Communications Fraud Control Association Global Fraud Loss Survey

Transcription

1 Communications Fraud Control Association 2013 Global Fraud Loss Survey

2 Overview Survey Type & Methodology Executive Summary Results Fraud Management Snapshot Top Fraud Methods & Types Top Countries Where Fraud Originates & Terminates Comparison of Fraud Trends 2013 Global Fraud Loss Estimate 2013 Estimated Fraud Losses by Method, Type, CSP Size and Region

3 Survey Type & Methodology Panel of Experts Survey: Surveys taken from fraud and security experts working within the industry who are directly involved in identifying and stopping communications fraud Responses were received from: 93 Communications Service Providers (CSPs) located throughout the industry and around the globe CSPs included both Small (<1K employees) and Large (100K+) CSPs included wireless, wireline, broadband, and narrowband service providers CSPs reported providing service in multiple areas including: voice, data, financial services, and content distribution

4 Executive Summary Highlights: 2013 Global Fraud Loss Estimate*: $46.3 Billion (USD) annually The 15% increase from 2011 is a result of increased fraudulent activity targeting the wireless industry. Approx. 2.09% of telecom revenues The 0.21% increase from 2011 is a result of fraud losses growing at a faster pace than global telecom revenues. 94% said global fraud losses had increased or stayed the same a 4% decrease from % said fraud had trended up or stayed the same within their company a 3% increase from Top 5 Fraud Methods Reported by Surveyed Companies: $5.22 B Subscription Fraud $4.42 B PBX Hacking $3.62 B Account Take Over / Identity Theft $3.62 B VoIP Hacking $3.35 B Dealer Fraud Top 5 Fraud Types Reported by Surveyed Companies : $6.11 B Roaming Fraud $5.32 B Wholesale Fraud $4.73 B Premium Rate Service $3.55 B Cable or Satellite Signal Theft $2.96 B Hardware Reselling *Note: In 2013 fraud classifications were divided into methods and type categories For more information please visit:

5 2013 CFCA Survey Results

6 In which region are you located? 35.0% 31.9% 30.0% 28.6% 25.0% 20.0% 15.0% 10.0% 8.8% 11.0% 8.8% 6.6% 5.0% 2.2% 2.2% 0.0% Asia South Pacific Central and South America North America Western Europe Eastern Europe Africa Middle East Note: Local, Regional, National and International CSPs participated in the survey

7 90% 80% 70% 60% 50% 40% 30% 20% 10% 2013 Survey Which services does your company provide? 0% Pre-paid Mobile Post-paid Mobile Fixed Line Services Cable & Satellite Wholesale Internet Other Voice (Examples: Local, Long Distance, & International) Data (Examples: VoIP & Over-the-Top, and other communication services.) Financial (Examples: mobile purchase & ecommerce) Content (Examples: IPTV, Advertising, etc.) Machine-to-Machine (Examples: Smart Meters, Cars, Sensors...)

8 How many employees are in your company? 3.6% 4.8% 17.9% 19.0% <1,000 1,001 to 5,000 5,001 to 10,000 10,001 to 50,000 50,001 to 100, , % 36.9% Note: Small, Medium and Large CSPs responded to the survey

9 How many subscribers does your company have? 4.8% 6.0% 8.4% 14.5% <10, % 10,001 to 1,000,000 1,000,001 to 10,000, % 33.7% 10,000,001 to 25,000,000 25,000,001 to 50,000,000 50,000,001 + Wholesale Only (no end user subscribers)

10 Where is your fraud department situated? Security 32.8% Operations IT 4.7% 17.2% Finance IT Operations Security Finance 45.3% 0% 10% 20% 30% 40% 50% Since 2011 about 8% of Fraud Departments have moved from under Finance to IT & Security; Other functional areas included Risk Management, Internal Audit, Revenue Assurance, Customer Care, Network Operations and Routing.

11 How many are in your Fraud department? 60% 50% 40% 36% 42% 51% 50% 30% 20% 10% 0% 27% 26% 26% 20% 12% Analysts Investigators Administrative & Case Management Other (please specify) Fraud departments grew by about 2% since However, larger departments reduced Fraud Analyst positions by about 5%. Notes: Other category includes staff managers and supervisors. Some CSPs reported revenue assurance and subpoena compliance personnel in their departments. Some CSPs also reported as little as one person on staff. 28% 16% 5% 5% 4% 2% 0% < 3 3 to 5 6 to to % 13% 13% 0%

12 When is your fraud department staffed? Holidays 15% 44% 44% 44% Off-Hours Coverage Provided by Another Organization Weekend 17% 41% 42% 50% Non-Business Hours (24 Hours) Extended Business Hours Weekdays 11% 32% 47% 65% Business Hours 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Off-hour coverage on weekends and weekdays grew by about 3% since 2011.

