25%
30%
35%
40%
Investigation Initiated Prosecution# Cases
% R
esp
on
se
s
2017 Survey
Since 2015, 15% more CSPs report a lack of interest or understanding by law enforcement
and resource constraints. It is difficult to justify the lawyer/court costs involved. As a result
CSPs are focusing their efforts on fraud detection and mitigation.
22
Why do you think cases are not reported to law
enforcement?
0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
11.1%8.3%
11.1%
0.0%
52.8%
11.1%
0.0%
5.6%
0
Debt recovery pursued through civil means
No faith in the judicial system to administerthe right punishment to deter others
No perceived value to the business
Not referred due to lack of evidence
Perceived lack of interest or understandingby law enforcement to take the case
Lack of expertise or resources
Lack of executive support
Inability to show financial loss
False Positive Rates
23
2017 Survey
24
What is your False Positive Rate*?
*False Positive Rate = Number of non-fraud incidents / Number of fraud incidents investigated
Fraud Detection Process
Low False
Positive Rate
High False
Positive Rate
Average False
Positive Rate
Fraud Management System 1% 97% 12.1%
Manual Controls or Reports 1% 95% 5.5%
Other Systems or Processes 1% 60% 1.9%
% False Positive Rate
1 7
13
19
25
31
37
43
49
55
61
67
73
79
85
91
97
FMS
1 7
13
19
25
31
37
43
49
55
61
67
73
79
85
91
97
Manual
1 6 111621263136414651566166717681869196
Other
2017 Survey
What is your False Positive Rate*?
*False Positive Rate = Number of non-fraud incidents / Number of fraud incidents investigated
25
Fraud Detection Process <1,000,0001,000,001 to
10,000,000
10,000,001 to
25,000,000
25,000,001 to
50,000,00050,000,001 +
Wholesale Only (no end
user subscribers)
Fraud Management System 2.4% 3.9% 1.3% 1.8% 2.1% 0.5%
Manual Controls or Reports 1.1% 1.8% 0.6% 0.8% 1.0% 0.2%
Other Systems or Processes 0.4% 0.6% 0.2% 0.3% 0.3% 0.1%
Fraud Detection Process AsiaSouth
Pacific
Central
and South
America
North
America
Western
Europe
Eastern Europe &
RussiaAfrica
Middle
East
Fraud Management System 0.9% 0.4% 1.5% 5.3% 2.0% 0.9% 0.7% 0.4%
Manual Controls or Reports 0.4% 0.2% 0.7% 2.4% 0.9% 0.4% 0.3% 0.2%
Other Systems or Processes 0.1% 0.1% 0.2% 0.8% 0.3% 0.1% 0.1% 0.1%
By Size (#Subs)
By Region
Smaller carriers have higher rates
NA & EU have higher false + rates
2017 Survey
26
How much time do you spend on average working
false-positive cases per week?
Although false positive cases vary by fraud function and type of fraud, approx.
50% of CSPs reported that they did not monitor them nor how much time they
spend on them.
0%
5%
10%
15%
20%
25%
Less than 1Hour
1-2 Hours 2-3 Hours 3-4 Hours 4-5 Hours 5-10 Hours More than10 Hours
% T
ota
l R
esp
on
ses
Fraud Trends
27
2017 Survey
28
Over the past 12 months, do you think GLOBAL
fraud losses have trended up, trended down, or stayed
the same?
Trended UP Stayed the SAME Trended DOWN
0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
70.0%
80.0%
64.3%
7.1%
28.6%
% T
ota
l Re
sp
on
se
s
2005 2008 2011 2013 2015 2017
Compared to 2015, 18% fewer CSPs reported Global fraud had increased or
stayed the same.
2017 Survey
Over the past 12 months, has fraud IN YOUR
COMPANY trended up, trended down, or stayed
the same?
Since 2015, 6% fewer CSPs reported fraud had increased or stayed the same.
29
0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
70.0%
Trended UP Stayed the SAME Trended DOWN
39.5%
27.9%
32.6%
% T
ota
l Re
sp
on
se
s
2006 2009 2011 2013 2015 2017
2017 Survey
30
In 2015, the top five were: PBX Hacking, IP PBX Hacking, Subscription Fraud
(Application), Internal Fraud/Employee Theft, and Subscription Fraud (Identity)
What do you view as the top 5 fraud methods
GLOBALLY? 0.0% 1.0% 2.0% 3.0% 4.0% 5.0% 6.0% 7.0%
Subscription Fraud (Identity)
PBX Hacking
IP PBX Hacking
Subscription Fraud (Application)
Subscription Fraud (Credit Muling/Proxy)
Abuse of Service Terms and Conditions
Account Takeover
Internal Fraud / Employee Theft
Phishing / Pharming
Payment Fraud
% of Total Responses
2017 Survey
31
In 2015, the top five fraud methods were PBX Hacking, IP PBX Hacking,
Subscription Fraud (Application), Dealer Fraud and Subscription Fraud (Identity)
What do you view as the top 5 fraud methods
at YOUR COMPANY?0.0% 1.0% 2.0% 3.0% 4.0% 5.0% 6.0% 7.0%
Subscription Fraud (Identity)
PBX Hacking
IP PBX Hacking
Subscription Fraud (Application)
Subscription Fraud (Credit Muling/Proxy)
Abuse of Service Terms and Conditions
Account Takeover
Internal Fraud / Employee Theft
Phishing / Pharming
Payment Fraud
2017 Survey
32
In 2015, the top five threats were: PBX Hacking, Subscription Fraud (Identity), IP
PBX Hacking, Abuse of Network or Device Weaknesses and Account Take Over.
What do you view as the top 5 EMERGING
fraud methods at YOUR COMPANY?6.0% 6.5% 7.0% 7.5% 8.0% 8.5%
IP PBX Hacking
Phishing / Pharming
Account Takeover
Subscription Fraud (Application)
Subscription Fraud (Credit Muling/Proxy)
2017 Survey
33
0.0% 1.0% 2.0% 3.0% 4.0% 5.0% 6.0% 7.0%
Subscription Fraud (Identity)
PBX Hacking
IP PBX Hacking
Subscription Fraud (Application)
Subscription Fraud (Credit Muling/Proxy)
Abuse of Service Terms and Conditions
Account Takeover
Internal Fraud / Employee Theft
Phishing / Pharming
Payment Fraud
Abuse of network, device or configuration weakness
Spoofing (IP or CLI/ANI)
Dealer Fraud
Social Engineering
Wangiri (Call Back Schemes)
Robocalling
Signalling Manipulation
Brand Name / Logo Abuse
Mobile Malware
Pre-Paid Equipment & Services
SMS Faking or Spoofing
Voicemail Hacking (Not associated with PBX Hacking)
IMEI Reprogramming
Clip-on Fraud
SIM Cloning
Fraud Methods in YOUR COMPANY
2017 SurveyWhat do you view as the top 5 fraud types at
GLOBALLY?
