Mobile fraud in Africa: the scams that are pulled by wily dodgers
Internet fraud in Africa (see this week's Internet News) tends to grab the headlines. But there is a far more pervasive form of local fraud in the fast-growing mobile sector. Later this month will see South Africa host the first conference to tackle the specific challenges of telecoms fraud in the African region organised by the IIR. Mapara Syed interviews one of the conference's key speakers, Abdul Mia, who is Fraud Manager for South African mobile operator Cell C and the Chair of the GSM Africa fraud Forum. The scale of theft can be judged by second story in this fraud special that highlights the recovery of 7,228 stolen handsets by MTN Rwanda.
Firstly, could you describe the three main categories of fraud that occur within South Africa and around the continent?
The first type of fraud is subscription fraud. This mainly occurs in the more developed countries like South Africa where they are more likely to have credit rating systems. What happens is that somebody will try and obtain a contract or subscription from an operator using fraudulent ID with the intent of never paying for it.
The second type of fraud is related to pre-pay services. With this, the main fraud may occur in the reproduction of prepaid airtime vouchers. In many countries around Africa where the infrastructure is poor the security around the pin numbers of these vouchers is not so tight.
For example, the operator may email or ship a CD of the unencrypted pin numbers to the manufacturers in which they can be easily intercepted. There is also the issue of the security of the physical stock of the vouchers. These are usually kept in the manufacturer’s or operator’s warehouses where again they can easily intercepted. The third major type of fraud that occurs within South Africa but to a lesser extent than the rest of the region is handset theft. In many countries handsets are not subsidised when a product is purchased so there is a great demand for phones. Therefore, people will go to great lengths to obtain a handset either through fraud or theft mainly. These are the three principle categories of fraud that occur.
Are there any other types of fraud that an operator may encounter?
Roaming fraud is another type of fraud that can be coupled with subscription fraud. A fraudster will obtain a subscription using fraudulent ID and then exploit the opportunity to use the phone abroad where the operator will have a bilateral agreement with an overseas operator. This will go unnoticed until the foreign operator alerts the incumbent operator that there are a substantial number of calls being made on their network. This does not happen so much with Cell C as roaming capabilities have to be requested to be switched on but can be a frequent occurrence for operators that allow roaming as a standard feature.
What about a type of fraud that may be specific to South Africa?
Syndicate fraud attacks on network operators are ever increasing in South Africa. These attacks include the use of fraudulent identity documents, bank statements, utility bills, and even pay-slips. Individual applications using the same details such as employer, bank account etc are used to apply for lines and these are then used for call selling operations. All the fraudulent documents are created by the syndicate members who have people based at banks etc so that verification becomes much easier. Community services phones often also fall prey to fraudsters and are used in areas other then those they have been assigned to. This type of fraud is managed and combated by the use of a fraud management system.
What would you say is the average revenue loss for the industry as a result of fraud?
It would be difficult to say as I don’t have any figures. However post-paid fraud amounts differ significantly to that of prepaid fraud amounts. Post-paid amounts vary depending on the usage and spent on each line and also the duration of the fraud. If the fraud is detected soon the losses are minimised but should it not be detected soon the losses can be substantial. This does not include the loss of the handset and this can range from R300 for the cheaper handsets to as much as R6000 for the more expensive handsets. Proper analysis could also not be done as different operators classify fraud differently. With regards to pre-pay fraud we are looking at small denomination vouchers of say R20, R30, R50 and operators can minimise their losses to this.
How do you combat these types of fraud?
A lot of liaison takes place between the different operators and the many various role-players, such as the retailers, banks, etc. The trends show that many fraudsters move around networks so we work together as a group to combat these syndicates. At Cell C we have a computerised Fraud Management system in place where the call usage on our network is monitored and we are alerted if there are any irregular patterns.
This is a system that is most effective in combating subscription fraud. From a pre-pay perspective education and training to staff and other operators is the best approach. So we educate them on how to implement better security systems so pin numbers cannot be intercepted whether it be from the warehouse or via email. Using best practice methods on security features on the physical vouchers (the type of paper, type of scratch foil, etc) is also communicated to operators to reduce and minimise their losses and risk.
Here we work closely with the voucher manufacturers. Many of the approaches are adopted during the GSM Association and other similar forums where the numerous operators get together to discuss best practice. Last month Cell C and the two other operators in South Africa, along with the SA Police Services signed a memorandum of understanding to blacklist all stolen, lost and damaged handset on their networks. This means that if a handset is reported stolen then its unique number (IMEI number) will be listed on the Equipment Identity Register (EIR). If the stolen phone is picked up as being used on any of the networks, the network operator will not allow the call to be connected and thus the handset becomes inoperable. This will deter handset theft as it will ensure that if a phone is stolen it will not work on any network within the country.
Do you have a way in working with the police to try and punish fraudsters rather than just stop it?
If there is a case where a syndicate has struck more than once and across different networks then the affected operators will combine their evidence to provide in court when the culprits are being prosecuted. So rather than having ten small cases to handle concerning smaller amounts of money it then becomes one large case dealing with a much more substantial amount of money. Therefore, the fraudsters will receive a much more severe sentencing.
Is it just fraud that occurs in South Africa or do you encounter mobile scams as well?
Mobile scams rarely happen here like they would in Europe or the US as they are usually associated with premium rate numbers. Because of the largely pre-pay market in SA and the rest of the continent, the risk of mobile scams is less as pre-pay customers are less likely to respond to premium rate calls or texts. If they do all that will happen is that their credit will run out rather than receiving a disproportionate telephone bill at the end of the month.
In addition to the IIR conference from 23rd to 27th May in Cape Town (see advertisement at the bottom of the Events column below) First Tuesday are also running a Business PowerLab Series aiming to find and showcase breakthrough technologies in advanced fraud management systems.
For the first event in the Business PowerLab Series on 24th May at The Forum, First Tuesday will highlight the Dimension Data Guardian solution. This telephony solution is a software application that provides cost containment for large companies by detecting and preventing telephone abuse and fraud.
MTN RECOVERS 7,228 CELL PHONES
Earlier this week, Rwanda's only mobile phone operator, MTN RwandaCell, divulged that they have so far managed to recover 7,228 stolen cell phones through a joint tracking system with the National Police. Most of the phones that number 6,215 were recovered between January and September last year, while 1,013 mobile phones were recovered between February and April this year.
According to the security manager of MTN RwandaCell, Petero Kigame, the system of tracking down stolen handsets started operating early last year as a service to satisfy clients."We agreed with the National Police to handle stolen phone cases countrywide, and this decentralization process is to help people report such cases to the nearest police stations," he said.
"There is always someone in charge of dealing with details of stolen phones; the person brings forms to MTN offices where the owner gets back the phone when it is recovered," he added. The official said the victim only needs to provide the phone serial and telephone numbers with the date on which the phone was stolen."
It is said phone theft is most common in crowded places like churches and taxis around Kigali city, and 90% of stolen cell phones belong to women. The Nokia phone type is most common among the recovered ones, according to statistics. The MTN official advised people not to buy phones from unauthorized dealers in order to avoid acquiring stolen phones.