13 What functions apply to your current role and responsibilities? Vendor/Consultant Law Enforcement Security/Network Legal/Regulatory Finance/Billing/Revenue Assurance Customer Service Supervisory Fraud Detection End User Investigation Security/Physical Operations Sales/Marketing Non-Supervisory Fraud Investigation Systems Administrator 2.1% 10.6% 12.8% 10.6% 12.8% 8.5% 4.3% 10.6% 21.3% 25.5% 25.5% 36.2% 38.3% 40.4% 68.1% 76.6% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0%

14 Are you a member of any other organizations? CFCA 29% GSMA FF 33% DFF 2% TRMA 3% NCFTA 2% i3 3% CINNA 2% ATFRA 3% TM Forum (RA) 2% ETNO 8% FIINA 14% CFCA GSMA FF FIINA ETNO TM Forum (RA) ATFRA CINNA i3 NCFTA TRMA DFF Many CSPs reported being a member of more than one organization

15 How many fraud incidents does your department handle per month? < 50, 22.5% Estimated Monthly Case Volumes 51 to 100, 16.3% 1,001 +, 25.0% 101 to 500, 28.8% 501 to 1,000, 7.5% 200, , , , , ,000 80,000 60,000 40,000 20,000 Estimated Cases Annually Per Region - Asia Central and South America Western Europe Africa On average, fraud departments reported 117% more cases per month since The majority of these cases were reported by North American and Western European CSPs. 54,569 13,642 13, , ,812 68,211 South Pacific North America Eastern Europe Middle East 54,569 40,927

16 How many cases does your department refer to law enforcement per YEAR? 101 +; 11.4% 11 to 100; 34.3% None; 11.4% < 10; 42.9% Since 2011, there was no change in the number of CSPs not referring cases to law enforcement. CSPs that do refer cases reported an 11% increase.

17 Why do you think cases are not reported to law enforcement? 20.0% 18.0% 16.0% 14.0% 12.0% 10.0% 13.6% 18.2% 12.1% 18.2% 13.6% 19.7% Debt recovery pursued through civil means No faith in the judicial system to administer the right punishment to deter others No perceived value to the business Not referred due to lack of evidence 8.0% 6.0% 4.0% 2.0% 4.5% Perceived lack of interest by law enforcement to take the case Perceived lack of understanding by law enforcement to pursue the case Lack of resources 0.0% CSPs reported an increase in faith and confidence in law enforcement to pursue cases. However, many reported continued resource constraints in this area.

18 What do you view as the top 5 fraud methods GLOBALLY? 0% 2% 4% 6% 8% 10% 12% 14% Roaming Fraud 13% Wholesale Fraud 11% Premium Rate Service 10% Cable or Satellite 8% Hardware Reselling 6%

19 What do you view as the top 5 fraud types GLOBALLY? 0% 5% 10% 15% 20% International Revenue Share Fraud (IRSF) 16% Roaming Fraud 11% Premium Rate Service 10% Interconnect Bypass (e.g. SIM box) 9% Payment Fraud 7% In 2011, the top 5 fraud types were: PBX/VM Fraud, International Revenue Share Fraud, Subscription Fraud, Bypass Fraud and Roaming Fraud.

20 What do you view as the top 5 fraud methods at YOUR COMPANY? 0% 2% 4% 6% 8% 10% 12% Subscription Fraud 11% PBX Hacking 10% Account Takeover / Identity Take Over 8% VoIP Hacking 8% Dealer Fraud 7%

21 What do you view as the top 5 fraud types at YOUR COMPANY? 0% 2% 4% 6% 8% 10% 12% 14% Roaming Fraud 13% Wholesale Fraud 11% Premium Rate Service 10% Cable or Satellite 8% Hardware Reselling 6% In 2011, the top 5 fraud types were: PBX/VM Fraud, Subscription Fraud, International Revenue Share Fraud, Bypass Fraud and Credit Card Fraud.

22 What do you view as the top 5 EMERGING fraud methods GLOBALLY? 0% 2% 4% 6% 8% 10% 12% 14% PBX Hacking 12% Subscription Fraud 10% VoIP Hacking 10% Dealer Fraud 7% Account Takeover / Identity Take Over 6%

23 What do you view as the top 5 EMERGING fraud types GLOBALLY? % of Total Responses 0% 2% 4% 6% 8% 10% 12% 14% International Revenue Share Fraud (IRSF) 14% Roaming Fraud 10% Interconnect Bypass (e.g. SIM box) 9% Premium Rate Service 8% Domestic Revenue Share (DRSF) 8% In 2011, the top 5 fraud types were: PBX/VM Fraud, International Revenue Share Fraud, Bypass Fraud, Arbitrage and Subscription Fraud.