In 2015, the top fraud types were: IRSF, Interconnect Bypass, Premium Rate
Service, DRSF, Arbitrage, Payment Fraud and Device/Hardware Reselling.
34
(In-Network) (Roaming)0% 5% 10% 15% 20%
International RevenueShare Fraud (IRSF)
Interconnect Bypass (e.g.SIM box)
Arbitrage
Premium Rate Service
Commissions Fraud
% of Total Responses
0% 5% 10% 15% 20% 25%
International RevenueShare Fraud (IRSF)
Interconnect Bypass (e.g.SIM box)
Arbitrage
Theft / Stolen Goods
Domestic Revenue Share(DRSF)
% of Total Responses
2017 SurveyWhat do you view as the top 5 fraud types at
YOUR COMPANY?
In 2015, the top fraud types were: IRSF, Interconnect Bypass, Arbitrage, Premium
Rate Service, Device/Hardware Reselling and Theft/Stolen Goods
35
(In-Network) (Roaming)0% 5% 10% 15% 20%
International RevenueShare Fraud (IRSF)
Interconnect Bypass (e.g.SIM box)
Arbitrage
Premium Rate Service
Theft / Stolen Goods
0% 10% 20% 30%
International RevenueShare Fraud (IRSF)
Interconnect Bypass(e.g. SIM box)
Arbitrage
Theft / Stolen Goods
Premium Rate Service
2017 Survey
(In-Network)
In 2011, the top five fraud types were: PBX/VM Fraud, International Revenue
Share Fraud, Bypass Fraud, Arbitrage and Subscription Fraud.
36
(Roaming)
What do you view as the top 5 EMERGING
fraud types at YOUR COMPANY?
0% 5% 10% 15% 20%
International RevenueShare Fraud (IRSF)
Interconnect Bypass(e.g. SIM box)
Premium Rate Service
Domestic RevenueShare (DRSF)
Arbitrage
0% 5% 10% 15% 20% 25%
International RevenueShare Fraud (IRSF)
Arbitrage
Interconnect Bypass (e.g.SIM box)
Theft / Stolen Goods
Domestic Revenue Share(DRSF)
2017 Survey
37
(In-Network) 0% 2% 4% 6% 8% 10% 12% 14% 16%
International Revenue Share Fraud (IRSF)
Interconnect Bypass (e.g. SIM box)
Arbitrage
Premium Rate Service
Theft / Stolen Goods
Commissions Fraud
Device / Hardware Reselling
Wholesale Fraud
Domestic Revenue Share (DRSF)
Denial of Service (DoS) and Distributed Denial of…
Friendly Fraud
Cable or Satellite
Private Use
Service Reselling (e.g: Call Sell)
Theft / Compromise of data (e.g. logins)
Theft of Content
% of Total Responses
2017 Survey
38
0% 5% 10% 15% 20% 25% 30%
International Revenue Share Fraud (IRSF)
Interconnect Bypass (e.g. SIM box)
Arbitrage
Theft / Stolen Goods
Premium Rate Service
Device / Hardware Reselling
Domestic Revenue Share (DRSF)
Friendly Fraud
Private Use
Wholesale Fraud
Cable or Satellite
Service Reselling (e.g: Call Sell)
Commissions Fraud
Denial of Service (DoS) and Distributed Denial of…
Theft / Compromise of data (e.g. logins)
Theft of Content
Fraud Types (YOUR COMPANY)(Roaming)
Where is the Fraud Coming
From?
39
2017 Survey
In 2015, the top 3 countries were United States, Pakistan and Spain.
40
Top 10 Countries That ORIGINATE Fraudulent Calls:
0%
1%
2%
3%
4%
5%
6%
2017 Survey
41
Top 10 Countries Where Fraud TERMINATES:
In 2015, the top 3 countries were Cuba, Somalia and Bosnia & Herzegovina
0%
1%
2%
3%
4%
5%
6%
7%
8% 8%
5%
4% 4% 4%3%
3% 3% 3%3%
Fraud Loss Estimates
42
2017 Survey
In 2017, approx. 5% of CSPs report >30% of their bad debt was related to
fraud.
43
What percentage of bad debt is a result of fraud
in YOUR COMPANY?
78.1%
9.8%7.3%
2.4%0.0%
2.4%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
< 10% 10-20% 21-30% 31-40% 41-50% > 50%
% T
ota
l Re
sp
on
se
s
2013 2015 2017
2017 Survey
In 2013, a majority of CSPs believed fraud losses were between 1-2%. In 2015
and 2017, the consensus shifted to between 2-3%.
44
What percentage of the total GLOBAL telecom
revenue base do you think is fraud?
< 1% 1-2% 2-3% 3-4% 4-5% 5-10% > 10%
2013 12.3% 26.3% 15.8% 17.5% 8.8% 10.5% 8.8%
2015 18.9% 16.2% 21.6% 16.2% 13.5% 10.8% 2.7%
2017 17.1% 17.1% 22.0% 19.5% 9.8% 4.9% 9.8%
17.1% 17.1%
22.0%
19.5%
9.8%
4.9%
9.8%
0%
5%
10%
15%
20%
25%
30%
% T
ota
l R
esp
on
ses
2017 Survey
Smaller CSPs generally think fraud losses are higher globally.
45
Of the Global telecom revenue base, what
percentage do you think is fraud?
< 1%1-2%
2-3%3-4%
4-5%5-10%
> 10%
0%
1%
2%
3%
4%
5%
6%
7%
8%
<1,000,000
1,000,001 to 10,000,000
10,000,001 to 50,000,000
25,000,001 to 50,000,000
50,000,001 +
Wholesale Only (no end user subscribers)
0%-1% 1%-2% 2%-3% 3%-4% 4%-5% 5%-6% 6%-7% 7%-8%
2017 Survey
46
Comparison Between 2011-2017 Survey
Results in YOUR COMPANY
0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
70.0%
< 1% 1-2% 2-3% 3-4% 4-5% 5-10% > 10%
62%
21%
8% 8%
0%3%
0%
2011 2013 2015 2017
Since 2013 CSPs have report fewer fraud losses per year. In 2015, 60% of
CSPs reported losses less than 2%. In 2017, 82% reported losses less than 2%.
