2017 Global Fraud Loss Survey
2017 2017 CFCA CFCA Sur Su r v ey – Respondents
2017 Survey In which region are you located? 35.0% 30.0% 25.0% 20.0% 15.0% 10.0% 5.0% 0.0%
Asia
South Pacific
Central and South America
North America
Western Europe
Eastern Europe& Russia
Africa
Middle East
Note: Local, Regional, National and International CSPs participated in the survey
2017 Survey How many subscribers does your company have? 25,000,001 to 50,000,000 15.22%
50,000,001 + 17.39%
Wholesale Only (no end user subscribers) 4.35% <10,000 8.70%
10,000,001 to 25,000,000 10.87%
10,001 to 1,000,000 10.87%
1,000,001 to 10,000,000 32.61%
2017 Survey What functions apply to your current role and responsibilities? Internal Fraud Investigation Vendor/Consultant Law Enforcement Security/Network Legal/Regulatory Finance/Billing/Revenue Assurance Customer Service Fraud Detection End User Security/Physical Operations Sales/Marketing Fraud Investigation Systems Administrator
38.8%
2.0% 12.2% 16.3% 14.3% 36.7% 18.4% 89.8% 2.0% 8.2% 20.4% 8.2% 81.6% 10.2%
0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0%
Compared to 2015, 5% more time is going to detecting fraud and 14% more time is going to Customer Care, Billing and Revenue Assurance functions.
2017 Survey Where is your fraud department situated? Security RiskManagement Operations IT Finance CustomerCare 0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Compared to 2015, departments under Finance shrank by >10% (57% in 2015). However, Customer Care, Operations and Security each grew by approx. 4%. Some Fraud departments also reported moving to Revenue Assurance, Collections, Business Intelligence.
2017 CFCA Survey – General Fraud Trends
2017 Survey Direct revenue impacts to CSPs is shifting into other areas. CSP services are being used to perpetrate fraud across other industries.
23.3%
% Revenue Loss 4.0% 3.5%
2017
3.0% 2.5% 2.0% 1.5% 1.0% 0.5% 0.0% 2008
2011
2013
2015
2017
% Var
Estimated Global Revenues Estimated Global Fraud Loss
$2.30 +2.2 Trillion % (USD) $29.2 Billion 23.3% (USD)
% Loss*
1.27% -0.4%
2017 Survey Global Fraud Loss Estimate:
$29.2 Billion (USD) annually 1.27% of global telecom revenues
The 23.2% decrease from 2015 is attributed to several factors including: Increased collaboration and coordination between carriers within the industry and with law enforcement Cessation of casual dialing on major US carrier networks Continued migration of cost base from TDM to VoIP networks which have lower tariffed rates Increased focus on cybersecurity issues, which are harder to associate with revenue losses For more information please visit: www.cfca.org/fraudlosssurvey/
2017 Survey How many fraud incidents does your department handle per month? # Subscribers <10,000 10,001 to 1,000,000 1,000,001 to 10,000,000 10,000,001 to 50,000,000 50,000,001+ Wholesale Only (no end user subs)
6 9 10 21 81
51 to 100 51 to 100 101 to 500 501 to1,000 1001+
6
101 to 500
On average the # incidents per month have decreased by 10%. However, this masks the fact that the number of attempted frauds has increased significantly since 2015.