24 Fraud Methods in YOUR COMPANY 0% 2% 4% 6% 8% 10% 12% Subscription Fraud PBX Hacking Account Takeover / Identity Take Over VoIP Hacking Dealer Fraud Abuse of Service Terms & Conditions Abuse of network, device or configuration weakness- Social Engineering Stolen Credit Cards & Returned or Counterfeit Checks Voic Hacking Wangiri Pre-Paid Equipment & Services Phishing / Pharming (e.g. internet fraud) SMS Faking or Spoofing Network/IT Abuse (e.g. Internal fraud/employee theft) Unauthorized abuse of access (e.g. Customer Care System) Brand Name / Logo Abuse Clip-on Fraud Signalling Manipulation Mobile Malware Proxy Fraud SIM Cloning 4% 4% 4% 4% 4% 4% 3% 3% 3% 2% 2% 2% 2% 2% 1% 6% 5% 8% 8% 7% 10% 11%

25 Fraud Types in YOUR COMPANY 0% 2% 4% 6% 8% 10% 12% 14% Roaming Fraud Wholesale Fraud Premium Rate Service Cable or Satellite Hardware Reselling Service Reselling (e.g: Call Sell) IMEI Reprogramming Arbitrage Theft / Compromise of data (e.g. logins) Interconnect Bypass (e.g. SIM box) International Revenue Share Fraud (IRSF) Payment Fraud Theft of Content Denial of Service (DoS) and Distributed Denial of Service (DDoS) Theft / Stolen Goods Commissions Fraud Private Use Domestic Revenue Share (DRSF) Spamming 2% 2% 3% 3% 3% 3% 5% 5% 4% 4% 4% 4% 6% 6% 6% 8% 10% 11% 13%

26 % of Responses 2013 Survey Top 10 Countries That ORIGINATE Fraudulent Calls: 8% 7% 6% 7% 5% 4% 3% 4% 4% 3% 3% 3% 3% 3% 3% 2% 2% 1% 0% The top 3 countries remained unchanged from 2011.

27 % of Responses 2013 Survey Top 10 Countries Where Fraud TERMINATES: 10% 10% 9% 8% 8% 7% 6% 7% 6% 6% 5% 4% 3% 2% 1% 4% 4% 4% 4% 4% 0% Latvia Gambia Somalia Sierra Leone Guinea Cuba East Timor Lithuania Taiwan United Kingdom Cuba was the top response in 2011, showing a shift from Call Sell fraud to IRSF fraud

28 % of Responses 2013 Survey Over the past 12 months, do you think GLOBAL fraud losses have trended up, trended down, or stayed the same? 80.0% 70.0% 60.0% 59.0% 65.2% 70.5% 50.0% 40.0% 30.0% 20.0% 10.0% 0.0% 47.2% 37.4% 32.6% 20.5% 20.5% 23.0% 15.4% 6.6% 2.2% Trended UP Trended DOWN Stayed the SAME

29 % of Responses 2013 Survey Over the past 12 months, has fraud IN YOUR COMPANY trended up, trended down, or stayed the same? 70.0% 64.4% 60.0% 52.5% 50.0% 43.1% 40.0% 39.3% 40.0% 35.4% 35.0% 30.0% 20.0% 10.0% 25.0% 21.5% 11.1% 8.2% 24.4% 0.0% Trended UP Trended DOWN Stayed the SAME Note: In % of CSPs reported fraud had increased or stayed the same.

30 % of Responses 2013 Survey What percentage of bad debt is a result of fraud in YOUR COMPANY? 70.0% 63.8% 60.0% 50.0% 40.0% 30.0% 20.0% 22.4% 10.0% 0.0% 6.9% 5.2% 0.0% 1.7% < 10% 10-20% 21-30% 31-40% 41-50% > 50% In 2013 some CSPs reported >50% bad debt related to fraud

31 % of Responses 2013 Survey What percentage of the total GLOBAL telecom revenue base do you think is fraud? 30% 25% 26.3% 20% 15% 10% 12.3% 15.8% 17.5% 8.8% 10.5% 8.8% 5% 0% < 1% 1-2% 2-3% 3-4% 4-5% 5-10% > 10% In % believed fraud losses were 4-5%, 13% believed they were 5-10%, and 0% believed they were more than 10%.