2017 Survey
Smaller CSPs generally report higher fraud losses.
47
What percentage of YOUR COMPANY’S
revenue base do you think is fraud?
< 1%1-2%
2-3%3-4%
4-5%5-10%
> 10%
0%
2%
4%
6%
8%
10%
12%
14%
16%
<1,000,000
1,000,001 to 10,000,000
10,000,001 to 50,000,000
25,000,001 to 50,000,000
50,000,001 +
Wholesale Only (no end user…
0%-2% 2%-4% 4%-6% 6%-8% 8%-10% 10%-12% 12%-14% 14%-16%
2017 SurveyOf the global telecom revenue base, what
percentage do you think is fraud?*
Fraud
Loss as a
% of
Revenue <1,000,000
1,000,001
to
10,000,000
10,000,001
to
50,000,000
25,000,001
to
50,000,000 50,000,001+ Wholesale
% Total
Responses
< 1% 12.04% 20.07% 6.69% 9.37% 10.70% 2.68% 61.55%
1-2% 4.01% 6.69% 2.23% 3.12% 3.57% 0.89% 20.51%
2-3% 1.50% 2.51% 0.84% 1.17% 1.34% 0.33% 7.69%
3-4% 1.50% 2.51% 0.84% 1.17% 1.34% 0.33% 7.69%
4-5% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00%
5%-10% 0.50% 0.83% 0.28% 0.39% 0.45% 0.11% 2.56%
> 10% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00%
*Note: Percentages taken from CSP self-reported losses.
Fraud Losses by # of Subscribers
48
2017 Survey
2017 Estimated Global Telecom Revenues*:
$2.30 Trillion (USD)
2017 Estimated Global Loss:
$29.2 Billion (USD), or 1.27%
Loss Calculation: ∑((CSP Size x % by Group) x Group Midpoint)/100) x
Global Telecom Revenues
Note: Fraud losses were weighted based on CSP size to avoid bias created when small and large CSP responses were combined.
*Source: The Insight Research Corporation – http://www.insight-corp.com/reports/review15.asp
(Estimate for 2015)
49
2017 SurveyComparison to Previous Surveys
2008 2011* 2013 2015 2017 % Var
Estimated Global
Revenues
$1.7 Trillion
(USD)
$2.1 Trillion
(USD)
$2.2 Trillion
(USD)
$2.25 Trillion
(USD)
$2.30 Trillion
(USD)+2.2%
Estimated Global
Fraud Loss
$60.1 Billion
(USD)
$40.1 Billion
(USD)
$46.3 Billion
(USD)
$38.1 Billion
(USD)
$29.2 Billion
(USD)-23.3%
% Loss* 3.54% 1.88% 2.09% 1.69% 1.27% -0.4%
*Note: In 2011 losses were recalculated using a weighting methodology.
50
0.0%
0.5%
1.0%
1.5%
2.0%
2.5%
3.0%
3.5%
4.0%
2008 2011 2013 2015 2017
% Loss (Company) % Loss (Global)
0
500
1,000
1,500
2,000
2,500
2008 2011 2013 2015 2017
Bil
lio
ns
Est. Global Telecom Revenues Est. Global Fraud Loss
Executive Summary
2017 Survey Highlights:
Global Fraud Loss Estimate*: $29.2 Billion (USD) annually
The 23.3% decrease from 2015 was a result of communications companies reporting fewer fraud losses as a percent of revenue.
1.27% of global telecom revenues The 0.42% decrease from 2015 is attributed to several factors including:
Increased collaboration and coordination within the industry and with law enforcement
Cessation of casual dialing on major US carrier networks
Shifting of cost base from TDM to VoIP networks which have lower tariffed rates
Increased focus on cybersecurity issues, which are harder to associate with revenue losses
71% said global fraud losses had increased or stayed the same–a 18% decrease from 2015.
67% said fraud had trended up or stayed the same within their company—an 6% decrease from 2015
For more information please visit: www.cfca.org/fraudlosssurvey/51
Executive Summary
For more information please visit: www.cfca.org/fraudlosssurvey/
*Note: Combined results shown; Beginning in 2015 fraud types were divided between In-network and Roaming.
52
Top 10 Fraud Methods:
$2.03 B – Subscription Fraud (Identity) $1.94 B – PBX Hacking $1.94 B – IP PBX Hacking $1.93 B – Subscription Fraud (Application) $1.75 B – Subscription Fraud (Credit
Muling/Proxy) $1.66 B – Abuse of Service Terms & Conditions $1.66 B – Account Take Over $1.47 B – Internal Fraud / Employee Theft $1.38 B – Phishing / Pharming $1.38 B – Payment Fraud
Executive Summary
Top 10 Fraud Types*:
$6.10 B – International Revenue Share Fraud (IRSF)
$4.27 B – Interconnect Bypass (e.g. SIM Box) $3.26 B – Arbitrage $3.02 B – Theft / Stolen Goods $2.39 B – Premium Rate Service $2.10 B – Device / Hardware Reselling $1.35 B – Domestic Revenue Share (DRSF) $1.30 B – Wholesale Fraud $1.27 B – Friendly Fraud $1.03 B – Private Use
The top 5 fraud types accounted for 65% of all fraud losses.
For more information please visit: www.cfca.org/fraudlosssurvey/
*Note: Combined results shown; Beginning in 2015 fraud types were divided between In-network and Roaming.