2017 Survey Top Fraud Methods: $2.03 B – Subscription Fraud (Identity) $1.94 B – PBX Hacking $1.94 B – IP PBX Hacking $1.93 B – Subscription Fraud (Application) $1.75 B – Subscription Fraud (Credit Muling/Proxy) $1.66 B – Abuse of Service Terms & Conditions $1.66 B – Account Take Over $1.47 B – Internal Fraud / Employee Theft $1.38 B – Phishing / Pharming Top Fraud Types*: $6.10 B – International Revenue Share Fraud (IRSF) $4.27 B – Interconnect Bypass (e.g. SIM Box) $3.26 B – Arbitrage $3.02 B – Theft / Stolen Goods $2.39 B – Premium Rate Service $2.10 B – Device / Hardware Reselling $1.35 B – Domestic Revenue Share (DRSF) $1.30 B – Wholesale Fraud
Fraud Method – is how they access the network or service to enable revenue gain from the attack
Fraud Type – is how they use the service or network to generate revenue from the attack
2017 Survey What do you view as the top 5 fraud methods Total GLOBALLY? 0% 2% 4% 6% 8% % of
Responses
PBX Hacking IP PBX Hackin g Subscription Fraud (Application) Ac co un t Takeover Subscriptio n Fraud (Credit Muling /Proxy) Ab us e of Servic e Term s and Cond it ions Phishing / Pharming Subscriptio n Fraud (Identify) Payment Fraud Ab us e of network , devic e or conf igur ation weaknes s
In 2015, the top five were: PBX Hacking, IP PBX Hacking, Subscription Fraud (Application), Internal Fraud/Employee Theft, and Subscription Fraud (Identity)
10%
2017 Survey What do you view as the top 5 fraud methods at YOUR COMPANY ? 1.0% 2.0% 3.0% 4.0% 5.0% 6.0% 0.0%
7.0%
Subscriptio n Fraud (Identity) PBX Hacking IP PBX Hackin g Subscription Fraud (Application) Subscriptio n Fraud (Credit Muling /Proxy) Ab use of Servic e Term s and Cond it io ns Ac co un t Takeover Internal Fraud / Employee Theft Phishing / Pharming Payment Fraud
In 2015, the top five fraud methods were PBX Hacking, IP PBX Hacking, Subscription Fraud (Application), Dealer Fraud and Subscription Fraud (Identity)
2017 Survey Abu se o f n etw or k, dev ic e or configuration weakness; $1.3
2017 Estimated Fraud Lo sses by Method (in $ USD Billions)
Payment Fraud; $1.4 Phishing / Pharming; $1.4
Spoofing (IP or Dealer Fraud; $1.1 Social Engineering ; $1.0 Signalling CLI/ANI); $1.3 Manipulation; Wangiri (Call Back $0.8 Schemes); $1.0 Robocalling; $0.9
Internal Fraud / Employee Theft; $1.5
Brand Name / Logo Abuse; $0.6 Mobile Malware; $0.6 Pre-Paid Equipment & Services; $0.6
Acco un t Tak eov er; $1.7
SMS Faking o r Spoofing; $0.6 Voicemail Hacking (Not associated wit h PBX Hacking); $0.6 Clip-on Fraud; $0.5 IMEI Reprogramming; $0.6 SIM Cloning; $0.4
Abu se o f Ser vice Terms and Conditions; $1.7 Subscription Fraud (Credit Muling /Proxy); $1.8 Subscription Fraud (Application); $1.9 IP PBX Hacking; $1.9
PBX Hacking; $1.9
Subscription Fraud (Identify); $2.0
2017 Survey What do you view as the top 5 fraud types at YOUR COMPANY? 0.0% 5.0% 10.0% 15.0% 20.0%
(In-Network)
(Roaming)
International Revenue Share Fraud (IRSF)
International Revenue Share Fraud (IRSF)
Interconnect Bypass (e.g. SIM box)
Interconnect Bypass (e.g. SIM box)
Ar bi tr age
Premium Rate Service
Theft / Stolen Goods
0.0%
10.0% 20.0% 30.0%
Ar bi tr age Theft / Stolen Goods Premium Rate Service
In 2015, the top fraud types were: IRSF, Interconnect Bypass, Arbitrage, Premium Rate Service, Device/Hardware Reselling and Theft/Stolen Goods
2017 Survey (Combined)
2017 Estimated Fraud Losses by Type (in $ USD Billions)
Denial of Service (DoS) and Distributed Denial of Service (DDoS); $0.6
Cable or Satellite; $0.7 Commissions Fraud; $1.0 Arbitr age; $3.3 Domestic Revenue Share (DRSF); $1.4
Wholesale Fraud; $1.3 Theft of Cont ent; $0.2 Theft / Compromise of data (e.g. logins ); $0.2
Device / Hardware Reselling; $2.0
Theft / Stolen Goods ; $3.0 Service Reselling (e.g: Call Sell); $0.5
Friendly Fraud; $1.3
Private Use; $1.0 Premium Rate Service; $2.4
Interconnect Bypass (e.g. SIM box); $4.3
Internation al Revenue Share Fraud (IRSF); $6.1
2017 CFCA Survey – Fraud Locations
2017 Survey Top 10 Countries That ORIGINATE Fraudulent Calls: 6% 5% 4% 3% 2% 1% 0%
In 2015, the top 3 countries were United States, Pakistan and Spain.