32 % of Responses 2013 Survey What percentage of YOUR COMPANY S revenue base do you think is fraud? 50% 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% 45.6% 24.6% 12.3% 1.8% < 1% 1-2% 2-3% 3-4% 4-5% 5-10% > 10% In % believed fraud losses were 4-5%, 5% believed they were 5-10%, and 0% believed they were more than 10%. 3.5% 10.5% 1.8%

33 % of Responses 2013 Survey Comparison Between 2008, 2011 and % 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% Survey Results in YOUR COMPANY 23% 46% 46% 15% 25% 23% 13% 12% 11% 12% 2% < 1% 1-2% 2-3% 3-4% 4-5% 5-10% > 10% % 10% 14% 4% 27% 5% 11% 0% 0% 2%

34 % of Responses 2013 Survey Of the global telecom revenue base, what percentage do you think is fraud in YOUR COMPANY? 16% 14% 12% 10% 8% 6% 4% 2% 0% Asia South Pacific Fraud Losses by Region Central and South America North America Western Europe Eastern Europe < 1% 1-2% 2-3% 3-4% 4-5% 5-10% > 10% Africa Middle East

35 % of Responses 2013 Global Fraud Loss Estimate Of the global telecom revenue base, what percentage do you think is fraud? 18% 16% 14% 12% 10% 8% 6% 4% 2% Fraud Losses by Size 0% < 1% 1-2% 2-3% 3-4% 4-5% 5-10% > 10% <1,000,000 1,000,001 to 10,000,000 10,000,001 to 50,000,000 25,000,001 to 50,000,000 50,000,001 + Wholesale Only (no end user subscribers) CSPs with 1-10M subscribers reported the most fraud losses. In 2011 CSPs with 50M+ subscribers reported 34% fewer fraud losses.

36 Of the global telecom revenue base, what percentage do you think is fraud?* Fraud Loss as a % of Revenue <1,000,000 Fraud Losses by # of Subscribers 1,000,001 to 10,000,000 10,000,001 to 50,000,000 25,000,001 to 50,000,000 50,000,001+ Wholesale % Total Responses Adjusted Weights < 1% 9.34% 15.38% 8.24% 6.59% 3.85% 2.20% 45.60% 70.0% 1-2% 5.04% 8.30% 4.45% 3.56% 2.07% 1.19% 24.60% 23.3% 2-3% 2.52% 4.15% 2.22% 1.78% 1.04% 0.59% 12.30% 14.0% 3-4% 0.37% 0.61% 0.33% 0.26% 0.15% 0.09% 1.80% 9.7% 4-5% 0.72% 1.18% 0.63% 0.51% 0.30% 0.17% 3.50% 7.8% 5%-10% 2.15% 3.54% 1.90% 1.52% 0.89% 0.51% 10.50% 4.7% > 10% 0.37% 0.61% 0.33% 0.26% 0.15% 0.09% 1.80% 3.4% *Note: Percentages taken from losses reported by the CSPs occurring in their own companies.

37 2013 Estimated Global Telecom Revenues*: $2.214 Trillion (USD) 2013 Estimated Global Loss: $46.3 Billion (USD), or 2.09% Notes: Loss Calculation: ((CSP Size x % by Group) x Group Midpoint)/100) x Global Telecom Revenues Fraud loss weights based on CSP size helps avoid bias created when small and large CSP responses are combined. *Source: The Insight Research Corporation (Estimate for 2013)

38 Comparison to Previous Surveys Estimated Global Revenues Estimated Global Fraud Loss % Var $1.2 Trillion $1.7 Trillion $2.1 Trillion $2.2 Trillion +3.7% (USD) (USD) (USD) (USD) $61.3 Billion (USD) $60.1 Billion (USD) $40.1 Billion (USD) $46.3 Billion (USD) +15.4% % Loss* 5.11% 3.54% 1.88% 2.09% +0.21% $2,500,000 $2,000,000 $1,500,000 $1,000,000 $500,000 $ Est. Global Telecom Revenues Est. Global Fraud Loss In 2013, growth in global revenue outpaced reported fraud losses. However, as a percent of revenue, fraud is growing at a faster rate than in *Note: In 2011 losses were recalculated using a new methodology 6% 5% 4% 3% 2% 1% 0%

39 2013 Global Fraud Loss Estimate 2013 Estimated Fraud Losses by CSP Type (in $ USD Billions) $5.84 ; 12% $2.64 ; 6% $6.35 ; 14% $11.52 ; 25% $7.25 ; 16% $2.86 ; 6% $9.92 ; 21% Pre-paid Mobile Post-paid Mobile Fixed Line Services Cable & Satellite Wholesale Internet Other