53
Thank You
54
Appendix
55
2017 Survey
56
Subscription Fraud (Identify); $2.0
PBX Hacking; $1.9IP PBX Hacking; $1.9
Subscription Fraud (Application); $1.9
Subscription Fraud (Credit Muling/Proxy); $1.8
Abuse of Service
Terms and Conditions; $1.7
Account Takeover; $1.7
Internal Fraud / Employee Theft; $1.5
Phishing / Pharming; $1.4
Payment Fraud; $1.4
Abuse of network, device or configuration weakness; $1.3 Spoofing (IP or
CLI/ANI); $1.3
Dealer Fraud; $1.1 Social Engineering; $1.0
Wangiri (Call Back
Schemes); $1.0
Robocalling; $0.9
Signalling Manipulation;
$0.8
Brand Name /
Logo Abuse; $0.6Mobile
Malware; $0.6
Pre-Paid Equipment & Services; $0.6
SMS Faking or Spoofing; $0.6
Voicemail Hacking
(Not associated with PBX Hacking); $0.6
IMEI
Reprogramming; $0.6
Clip-on Fraud; $0.5
SIM Cloning; $0.4
2017 Estimated Fraud Losses by Method(in $ USD Billions)
2017 Survey
57
$2.03
$1.94
$1.94
$1.94
$1.75
$1.66
$1.66
$1.47
$1.38
$1.38
$1.29
$1.29
$1.11
$1.01
$1.01
$0.92
$0.83
$0.65
$0.65
$0.65
$0.65
$0.65
$0.55
$0.46
$0.37
Subscription Fraud (Identify)
PBX Hacking
IP PBX Hacking
Subscription Fraud (Application)
Subscription Fraud (Credit Muling/Proxy)
Abuse of Service Terms and Conditions
Account Takeover
Internal Fraud / Employee Theft
Phishing / Pharming
Payment Fraud
Abuse of network, device or configuration weakness
Spoofing (IP or CLI/ANI)
Dealer Fraud
Social Engineering
Wangiri (Call Back Schemes)
Robocalling
Signalling Manipulation
Brand Name / Logo Abuse
Mobile Malware
Pre-Paid Equipment & Services
SMS Faking or Spoofing
Voicemail Hacking (Not associated with PBX Hacking)
IMEI Reprogramming
Clip-on Fraud
SIM Cloning
$- $1 $1 $2 $2 $3
2017 Estimated Fraud Losses by Method(in $ USD Billions)
2017 SurveyEstimated Fraud Losses by Method by Size
Fraud Method <1,000,000
1,000,001 to
10,000,000
10,000,001 to
50,000,000
25,000,001 to
50,000,000 50,000,001 +
Wholesale Only
(no end user subs)
Abuse of network, device or configuration weakness
$0.38 $0.63 $0.21 $0.29 $0.34 $0.08
Abuse of Service Terms and Conditions $0.22 $0.36 $0.12 $0.17 $0.19 $0.05
Account Takeover $0.11 $0.18 $0.06 $0.08 $0.10 $0.02
Brand Name / Logo Abuse $0.20 $0.33 $0.11 $0.15 $0.18 $0.04
Clip-on Fraud $0.20 $0.33 $0.11 $0.15 $0.18 $0.04
Dealer Fraud $0.13 $0.21 $0.07 $0.10 $0.11 $0.03
IMEI Reprogramming $0.13 $0.21 $0.07 $0.10 $0.11 $0.03
Internal Fraud / Employee Theft $0.29 $0.48 $0.16 $0.22 $0.26 $0.06
IP PBX Hacking $0.32 $0.54 $0.18 $0.25 $0.29 $0.07
Mobile Malware $0.25 $0.42 $0.14 $0.20 $0.22 $0.06
Payment Fraud $0.38 $0.63 $0.21 $0.29 $0.34 $0.08
PBX Hacking $0.32 $0.54 $0.18 $0.25 $0.29 $0.07
Phishing / Pharming $0.13 $0.21 $0.07 $0.10 $0.11 $0.03
Pre-Paid Equipment & Services $0.38 $0.63 $0.21 $0.29 $0.34 $0.08
Robocalling $0.07 $0.12 $0.04 $0.06 $0.06 $0.02
Signaling Manipulation $0.13 $0.21 $0.07 $0.10 $0.11 $0.03
SIM Cloning $0.27 $0.45 $0.15 $0.21 $0.24 $0.06
SMS Faking or Spoofing $0.34 $0.57 $0.19 $0.27 $0.30 $0.08
Social Engineering $0.18 $0.30 $0.10 $0.14 $0.16 $0.04
Spoofing (IP or CLI/ANI) $0.27 $0.45 $0.15 $0.21 $0.24 $0.06
Subscription Fraud (Application) $0.13 $0.21 $0.07 $0.10 $0.11 $0.03
Subscription Fraud (Credit Muling/Proxy) $0.09 $0.15 $0.05 $0.07 $0.08 $0.02
Subscription Fraud (Identify) $0.25 $0.42 $0.14 $0.20 $0.22 $0.06
Voicemail Hacking (Not associated with PBX Hacking)
$0.40 $0.66 $0.22 $0.31 $0.35 $0.09
Wangiri (Call Back Schemes) $0.16 $0.27 $0.09 $0.13 $0.14 $0.04
Total $5.72 $9.53 $3.18 $4.45 $5.08 $1.27
58
(In Billions $ USD)
2017 SurveyEstimated Fraud Losses by Method by Region
59
(In Billions $ USD)
Fraud Method Asia South Pacific
Central and
South America North America Western Europe
Eastern Europe &
Russia Africa Middle East
Abuse of network, device or configuration weakness
$0.14 $0.07 $0.25 $0.84 $0.32 $0.14 $0.11 $0.07
Abuse of Service Terms and Conditions
$0.08 $0.04 $0.14 $0.48 $0.18 $0.08 $0.06 $0.04
Account Takeover $0.04 $0.02 $0.07 $0.24 $0.09 $0.04 $0.03 $0.02
Brand Name / Logo Abuse $0.07 $0.04 $0.13 $0.44 $0.17 $0.07 $0.06 $0.04
Clip-on Fraud $0.07 $0.04 $0.13 $0.44 $0.17 $0.07 $0.06 $0.04
Dealer Fraud $0.05 $0.02 $0.08 $0.28 $0.11 $0.05 $0.04 $0.02
IMEI Reprogramming $0.05 $0.02 $0.08 $0.28 $0.11 $0.05 $0.04 $0.02
Internal Fraud / Employee Theft $0.11 $0.05 $0.19 $0.64 $0.24 $0.11 $0.08 $0.05
IP PBX Hacking $0.12 $0.06 $0.21 $0.72 $0.27 $0.12 $0.09 $0.06
