Industry Resources

Call of Duty: Telecoms Firms Must Tackle Account Takeover Fraud

Friday 27 July 2018 | 09:00 CET | Advertorial | provided by RISK IDENT

Account takeover fraud is sweeping the globe, and the telecommunications sector is one of the hardest hit industries. Fraudsters are leaning heavily on telcoms for illegal gains, and both the companies and their customers are feeling the shock. But why is this industry such an attractive target, and what can telcoms bosses do to lessen the damage? Identity theft has reached what experts call “epidemic levels,” largely in part to the sharp increase of data breaches happening around the globe. The U.S. credit bureau Equifax suffered a breach of its network security system last September, which compromised the personal info of 143 million consumers around the world. And this came hot on the heels of 1,800 other security breaches that exposed 1.4 billion data records in just 2016 alone . That same year, the UK telecommunications company TalkTalk was fined £400,000 for a cyber attack that allowed for the personal details of 150,000 customers to be stolen by hackers.

While data breaches are scary in their own right, the real nightmare is what criminals do with customer information once they’ve stolen it. Fraudsters use this illegally obtained info to create new accounts online and, even more damaging, use it to hijack existing accounts. The latter allows for criminals to hide behind the names and account history of good customers to somewhat easily make fraudulent purchases. 

Why mobile telecoms are so vulnerable to ATO

Cifas reports that the identity fraud rate in the mobile telecoms sphere rose 60% in 2017 . And the reason the mobile telecoms industry has taken such a beating is based on the industry’s standard business model. Fraudsters are particularly attracted to the phone contract model used in Europe, where customers immediately receive a high-value device that they eventually pay off monthly. 

This system has lured in fraudsters, who’ve found that it’s relatively easy to use a victim’s stolen account details to access his or her account, collect the expensive phone, immediately sell off the device, and leave the victim with the bill and whatever other fallout that occurs.

Contract extensions are another door that fraudsters have weaseled through as they continue to target the telecommunications industry. As a way to reduce customer friction, many mobile service providers have eliminated complex re-sign processes. Though this presents convenience and ease to legitimate customers, it also presents a lucrative opportunity for hungry criminals. 

Fraudsters have realized that they can use stolen data to hijack existing accounts and change a victim’s account details to ensure that the brand new device that comes along with an automatic extension is delivered to an address that they can access. This type of fraud is popular, so much so that there’s even a pricing scale for mobile contract account details on the Dark Web; the closer an account is to a renewal date, the more sellers can demand for the account information, as a big payoff is right around the corner.

Unfortunately, telecom firms don’t just experience outside threats. RISK IDENT’s fraud experts have found that it’s becoming more and more common for account takeover fraud to actually happen from within, carried out by telecommunications employees. In such cases, firms’ employees use their administrative access to take over customer accounts, create a bogus contract renewal and collect the phone for themselves. In some cases, resellers and company partners also have the ability to create fake renewals in customer accounts, which is helping drive the high ATO rates in the telecom industry.  

What telecoms firms can do to lessen identity theft threats

The only surefire way to stop the flood of fraudsters who’ve targeted the telecommunications industry is to close the gaps presented by the mobile phone contract model. This entails predicting where customers may be most vulnerable to fraud and keeping that in mind when constructing a telecom firm’s fraud prevention strategy. 

Over the past five years, RISK IDENT has identified several account and transaction characteristics that can assist telecoms firms in detecting account takeover fraud. These include:

  • Recent account changes: Nearly all confirmed cases of ATO fraud came with a password, address or e-mail address change within 10 days prior to the transaction.
  • Expensive purchases: The average order value in account takeover cases is four times higher than other orders. For example, fraudulent orders often include a request for a much more expensive device than the victim’s previous phone. 
  • Customer age: Due to having significantly less technical expertise, older customers are much more likely to be victims of identity theft and account takeovers. 

Paying attention to warning signs like these and incorporating systems that further predict account takeover vulnerability have the power to significantly reduce ATO fraud in the telecommunications industry. After all, the harder a companymakes it for criminals to commit fraud, the less likely it will be targeted. 

To find out more about how RISK IDENT’s fraud prevention solutions reduce identity theft and ATO in the telecommunications industry, visit: https://riskident.com/en/.


Result-driven fraud prevention solutions engineered by RISK IDENT protect global e-commerce, telecommunication and financial businesses. Reducing identity theft, account takeovers, payment fraud, and account/loan application fraud on all channels is made simple with cost-effective products that use extensive domain knowledge and machine learning technology tailor made for tier-one enterprises.

About Roberto Valerio

Roberto Valerio is one of the foremost experts on the rise of AI in combating fraud, and founder of RISK IDENT, Europe’s leading provider of new intelligent anti-fraud software. Roberto sits on the European Advisory Board of the Merchant Risk Council and is a regular speaker on Europe’s anti-fraud conference circuit.

Sponsor Details

Contact    https://riskident.com/en/

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Categories: Internet
Companies: Riskident / TalkTalk
Countries: World
::: add a comment

Add comment

We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the Telecompaper website, they in no way represent the opinion of Telecompaper.

Calendar   /   Industry Events

25 Jan Edgeware EGM
25 Jan The Things Conference 2021
26 Jan Verizon Communications Q4 2020
26 Jan F5 Networks fiscal Q1
26 Jan Microsoft fiscal Q2
26 Jan Meetup MENA
27 Jan KPN Q4 2020
27 Jan Extreme Networks fiscal Q2
27 Jan MediaTek Q4 2020
27 Jan Calix Q4 2020
27 Jan Facebook Q4 2020
27 Jan AT&T Q4 2020
27 Jan Corning Q4 2020
27 Jan Uptime
28 Jan Crown Castle Q4 2020
28 Jan Rogers Communications Q4 2020
28 Jan Juniper Networks Q4 2020
28 Jan Comcast Q4 2020
28 Jan Samsung Electronics Q4 2020
28 Jan Skyworks fiscal Q1
28 Jan 8x8 fiscal Q3
29 Jan Charter Communications Q4 2020
29 Jan Telia Q4 2020
29 Jan Ericsson Q4 2020
29 Jan NEC fiscal Q3
::: More Calendar Items