40 2013 Global Fraud Loss Estimate 2013 Estimated Fraud Losses by Service Type (in $ USD Billions) $11.80 ; 25% $6.98 ; 15% $8.14 ; 18% $13.46 ; 29% $5.98 ; 13% Voice (Examples: Local, Long Distance, & International) Data (Examples: VoIP & Over-the- Top, other alternate communication services...) Financial (Examples: mobile purchase & ecommerce) Content (Examples: IPTV, Advertising, etc.) Machine-to-Machine (Examples: Smart Meters, Cars, Sensors...)

41 2013 Estimated Fraud Losses by Method (in $ USD Billions) Account Takeover / Identity Take Over; $3.6 VoIP Hacking; $3.6 Dealer Fraud; $3.3 Abuse of Service Terms & Conditions; $2.7 PBX Hacking; $4.4 Abuse of network, device or configuration weakness; $2.5 Social Engineering; $2.0 Subscription Fraud; $5.2 Wangiri; $2.0 Stolen Credit Cards & Returned or Counterfeit Checks; $2.0 SIM Cloning; $0.5 Proxy Fraud; $0.8 Mobile Malware; $0.8 Signalling Manipulation; $0.9 Clip-on Fraud; $0.9 Brand Name / Logo Abuse; $1.1 Unauthorized abuse of access (e.g. Customer Care System); $1.2 SMS Faking or Spoofing; $1.6 Network/IT Abuse (e.g. Internal fraud/employee theft); $1.3 Pre-Paid Equipment & Services; $1.9 Phishing / Pharming (e.g. internet fraud); $1.7 Voic Hacking; $2.0

42 2013 Estimated Fraud Losses by Type (in $ USD Billions) Wholesale Fraud; $5.3 Premium Rate Service; $4.7 Cable or Satellite; $3.5 Hardware Reselling; $3.0 Service Reselling (e.g: Call Sell); $2.8 Roaming Fraud; $6.1 IMEI Reprogramming; $2.6 Arbitrage; $2.2 Spamming; $0.8 Domestic Revenue Share (DRSF); $0.8 Private Use; $1.2 Commissions Fraud; $1.2 Theft / Compromise of data (e.g. logins); $2.2 Theft / Stolen Goods; $1.4 Denial of Service (DoS) and Distributed Denial of Service (DDoS); $1.4 Theft of Content; $1.8 Payment Fraud; $1.8 Interconnect Bypass (e.g. SIM box); $2.0 International Revenue Share Fraud (IRSF); $1.8

43 Estimated Fraud Losses by Method by Size Fraud Method <1,000,000 Abuse of network, device or configuration weakness 1,000,001 to 10,000,000 10,000,001 to 50,000,000 (In Billions $ USD) 25,000,001 to 50,000,000 50,000,001 + Wholesale Only (no end user subs) $0.52 $0.86 $0.46 $0.37 $0.21 $0.12 Abuse of Service Terms & Conditions $0.55 $0.90 $0.48 $0.39 $0.23 $0.13 Account Takeover / Identity Take Over $0.74 $1.22 $0.65 $0.52 $0.30 $0.17 Brand Name / Logo Abuse $0.22 $0.36 $0.19 $0.15 $0.09 $0.05 Clip-on Fraud $0.19 $0.32 $0.17 $0.14 $0.08 $0.05 Dealer Fraud $0.69 $1.13 $0.60 $0.48 $0.28 $0.16 Mobile Malware $0.16 $0.27 $0.15 $0.12 $0.07 $0.04 Network/IT Abuse (e.g. Internal fraud/employee theft) $0.27 $0.45 $0.24 $0.19 $0.11 $0.06 PBX Hacking $0.91 $1.49 $0.80 $0.64 $0.37 $0.21 Phishing / Pharming (e.g. internet fraud) $0.36 $0.59 $0.31 $0.25 $0.15 $0.08 Pre-Paid Equipment & Services $0.38 $0.63 $0.34 $0.27 $0.16 $0.09 Proxy Fraud $0.16 $0.27 $0.15 $0.12 $0.07 $0.04 Signalling Manipulation $0.19 $0.32 $0.17 $0.14 $0.08 $0.05 SIM Cloning $0.11 $0.18 $0.10 $0.08 $0.05 $0.03 SMS Faking or Spoofing $0.33 $0.54 $0.29 $0.23 $0.14 $0.08 Social Engineering $0.41 $0.68 $0.36 $0.29 $0.17 $0.10 Stolen Credit Cards & Returned or Counterfeit Checks $0.41 $0.68 $0.36 $0.29 $0.17 $0.10 Subscription Fraud $1.07 $1.76 $0.94 $0.75 $0.44 $0.25 Unauthorized abuse of access (e.g. Customer Care System) $0.25 $0.41 $0.22 $0.17 $0.10 $0.06 Voic Hacking $0.41 $0.68 $0.36 $0.29 $0.17 $0.10 VoIP Hacking $0.74 $1.22 $0.65 $0.52 $0.30 $0.17 Wangiri $0.41 $0.68 $0.36 $0.29 $0.17 $0.10 Total $9.49 $15.63 $8.37 $6.70 $3.91 $2.23