Mobile Malware $0.09 $0.05 $0.16 $0.56 $0.21 $0.09 $0.07 $0.05
Payment Fraud $0.14 $0.07 $0.25 $0.84 $0.32 $0.14 $0.11 $0.07
PBX Hacking $0.12 $0.06 $0.21 $0.72 $0.27 $0.12 $0.09 $0.06
Phishing / Pharming $0.05 $0.02 $0.08 $0.28 $0.11 $0.05 $0.04 $0.02
Pre-Paid Equipment & Services $0.14 $0.07 $0.25 $0.84 $0.32 $0.14 $0.11 $0.07
Robocalling $0.03 $0.01 $0.05 $0.16 $0.06 $0.03 $0.02 $0.01
Signalling Manipulation $0.05 $0.02 $0.08 $0.28 $0.11 $0.05 $0.04 $0.02
SIM Cloning $0.10 $0.05 $0.18 $0.60 $0.23 $0.10 $0.08 $0.05
SMS Faking or Spoofing $0.13 $0.06 $0.22 $0.76 $0.29 $0.13 $0.10 $0.06
Social Engineering $0.07 $0.03 $0.12 $0.40 $0.15 $0.07 $0.05 $0.03
Spoofing (IP or CLI/ANI) $0.10 $0.05 $0.18 $0.60 $0.23 $0.10 $0.08 $0.05
Subscription Fraud (Application) $0.05 $0.02 $0.08 $0.28 $0.11 $0.05 $0.04 $0.02
Subscription Fraud (Credit Muling/Proxy)
$0.03 $0.02 $0.06 $0.20 $0.08 $0.03 $0.03 $0.02
Subscription Fraud (Identify) $0.09 $0.05 $0.16 $0.56 $0.21 $0.09 $0.07 $0.05
Voicemail Hacking (Not associated with PBX Hacking)
$0.15 $0.07 $0.26 $0.88 $0.33 $0.15 $0.11 $0.07
Wangiri (Call Back Schemes) $0.06 $0.03 $0.11 $0.36 $0.14 $0.06 $0.05 $0.03
Total $2.12 $1.06 $3.72 $12.75 $4.78 $2.12 $1.59 $1.06
2017 Survey
60
(Combined)
Arbitrage; $3.3
Cable or Satellite; $0.7 Commissions Fraud; $1.0
Denial of Service (DoS) and Distributed Denial of
Service (DDoS); $0.6
Domestic Revenue Share (DRSF); $1.4
Device / Hardware Reselling; $2.0
Friendly Fraud; $1.3
Interconnect Bypass (e.g.
SIM box); $4.3
International Revenue Share Fraud (IRSF); $6.1
Premium Rate Service; $2.4
Private Use; $1.0
Service
Reselling (e.g: Call Sell); $0.5
Theft / Compromise of data (e.g. logins); $0.2
Theft / Stolen Goods; $3.0
Theft of Content; $0.2
Wholesale Fraud; $1.3
2017 Estimated Fraud Losses by Type(in $ USD Billions)
2017 Survey
61
(Combined)
$6.1
$4.3
$3.3
$3.0
$2.4
$2.0
$1.4
$1.3
$1.3
$1.0
$1.0
$0.7
$0.6
$0.5
$0.2
$0.2
International Revenue Share Fraud (IRSF)
Interconnect Bypass (e.g. SIM box)
Arbitrage
Theft / Stolen Goods
Premium Rate Service
Device / Hardware Reselling
Domestic Revenue Share (DRSF)
Wholesale Fraud
Friendly Fraud
Private Use
Commissions Fraud
Cable or Satellite
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
Service Reselling (e.g: Call Sell)
Theft / Compromise of data (e.g. logins)
Theft of Content
$- $1 $2 $3 $4 $5 $6 $7
2017 Estimated Fraud Losses by Type (in $ USD Billions)
2017 Survey
Fraud Type Asia South Pacific
Central and
South America North America
Western
Europe
Eastern
Europe Africa Middle East
Arbitrage $0.24 $0.12 $0.42 $1.42 $0.53 $0.24 $0.18 $0.12
Cable or Satellite $0.05 $0.03 $0.09 $0.30 $0.11 $0.05 $0.04 $0.03
Commissions Fraud $0.07 $0.03 $0.12 $0.42 $0.16 $0.07 $0.05 $0.03
Denial of Service (DoS) and
Distributed Denial of Service
(DDoS)$0.05 $0.02 $0.08 $0.28 $0.10 $0.05 $0.03 $0.02
Device / Hardware Reselling $0.10 $0.05 $0.17 $0.59 $0.22 $0.10 $0.07 $0.05
Domestic Revenue Share (DRSF) $0.15 $0.07 $0.26 $0.88 $0.33 $0.15 $0.11 $0.07
Friendly Fraud $0.09 $0.05 $0.16 $0.56 $0.21 $0.09 $0.07 $0.05
Interconnect Bypass (e.g. SIM
box)$0.31 $0.16 $0.54 $1.86 $0.70 $0.31 $0.23 $0.16
International Revenue Share
Fraud (IRSF)$0.44 $0.22 $0.78 $2.66 $1.00 $0.44 $0.33 $0.22
Premium Rate Service $0.17 $0.09 $0.30 $1.04 $0.39 $0.17 $0.13 $0.09
Private Use $0.08 $0.04 $0.13 $0.45 $0.17 $0.08 $0.06 $0.04
Service Reselling (e.g: Call Sell) $0.03 $0.02 $0.06 $0.20 $0.07 $0.03 $0.02 $0.02
Theft / Compromise of data (e.g.
logins)$0.02 $0.01 $0.03 $0.10 $0.04 $0.02 $0.01 $0.01
Theft / Stolen Goods $0.22 $0.11 $0.38 $1.32 $0.49 $0.22 $0.16 $0.11
Theft of Content $0.02 $0.01 $0.03 $0.10 $0.04 $0.02 $0.01 $0.01
Wholesale Fraud $0.09 $0.05 $0.17 $0.57 $0.21 $0.09 $0.07 $0.05
Total $2.12 $1.06 $3.72 $12.75 $4.78 $2.12 $1.59 $1.06
62
(In Billions $ USD)Combined Est. Fraud Losses by Fraud Type by Region
2017 Survey
63
(In-Network)
Arbitrage; $1.3
Cable or Satellite; $0.5Commissions Fraud; $1.0
Denial of Service (DoS) and Distributed
Denial of Service (DDoS); $0.6
Domestic Revenue Share (DRSF); $0.7
Device / Hardware Reselling; $1.0
Friendly Fraud; $0.6
Interconnect Bypass (e.g. SIM box); $1.5
International Revenue Share Fraud (IRSF); $2.1
Premium Rate Service; $1.1
Private Use; $0.4
Service Reselling (e.g: Call Sell); $0.2
Theft / Compromis
e of data (e.g.