2017 Survey Top 10 Countries Where Fraud TERMINATES: 8%
8%
7% 6% 5% 4% 3%
5% 4%
4%
4%
3%
3%
3%
3%
3%
2% 1% 0%
In 2015, the top 3 countries were Cuba, Somalia and Bosnia & Herzegovina
2017 CFCA Survey – Company Losses
2017 Survey What percentage of the total GLOBAL telecom revenue base do you think is fraud? 30% 25% s e s n 20% o p s e 15% R l a t o T 10% %
22.0% 19.5% 17.1%
17.1%
9.8%
9.8% 4.9%
5% 0% 2013 2015 2017
< 1% 12.3% 18.9% 17.1%
1-2% 26.3% 16.2% 17.1%
2-3% 15.8% 21.6% 22.0%
3-4% 17.5% 16.2% 19.5%
4-5% 8.8% 13.5% 9.8%
5-10% 10.5% 10.8% 4.9%
> 10% 8.8% 2.7% 9.8%
In 2013, a majority of CSPs believed fraud losses were between 1-2%. In 2015 and 2017, the consensus shifted to between 2-3%.
2017 Survey Comparison Between 2011-2017 Survey Results in YOUR COMPANY 70.0%
62%
60.0% 50.0% 40.0% 30.0%
21% 20.0%
8%
10.0%
8% 3%
0%
0%
0.0% < 1%
1-2%
2-3%
2013
3-4%
2015
4-5%
5-10%
> 10%
2017
Since 2013 CSPs have report fewer fraud losses per year. In 2015, 60% of CSPs reported losses less than 2%. In 2017, 82% reported losses less than 2%.
Communications Fraud Control Association 4 Becker Farm Road 4th Floor PO BOX 954 Roseland, NJ 07068 +1 973 871 4032 Phone +1 973 871 4075 Fax
[email protected] email www.cfca.org website Roberta Aronoff – Executive Director Jacob Howell – Board of Directors , Survey Chairman
About Communications Fraud Communications fraud is the use of telecommunications products or services with no intention of payment. Fraud negatively impacts everyone, including residential and commercial customers. The losses increase the communications carriers’ operating costs.
Although communications operators have increased measures to minimize fraud and reduce their losses, criminals continue to abuse communications networks and services. Therefore, communications operators tend to keep their actual loss figures and their plans for corrective measures confidential. Due to the sensitive nature of this topic, CFCA used a confidential opinion survey of global communications operators to support the global fraud loss study.
About CFCA CFCA is a not-for-profit global educational association that is working to combat communications fraud. The mission of the CFCA is to be the premier international association for revenue assurance, loss prevention and fraud control through education and information. By promoting a close association among telecommunications fraud security personnel, CFCA serves as a forum and clearinghouse of information pertaining to the fraudulent use of communications services. For more information, visit CFCA at www.CFCA.org.