44 Estimated Fraud Losses by Fraud Type by Size Fraud Type <1,000,000 1,000,001 to 10,000,000 10,000,001 to 50,000,000 (In Billions $ USD) 25,000,001 to 50,000,000 50,000,001 + Wholesale Only (no end user subs) Arbitrage $0.44 $0.73 $0.39 $0.31 $0.18 $0.10 Cable or Satellite $0.73 $1.20 $0.64 $0.51 $0.30 $0.17 Commissions Fraud $0.24 $0.40 $0.21 $0.17 $0.10 $0.06 Denial of Service (DoS) and Distributed Denial of Service (DDoS) $0.28 $0.47 $0.25 $0.20 $0.12 $0.07 Domestic Revenue Share (DRSF) $0.16 $0.27 $0.14 $0.11 $0.07 $0.04 Hardware Reselling $0.61 $1.00 $0.53 $0.43 $0.25 $0.14 IMEI Reprogramming $0.52 $0.86 $0.46 $0.37 $0.22 $0.12 Interconnect Bypass (e.g. SIM box) $0.40 $0.67 $0.36 $0.29 $0.17 $0.10 International Revenue Share Fraud (IRSF) $0.36 $0.60 $0.32 $0.26 $0.15 $0.09 Payment Fraud $0.36 $0.60 $0.32 $0.26 $0.15 $0.09 Premium Rate Service $0.97 $1.60 $0.86 $0.68 $0.40 $0.23 Private Use $0.24 $0.40 $0.21 $0.17 $0.10 $0.06 Roaming Fraud $1.25 $2.06 $1.10 $0.88 $0.52 $0.29 Service Reselling (e.g: Call Sell) $0.57 $0.93 $0.50 $0.40 $0.23 $0.13 Spamming $0.16 $0.27 $0.14 $0.11 $0.07 $0.04 Theft / Compromise of data (e.g. logins) $0.44 $0.73 $0.39 $0.31 $0.18 $0.10 Theft / Stolen Goods $0.28 $0.47 $0.25 $0.20 $0.12 $0.07 Theft of Content $0.36 $0.60 $0.32 $0.26 $0.15 $0.09 Wholesale Fraud $1.09 $1.80 $0.96 $0.77 $0.45 $0.26 Total $9.49 $15.63 $8.37 $6.70 $3.91 $2.23