logins); $0.2
Theft / Stolen Goods; $1.1
Theft of Content; $0.2
Wholesale Fraud; $0.9
2017 Estimated Fraud Losses by Type(in $ USD Billions)
2017 Survey
Fraud Type <1,000,000
1,000,001 to
10,000,000
10,000,001 to
50,000,000
25,000,001 to
50,000,000 50,000,001 +
Wholesale Only
(no end user
subs)
Arbitrage $0.26 $0.44 $0.15 $0.21 $0.23 $0.06
Cable or Satellite $0.09 $0.16 $0.05 $0.07 $0.08 $0.02
Commissions Fraud $0.19 $0.31 $0.10 $0.14 $0.17 $0.04
Denial of Service (DoS) and
Distributed Denial of Service
(DDoS)
$0.12 $0.21 $0.07 $0.10 $0.11 $0.03
Domestic Revenue Share
(DRSF)$0.14 $0.23 $0.08 $0.11 $0.12 $0.03
Device / Hardware Reselling $0.19 $0.31 $0.10 $0.14 $0.17 $0.04
Friendly Fraud $0.12 $0.21 $0.07 $0.10 $0.11 $0.03
Interconnect Bypass (e.g. SIM
box)$0.30 $0.49 $0.16 $0.23 $0.26 $0.07
International Revenue Share
Fraud (IRSF)$0.40 $0.67 $0.22 $0.31 $0.36 $0.09
Premium Rate Service $0.22 $0.36 $0.12 $0.17 $0.19 $0.05
Private Use $0.08 $0.13 $0.04 $0.06 $0.07 $0.02
Service Reselling (e.g: Call
Sell)$0.05 $0.08 $0.03 $0.04 $0.04 $0.01
Theft / Compromise of data
(e.g. logins)$0.05 $0.08 $0.03 $0.04 $0.04 $0.01
Theft / Stolen Goods $0.22 $0.36 $0.12 $0.17 $0.19 $0.05
Theft of Content $0.05 $0.08 $0.03 $0.04 $0.04 $0.01
Wholesale Fraud $0.17 $0.28 $0.09 $0.13 $0.15 $0.04
Total $2.64 $4.40 $1.47 $2.05 $2.35 $0.59
64
(In Billions $ USD)In-Network Est. Fraud Losses by Fraud Type by Size
2017 Survey
Fraud Type Asia South Pacific
Central and
South America
North
America
Western
Europe
Eastern
Europe Africa Middle East
Arbitrage $0.10 $0.05 $0.17 $0.59 $0.22 $0.10 $0.07 $0.05
Cable or Satellite $0.03 $0.02 $0.06 $0.21 $0.08 $0.03 $0.03 $0.02
Commissions Fraud $0.07 $0.03 $0.12 $0.42 $0.16 $0.07 $0.05 $0.03
Denial of Service (DoS) and
Distributed Denial of Service
(DDoS)$0.05 $0.02 $0.08 $0.28 $0.10 $0.05 $0.03 $0.02
Domestic Revenue Share
(DRSF)$0.05 $0.03 $0.09 $0.31 $0.12 $0.05 $0.04 $0.03
Device / Hardware Reselling $0.07 $0.03 $0.12 $0.42 $0.16 $0.07 $0.05 $0.03
Friendly Fraud $0.05 $0.02 $0.08 $0.28 $0.10 $0.05 $0.03 $0.02
Interconnect Bypass (e.g. SIM
box)$0.11 $0.05 $0.19 $0.66 $0.25 $0.11 $0.08 $0.05
International Revenue Share
Fraud (IRSF)$0.15 $0.08 $0.26 $0.90 $0.34 $0.15 $0.11 $0.08
Premium Rate Service $0.08 $0.04 $0.14 $0.48 $0.18 $0.08 $0.06 $0.04
Private Use $0.03 $0.01 $0.05 $0.17 $0.06 $0.03 $0.02 $0.01
Service Reselling (e.g: Call Sell) $0.02 $0.01 $0.03 $0.10 $0.04 $0.02 $0.01 $0.01
Theft / Compromise of data (e.g.
logins)$0.02 $0.01 $0.03 $0.10 $0.04 $0.02 $0.01 $0.01
Theft / Stolen Goods $0.08 $0.04 $0.14 $0.48 $0.18 $0.08 $0.06 $0.04
Theft of Content $0.02 $0.01 $0.03 $0.10 $0.04 $0.02 $0.01 $0.01
Wholesale Fraud $0.06 $0.03 $0.11 $0.38 $0.14 $0.06 $0.05 $0.03
$0.98 $0.49 $1.72 $5.89 $2.21 $0.98 $0.74 $0.49
65
(In Billions $ USD)In-Network Est. Fraud Losses by Fraud Type by Region
2017 Survey
66
(Roaming)
Arbitrage; $1.9
Cable or Satellite; $0.2
Commissions Fraud; $0.0
Denial of Service (DoS) and Distributed
Denial of Service (DDoS); $0.0Domestic Revenue Share (DRSF); $0.6
Device / Hardware Reselling; $1.1
Friendly Fraud; $0.6
Interconnect Bypass (e.g. SIM box); $2.8
International Revenue Share Fraud (IRSF); $4.0
Premium Rate Service; $1.3
Private Use; $0.6
Service Reselling (e.g: Call Sell); $0.2
Theft / Compromise of data (e.g. logins); $0.0
Theft / Stolen Goods; $1.9
Theft of Content; $0.0
Wholesale Fraud; $0.4
2017 Estimated Fraud Losses by Type(in $ USD Billions)
2017 Survey
Fraud Type <1,000,000
1,000,001 to
10,000,000
10,000,001 to
50,000,000
25,000,001 to
50,000,000 50,000,001 +
Wholesale Only
(no end user
subs)
Arbitrage $0.37 $0.62 $0.21 $0.29 $0.33 $0.08
Cable or Satellite $0.04 $0.07 $0.02 $0.03 $0.04 $0.01
Commissions Fraud $0.00 $0.00 $0.00 $0.00 $0.00 $0.00
Denial of Service (DoS) and
Distributed Denial of Service
(DDoS)$0.00 $0.00 $0.00 $0.00 $0.00 $0.00
Domestic Revenue Share
(DRSF)$0.12 $0.21 $0.07 $0.10 $0.11 $0.03
Device / Hardware Reselling $0.21 $0.35 $0.12 $0.16 $0.18 $0.05
Friendly Fraud $0.12 $0.21 $0.07 $0.10 $0.11 $0.03
Interconnect Bypass (e.g. SIM
box)$0.54 $0.90 $0.30 $0.42 $0.48 $0.12
International Revenue Share
Fraud (IRSF)$0.79 $1.32 $0.44 $0.61 $0.70 $0.18
Premium Rate Service $0.25 $0.42 $0.14 $0.19 $0.22 $0.06
Private Use $0.12 $0.21 $0.07 $0.10 $0.11 $0.03
Service Reselling (e.g: Call Sell) $0.04 $0.07 $0.02 $0.03 $0.04 $0.01
Theft / Compromise of data (e.g.