Thank You
2017 Survey
Fraud Method Definitions: Abuse of network, device or configuration weakness Abuse of Service Terms and Conditions Account Takeover Brand Name / Logo Abuse Clip-on Fraud Dealer Fraud IMEI Reprogramming Internal Fraud / Employee Theft Mobile Malware PBX Hacking IP PBX Hacking Phishing / Pharming Pre-Paid Equipment & Services Robocalling Signalling Manipulation SIM Cloning SMS Faking or Spoofing Social Engineering Spoofing (IP or CLI/ANI) Subscription Fraud (Application)
Exploitation of a configuration weakness to gain access to a network or device; Includes VoIP equipment such as a modem or router. Violation of the carrier's service terms and conditions or acceptable use policy. Manipulation and utilization of existing customer account in order to gain devices or service Acquisition and use of a company's logo without permission Stealing service by attaching wires to another customer's phone equipment All types of fraud conducted by indirect and 3rd party dealers Changing the IMEI of a handset to hide the true origination or identity of a caller Theft of service or equipment by employees; Also includes abuse of company's credit and adjustment policy Compromised Mobile Applications Compromised PBX systems used to make calls Compromised IP PBX used to make fraudulent calls Theft of personal info or credentials via hacking, phishing, vishing, etc… All types of fraud and abuse involving pre-paid equipment and services Use of computerized auto-dialers to deliver pre-recorded messages to perpetrate fraud. Manipulation of the SIP or SS7 signaling message to hide the true origination or identity of a caller Duplicated SIM card used to charge phone calls back to the original SIM card Manipulation of the ANI to hide the true origination or identity of SMS or MMS Manipulation of an employee or customer to unintentionally give out important information Manipulation of the IP address/CLI/ANI to hide someone's true origination or identity Creation of false details to gain access to goods and services with no intention to pay Utilization of real identity details (with authorisation for payment) to obtain goods and services with no Subscription Fraud (Credit Muling/Proxy) intention to pay Utilization of a real identify without the owners knowledge to obtain goods and services with no intention to Subscription Fraud (Identify) pay Voicemail Hacking (Not associated with Compromised voicemail system used to make calls PBX Hacking) Wangiri (Call Back Schemes) Call back fraud schemes Payment Fraud Utilization of stolen credit cards, debit cards or counterfeit checks in order to obtain service
2017 Survey Fraud Type Definitions: Arbitrage
Exploitation of the differences in rates between different countries
Cable or Satellite Commissions Fraud Denial of Service (DoS) and Distributed Denial of Service (DDoS) Domestic Revenue Share (DRSF) Device / Hardware Reselling
Signal theft or retransmission from a cable or satellite provider Schemes used by dealers to collect additional commissions and spiffs An explicit attempt to make a machine or network resource unavailable to the users of a service
Abuse of Carrier Interconnect agreements through such things as Traffic Pumping, Switch Access Stimulation, 8yy Dip Pumping and CNAM Revenue pumping schemes Resold equipment such as handsets, tablets, IPTV devices, routers…
Friendly Fraud
Utilization of Charge Backs, Returned Checks, Card Holder Not Present, etc… to perpetuate services
Interconnect Bypass (e.g. SIM box) International Revenue Share Fraud (IRSF) Premium Rate Service Private Use
Unauthorized insertion of traffic onto another carrier’s network. This includes Interconnect Fraud and GSM Gateway Fraud or SIM Boxing.
Artificial inflation of traffic terminating to international revenue share providers Artificial inflation of traffic terminating to premium service providers Use of a service neither directly nor indirectly paid for without rendering some kind of financial compensation
Service Reselling (e.g: Call Sell) Resale of stolen phone services Theft / Compromise of data Includes such things as the acquisition of personal information or intellectual property (e.g. logins) Theft / Stolen Goods
Equipment Theft
Theft of Content
Stealing content such as ringtones, games, or applications
Wholesale Fraud
Exploitation of wholesale interconnect agreements