45 Estimated Fraud Losses by Method by Region Fraud Method Asia South Pacific Central and South America North America Western Europe Eastern Europe Africa Middle East Abuse of network, device or configuration weakness $0.22 $0.06 $0.06 $0.73 $0.81 $0.28 $0.22 $0.17 Abuse of Service Terms & Conditions $0.24 $0.06 $0.06 $0.77 $0.85 $0.29 $0.24 $0.18 Account Takeover / Identity Take Over $0.32 $0.08 $0.08 $1.03 $1.15 $0.40 $0.32 $0.24 Brand Name / Logo Abuse $0.09 $0.02 $0.02 $0.31 $0.34 $0.12 $0.09 $0.07 Clip-on Fraud $0.08 $0.02 $0.02 $0.27 $0.30 $0.10 $0.08 $0.06 Dealer Fraud $0.29 $0.07 $0.07 $0.96 $1.07 $0.37 $0.29 $0.22 Mobile Malware $0.07 $0.02 $0.02 $0.23 $0.26 $0.09 $0.07 $0.05 Network/IT Abuse (e.g. Internal fraud/employee theft) $0.12 $0.03 $0.03 $0.38 $0.43 $0.15 $0.12 $0.09 PBX Hacking $0.39 $0.10 $0.10 $1.26 $1.41 $0.49 $0.39 $0.29 Phishing / Pharming (e.g. internet fraud) $0.15 $0.04 $0.04 $0.50 $0.55 $0.19 $0.15 $0.11 Pre-Paid Equipment & Services $0.16 $0.04 $0.04 $0.54 $0.60 $0.21 $0.16 $0.12 Proxy Fraud $0.07 $0.02 $0.02 $0.23 $0.26 $0.09 $0.07 $0.05 Signalling Manipulation $0.08 $0.02 $0.02 $0.27 $0.30 $0.10 $0.08 $0.06 SIM Cloning $0.05 $0.01 $0.01 $0.15 $0.17 $0.06 $0.05 $0.04 SMS Faking or Spoofing $0.14 $0.04 $0.04 $0.46 $0.51 $0.18 $0.14 $0.11 Social Engineering $0.18 $0.04 $0.04 $0.57 $0.64 $0.22 $0.18 $0.13 Stolen Credit Cards & Returned or Counterfeit Checks $0.18 $0.04 $0.04 $0.57 $0.64 $0.22 $0.18 $0.13 Subscription Fraud $0.46 $0.11 $0.11 $1.49 $1.66 $0.57 $0.46 $0.34 Unauthorized abuse of access (e.g. Customer Care System) $0.11 $0.03 $0.03 $0.34 $0.38 $0.13 $0.11 $0.08 Voic Hacking $0.18 $0.04 $0.04 $0.57 $0.64 $0.22 $0.18 $0.13 VoIP Hacking $0.32 $0.08 $0.08 $1.03 $1.15 $0.40 $0.32 $0.24 Wangiri $0.18 $0.04 $0.04 $0.57 $0.64 $0.22 $0.18 $0.13 Total $4.07 $1.02 $1.02 $13.24 $14.76 $5.09 $4.07 $3.05 (In Billions $ USD)

46 2011 Survey Estimated Fraud Losses by Fraud Type by Region Fraud Type Asia South Pacific Central and South America North America Western Europe Eastern Europe Africa Middle East Arbitrage $0.19 $0.05 $0.05 $0.62 $0.69 $0.24 $0.19 $0.14 Cable or Satellite $0.31 $0.08 $0.08 $1.01 $1.13 $0.39 $0.31 $0.23 Commissions Fraud $0.10 $0.03 $0.03 $0.34 $0.38 $0.13 $0.10 $0.08 Denial of Service (DoS) and Distributed Denial of Service (DDoS) $0.12 $0.03 $0.03 $0.39 $0.44 $0.15 $0.12 $0.09 Domestic Revenue Share (DRSF) $0.07 $0.02 $0.02 $0.23 $0.25 $0.09 $0.07 $0.05 Hardware Reselling $0.26 $0.06 $0.06 $0.84 $0.94 $0.32 $0.26 $0.19 IMEI Reprogramming $0.23 $0.06 $0.06 $0.73 $0.82 $0.28 $0.23 $0.17 Interconnect Bypass (e.g. SIM box) $0.17 $0.04 $0.04 $0.56 $0.63 $0.22 $0.17 $0.13 International Revenue Share Fraud (IRSF) $0.16 $0.04 $0.04 $0.51 $0.57 $0.19 $0.16 $0.12 Payment Fraud $0.16 $0.04 $0.04 $0.51 $0.57 $0.19 $0.16 $0.12 Premium Rate Service $0.42 $0.10 $0.10 $1.35 $1.51 $0.52 $0.42 $0.31 Private Use $0.10 $0.03 $0.03 $0.34 $0.38 $0.13 $0.10 $0.08 Roaming Fraud $0.54 $0.13 $0.13 $1.75 $1.95 $0.67 $0.54 $0.40 Service Reselling (e.g: Call Sell) $0.24 $0.06 $0.06 $0.79 $0.88 $0.30 $0.24 $0.18 Spamming $0.07 $0.02 $0.02 $0.23 $0.25 $0.09 $0.07 $0.05 Theft / Compromise of data (e.g. logins) $0.19 $0.05 $0.05 $0.62 $0.69 $0.24 $0.19 $0.14 Theft / Stolen Goods $0.12 $0.03 $0.03 $0.39 $0.44 $0.15 $0.12 $0.09 Theft of Content $0.16 $0.04 $0.04 $0.51 $0.57 $0.19 $0.16 $0.12 Wholesale Fraud $0.47 $0.12 $0.12 $1.52 $1.70 $0.58 $0.47 $0.35 Total $4.07 $1.02 $1.02 $13.24 $14.76 $5.09 $4.07 $3.05 (In Billions $ USD)