logins)$0.00 $0.00 $0.00 $0.00 $0.00 $0.00
Theft / Stolen Goods $0.37 $0.62 $0.21 $0.29 $0.33 $0.08
Theft of Content $0.00 $0.00 $0.00 $0.00 $0.00 $0.00
Wholesale Fraud $0.08 $0.14 $0.05 $0.06 $0.07 $0.02
Total $3.08 $5.13 $1.71 $2.39 $2.74 $0.68
67
(In Billions $ USD)Roaming Est. Fraud Losses by Fraud Type by Size
2017 Survey
Fraud Type Asia South Pacific
Central and
South America
North
America
Western
Europe
Eastern
Europe Africa Middle East
Arbitrage $0.14 $0.07 $0.24 $0.83 $0.31 $0.14 $0.10 $0.07
Cable or Satellite $0.02 $0.01 $0.03 $0.09 $0.03 $0.02 $0.01 $0.01
Commissions Fraud $0.00 $0.00 $0.00 $0.00 $0.00 $0.00 $0.00 $0.00
Denial of Service (DoS) and
Distributed Denial of Service
(DDoS)$0.00 $0.00 $0.00 $0.00 $0.00 $0.00 $0.00 $0.00
Domestic Revenue Share (DRSF) $0.05 $0.02 $0.08 $0.28 $0.10 $0.05 $0.03 $0.02
Device / Hardware Reselling $0.08 $0.04 $0.14 $0.46 $0.17 $0.08 $0.06 $0.04
Friendly Fraud $0.05 $0.02 $0.08 $0.28 $0.10 $0.05 $0.03 $0.02
Interconnect Bypass (e.g. SIM
box)$0.20 $0.10 $0.35 $1.21 $0.45 $0.20 $0.15 $0.10
International Revenue Share
Fraud (IRSF)$0.29 $0.15 $0.51 $1.76 $0.66 $0.29 $0.22 $0.15
Premium Rate Service $0.09 $0.05 $0.16 $0.56 $0.21 $0.09 $0.07 $0.05
Private Use $0.05 $0.02 $0.08 $0.28 $0.10 $0.05 $0.03 $0.02
Service Reselling (e.g: Call Sell) $0.02 $0.01 $0.03 $0.09 $0.03 $0.02 $0.01 $0.01
Theft / Compromise of data (e.g.
logins)$0.00 $0.00 $0.00 $0.00 $0.00 $0.00 $0.00 $0.00
Theft / Stolen Goods $0.14 $0.07 $0.24 $0.83 $0.31 $0.14 $0.10 $0.07
Theft of Content $0.00 $0.00 $0.00 $0.00 $0.00 $0.00 $0.00 $0.00
Wholesale Fraud $0.03 $0.02 $0.05 $0.19 $0.07 $0.03 $0.02 $0.02
Total $1.14 $0.57 $2.00 $6.86 $2.57 $1.14 $0.86 $0.57
68
(In Billions $ USD)Roaming Est. Fraud Losses by Fraud Type by Region
2017 Survey
69
What is your False Positive Rate?
Fraud MethodFraud Management
System
Manual Controls or
Reports
Other Systems or
ProcessesAbuse of network, device or configuration weakness 0.5% 0.2% 0.0%
Abuse of Service Terms and Conditions 0.7% 0.3% 0.0%
Account Takeover 0.7% 0.3% 0.0%
Brand Name / Logo Abuse 0.3% 0.1% 0.0%
Clip-on Fraud 0.2% 0.1% 0.0%
Dealer Fraud 0.5% 0.2% 0.0%
IMEI Reprogramming 0.2% 0.1% 0.0%
Internal Fraud / Employee Theft 0.6% 0.3% 0.0%
IP PBX Hacking 0.8% 0.4% 0.0%
Mobile Malware 0.3% 0.1% 0.0%
Payment Fraud 0.6% 0.3% 0.0%
PBX Hacking 0.8% 0.4% 0.0%
Phishing / Pharming 0.6% 0.3% 0.0%
Pre-Paid Equipment & Services 0.3% 0.1% 0.0%
Robocalling 0.4% 0.2% 0.0%
Signalling Manipulation 0.3% 0.2% 0.0%
SIM Cloning 0.2% 0.1% 0.0%
SMS Faking or Spoofing 0.3% 0.1% 0.0%
Social Engineering 0.4% 0.2% 0.0%
Spoofing (IP or CLI/ANI) 0.5% 0.2% 0.0%
Subscription Fraud (Application) 0.8% 0.4% 0.0%
Subscription Fraud (Credit Muling/Proxy) 0.7% 0.3% 0.0%
Subscription Fraud (Identify) 0.8% 0.4% 0.0%
Voicemail Hacking (Not associated with PBX Hacking) 0.3% 0.1% 0.0%
2017 Survey
70
What is your False Positive Rate? Fraud Type (In-Network)
FMS
Manual
Controls
Other
Systems
Arbitrage 1.2% 0.5% 0.2%
Cable or Satellite 0.4% 0.2% 0.1%
Commissions Fraud 0.9% 0.4% 0.1%
Denial of Service (DoS) and
Distributed Denial of Service
(DDoS)
0.6% 0.3% 0.1%
Domestic Revenue Share (DRSF) 0.6% 0.3% 0.1%
Device / Hardware Reselling 0.9% 0.4% 0.1%
Friendly Fraud 0.6% 0.3% 0.1%
Interconnect Bypass (e.g. SIM box) 1.4% 0.6% 0.2%
International Revenue Share Fraud
(IRSF)1.8% 0.8% 0.3%
Premium Rate Service 1.0% 0.5% 0.2%
Private Use 0.4% 0.2% 0.1%
Service Reselling (e.g: Call Sell) 0.2% 0.1% 0.0%
Theft / Compromise of data (e.g.
