M2M Summit Fraud An underestimated risk for M2M solutions?

Transcription

1 M2M Summit 2012 Fraud An underestimated risk for M2M solutions? LionGate AG

2 Agenda 1. M2M Fraud examples 2. Key drivers increasing risk of Fraud in M2M 3. Fraud Management Framework 4. Liongate offerings slide 2

3 It happened already High value M2M device was stolen. No way to detect it? Stolen SIMs in traffic lights in Johannesburg Illegally modified set top box in UK Fraudster stole the SIM card from the energy meter M2M devices SIM card was hacked and misused remotely... Fraud arrived in the M2M world slide 3

4 Let s analyse the case: Stolen SIMs in traffic lights in Johannesburg In Johannesburg, some 400 South African traffic lights were rendered out of action after thieves stole the mobile phone SIM cards contained within them. Total Loss: ~US$1.3m *Source: BBC News, Jan 2011 What went wrong? Standard SIM-cards where used that fit in all mobile telecom device The company did not recognize that the traffic lights were stolen until the bill from the telecom operator arrived How to prevent? Negotiate appropriate services with the telecom provider. The minimal service required is e.g. sending SMS to one dedicated calling number Secure your hardware by standard software solutions taken from the fraud experience. In the networks of telecom operators network element are sending out frequently an 'I am alive' messages Design your hardware to avoid misuse e.g. mount SIM-modules on PCB-boards instead using external SIM cards in slots. slide 4

5 Let s analyse the case: Illegally modified set top box in UK A man from Birmingham was sentenced to five and half years in jail for cable TV fraud. The fraudster was selling illegally modified set Top boxes that could receive free channels. *Source: The Register, Sep 10 What went wrong? The design of the set top box allowed to get access to the operation system of the set top box The service provider couldn't detect the manipulation of the set top boxes How to prevent? Within the design of the hardware try to prevent fraud by using experience in older industries e.g. Automotive and Security The design of the system should include monitoring of the CPE and should be able to detect any kind of manipulation incl. alarming the service provider slide 5

6 Let s analyse the case: Stolen SIM Card from energy meter A 33 year old disability pensioner was sentenced to 18 months imprisonment and ordered to repay nearly $200,000 by Hobart s Supreme Court. The fraudster stole the SIM card from the energy meter. Since the SIM card was unlocked it could be used in smartphones and 3G modems. *Source: ITWire, May 2011 What went wrong? Standard SIM-cards where used that fit in all telecom device like mobile phones. The company did not recognize that the SIM cards were stolen How to prevent? Negotiate appropriate services with the telecom provider. The minimal service required is e.g. sending SMS to one dedicated calling number Secure your hardware by standard software solutions taken from the fraud experience. In the networks of telecom operators network element are sending out frequently an 'I am alive' message Design your hardware to avoid misuse e.g. mount SIM-modules on PCB-boards instead using external SIM cards in slots slide 6

7 Let s analyse the case: High-value M2M stolen The steal of high values cars using M2M services is raising not because of M2M but although! *Source: The Register, Sep 10 What went wrong? M2M might not be the cause for Fraud, but could support Fraud monitoring, detection, analysis and prevention How to prevent? The whole Fraud Management Cycle need to be installed in order to prevent, monitor, analyse and detect fraud Samples: SIM cards can be used for geographic detection, redundant systems are able to send warnings in case of violation, M2M service can stop all services on M2M device,... slide 7

8 Key drivers increasing risk of Fraud in M2M Fraud in the M2M domain has challenging drivers: Reduced cost of equipment Remote, unguarded/unattended locations Lack of M2M device control once deployed Devices not valued by the consumer in the same way people own and look after their mobile If a soft device is easy to modify this will enable fraud - its key design purpose is the control application not the communications The introduction of new (unknown) business partners Billing model approach - where M2M usage is not controlled or monitored until some-thing actually goes wrong slide 8

9 Fraud Management Objectives & Focus areas The main objectives for Fraud Management Framework are: A concept to effectively detect, analyze and control various possible Frauds during the Project Life Cycle and during Operations of the M2M service by following an iterative approach. To be able to detect and prevent frauds at an early stage to minimize the impact of the fraud and to arise in future on account of introduction of new services. To track the behaviour of a customer suspected to be Fraudulent. our disciplines of Quality Management Liongate Fraud Management Framework Fraud Prevention Fraud Detection Fraud Analysis Fraud Control For example: Customized & restricted Services Make System Bulletproof For example: Fraud Alarming Frequent System Status Messages Thresholds For example: Fraud Knowledge Transfer Severity of alarms Type of alarm For example: Frequent System Status Messages Alarming based on User profile Usage pattern slide 9

10 We make projects to your success story Fokus areas Industries M2M Telecommunication & Media Energy & Utilities Finance Topics Fraud Management Risk Management Mobility CRM Billing & Fulfilment Networks & Partnerships Happy Customers Our M2M offering for your success Consulting and concepts design for Project Management, Risk-, Fraud Management and Quality Management for your M2M service launch and your M2M service operations. Creation of sustainable, comprehensive and reasonable Service Management Processes. slide 10

11 Backup Backup slide 11

12 Let s analyse the case: M2M device hacked and misused Some weeks ago an expert organization was able to hack a SIM card. *Source: The Register, Sep 10 What went wrong? As other computers M2M-device can be victim of criminal hacks or dos-attacks, O/S can be infected by worms viruses, other applications can be used to take over command on the devise to misuse it. How to prevent? The whole Fraud Management Cycle need to be installed in order to prevent, monitor, analyse and detect fraud slide 12