logins)0.2% 0.1% 0.0%
Theft / Stolen Goods 1.0% 0.5% 0.2%
Theft of Content 0.2% 0.1% 0.0%
Wholesale Fraud 0.8% 0.4% 0.1%
Fraud Type (Roaming)FMS
Manual
Controls
Other
Systems
Arbitrage 1.5% 0.7% 0.2%
Cable or Satellite 0.2% 0.1% 0.0%
Commissions Fraud 0.0% 0.0% 0.0%
Denial of Service (DoS) and
Distributed Denial of Service
(DDoS)
0.0% 0.0% 0.0%
Domestic Revenue Share (DRSF) 0.5% 0.2% 0.1%
Device / Hardware Reselling 0.8% 0.4% 0.1%
Friendly Fraud 0.5% 0.2% 0.1%
Interconnect Bypass (e.g. SIM box) 2.1% 1.0% 0.3%
International Revenue Share Fraud
(IRSF)3.1% 1.4% 0.5%
Premium Rate Service 1.0% 0.4% 0.2%
Private Use 0.5% 0.2% 0.1%
Service Reselling (e.g: Call Sell) 0.2% 0.1% 0.0%
Theft / Compromise of data (e.g.
logins)0.0% 0.0% 0.0%
Theft / Stolen Goods 1.5% 0.7% 0.2%
Theft of Content 0.0% 0.0% 0.0%
Wholesale Fraud 0.3% 0.1% 0.1%
2017 Survey
71
Fraud Method Definitions:Fraud Method Description
Abuse of network, device or configuration weakness
Exploitation of a configuration weakness to gain access to a network or device; Includes VoIP equipment such as a modem or router.
Abuse of Service Terms and Conditions Violation of the carrier's service terms and conditions or acceptable use policy.
Account Takeover Manipulation and utilization of existing customer account in order to gain devices or service
Brand Name / Logo Abuse Acquisition and use of a company's logo without permissionClip-on Fraud Stealing service by attaching wires to another customer's phone equipmentDealer Fraud All types of fraud conducted by indirect and 3rd party dealers
IMEI Reprogramming Changing the IMEI of a handset to hide the true origination or identity of a callerInternal Fraud / Employee Theft Theft of service or equipment by employees; Also includes abuse of company's credit and adjustment policyMobile Malware Compromised Mobile Applications
PBX Hacking Compromised PBX systems used to make callsIP PBX Hacking Compromised IP PBX used to make fraudulent callsPhishing / Pharming Theft of personal info or credentials via hacking, phishing, vishing, etc…
Pre-Paid Equipment & Services All types of fraud and abuse involving pre-paid equipment and servicesRobocalling Use of computerized auto-dialers to deliver pre-recorded messages to perpetrate fraud.Signalling Manipulation Manipulation of the SIP or SS7 signaling message to hide the true origination or identity of a caller
SIM Cloning Duplicated SIM card used to charge phone calls back to the original SIM cardSMS Faking or Spoofing Manipulation of the ANI to hide the true origination or identity of SMS or MMSSocial Engineering Manipulation of an employee or customer to unintentionally give out important information
Spoofing (IP or CLI/ANI) Manipulation of the IP address/CLI/ANI to hide someone's true origination or identitySubscription Fraud (Application) Creation of false details to gain access to goods and services with no intention to pay
Subscription Fraud (Credit Muling/Proxy)Utilization of real identity details (with authorisation for payment) to obtain goods and services with no intention to pay
Subscription Fraud (Identify)Utilization of a real identify without the owners knowledge to obtain goods and services with no intention to pay
Voicemail Hacking (Not associated with PBX Hacking)
Compromised voicemail system used to make calls
Wangiri (Call Back Schemes) Call back fraud schemes
Payment Fraud Utilization of stolen credit cards, debit cards or counterfeit checks in order to obtain service
2017 SurveyFraud Type Definitions:
72
Fraud Type Description
Arbitrage Exploitation of the differences in rates between different countries
Cable or Satellite Signal theft or retransmission from a cable or satellite provider
Commissions Fraud Schemes used by dealers to collect additional commissions and spiffs
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
An explicit attempt to make a machine or network resource unavailable to the users of a service
Domestic Revenue Share (DRSF)
Abuse of Carrier Interconnect agreements through such things as Traffic Pumping, Switch Access Stimulation, 8yy Dip Pumping and CNAM Revenue pumping schemes
Device / Hardware Reselling Resold equipment such as handsets, tablets, IPTV devices, routers…
Friendly Fraud Utilization of Charge Backs, Returned Checks, Card Holder Not Present, etc… to perpetuate services
Interconnect Bypass (e.g. SIM box)
Unauthorized insertion of traffic onto another carrier’s network. This includes Interconnect Fraud and GSM Gateway Fraud or SIM Boxing.
International Revenue Share Fraud (IRSF)
Artificial inflation of traffic terminating to international revenue share providers
Premium Rate Service Artificial inflation of traffic terminating to premium service providers
Private Use Use of a service neither directly nor indirectly paid for without rendering some kind of financial compensation
Service Reselling (e.g: Call Sell) Resale of stolen phone services
Theft / Compromise of data (e.g. logins)
Includes such things as the acquisition of personal information or intellectual property
Theft / Stolen Goods Equipment Theft
Theft of Content Stealing content such as ringtones, games, or applications
Wholesale Fraud Exploitation of wholesale interconnect agreements
About Communications Fraud
Communications fraud is the use of telecommunications products or services with no intention of payment. Fraud negatively impacts everyone, including residential and commercial customers. The losses increase the communications carriers’ operating costs. Although communications operators have increased measures to minimize fraud and reduce their losses, criminals continue to abuse communications networks and services. Therefore, communications operators tend to keep their actual loss figures and their plans for corrective measures confidential. Due to the sensitive nature of this topic, CFCA used a confidential opinion survey of global communications operators to support the global fraud loss study.
73
About CFCA
CFCA is a not-for-profit global educational association that is working to combat communications fraud. The mission of the CFCA is to be the premier international association for revenue assurance, loss prevention and fraud control through education and information. By promoting a close association among telecommunications fraud security personnel, CFCA serves as a forum and clearinghouse of information pertaining to the fraudulent use of communications services. For more information, visit CFCA at www.CFCA.org.
74
Communications Fraud Control Association
4 Becker Farm Road 4th Floor
PO BOX 954
Roseland, NJ 07068
+1 973 871 4032 Phone
+1 973 871 4075 Fax
[email protected] email
www.cfca.org website
Roberta Aronoff – Executive Director
Jacob Howell – Board of Directors, Survey Chairman
75