47 Fraud Method Definitions: Fraud Method Description Abuse of network, device or configuration weakness--exploitation of a configuration Exploitation of a configuration weakness to gain access to a network or device weakness to gain access to a network or device Abuse of Service Terms & Conditions Violation of the carrier's service terms and conditions or acceptable use policy Account Takeover / Identity Take Over Brand Name / Logo Abuse Clip-on Fraud Dealer Fraud Mobile Malware Network/IT Abuse (e.g. Internal fraud/employee theft) PBX Hacking Use of identity information (real or synthetic ID theft) to obtain a new account or to gain access to an existing account Acquisition and use of a company's logo without permission Stealing service by attaching wires to another customer's phone equipment All types of fraud conducted by indirect and 3rd party dealers Compromised mobile applications Theft of service or equipment by employees Compromised PBX systems used to make calls Phishing / Pharming (e.g. internet fraud) Pre-Paid Equipment & Services Proxy Fraud Signalling Manipulation SIM Cloning SMS Faking or Spoofing Social Engineering Stolen Credit Cards & Returned or Counterfeit Checks Subscription Fraud Unauthorized abuse of access (e.g. Customer Care System) Voic Hacking VoIP Hacking Wangiri Stealing bandwidth, hacking, phishing, vishing, etc. All types of fraud and abuse involving pre-paid equipment and services Manipulation of the IP address to hide someone's true origination or identity Manipulation of the SIP or SS7 signaling message to hide the true origination or identity of a caller Duplicated SIM card used to charge phone calls back to the original SIM card Manipulation of the ANI to hide the true origination or identity of the caller Manipulation of an employee or customer to unintentionally give out important information All types of fraud involving stolen credit cards, returned or counterfeit checks Use of service with no intent to pay Unauthorized abuse of company's credit and adjustment policy Compromised Voic systems used to make calls Compromised VoIP equipment such as an IP PBX or Modem used to make fraudulent calls Call-back fraud schemes

48 Fraud Type Definitions: Fraud Type Description Arbitrage Exploitation of the differences in rates between different countries Cable or Satellite Commissions Fraud Denial of Service (DoS) and Distributed Denial of Service (DDoS) Domestic Revenue Share (DRSF) Hardware Reselling IMEI Reprogramming Signal theft or retransmission from a cable or satellite provider Schemes used by dealers to collect additional commissions and spiffs An explicit attempt to make a machine or network resource unavailable to the users of a service Abuse of Carrier Interconnect agreements through such things as Traffic Pumping, Switch Access Stimulation, 8yy Dip Pumping & CNAM Revenue pumping schemes Resold handsets or equipment Changing the IMEI of a handset to hide the true origination or identity of a caller Interconnect Bypass (e.g. SIM box) International Revenue Share Fraud (IRSF) Payment Fraud Premium Rate Service Private Use Roaming Fraud Service Reselling (e.g: Call Sell) Spamming Theft / Compromise of data (e.g. logins) Theft / Stolen Goods Theft of Content Wholesale Fraud Unauthorized insertion of traffic onto another carriers network. This includes Interconnect Fraud and GSM Gateway Fraud or SIM Boxing. Artificial inflation of traffic terminating to international revenue share providers Includes items such as charge-backs, returned checks, card holder not present, etc. Artificial inflation of traffic terminating to premium service providers Use of a service neither directly nor indirectly paid for without rendering some kind of financial compensation All types of fraud and abuse involving roaming Resale of stolen phone service to other people Use of electronic messaging systems to send unsolicited bulk messages Includes such things as the acquisition of personal information or intellectual property Equipment Theft Stealing content such as ringtones, games, or applications Exploitation of wholesale interconnect agreements

49 About Communications Fraud Communications fraud is the use of telecommunications products or services with no intention of payment. Fraud negatively impacts everyone, including residential and commercial customers. The losses increase the communications carriers operating costs. Although communications operators have increased measures to minimize fraud and reduce their losses, criminals continue to abuse communications networks and services. Therefore, communications operators tend to keep their actual loss figures and their plans for corrective measures confidential. Due to the sensitive nature of this topic, CFCA used a confidential opinion survey of global communications operators to support the global fraud loss study.

50 About CFCA CFCA is a not-for-profit global educational association that is working to combat communications fraud. The mission of the CFCA is to be the premier international association for revenue assurance, loss prevention and fraud control through education and information. By promoting a close association among telecommunications fraud security personnel, CFCA serves as a forum and clearinghouse of information pertaining to the fraudulent use of communications services. For more information, visit CFCA at

51 Communications Fraud Control Association 4 Becker Farm Road 4 th Floor PO BOX 954 Roseland, NJ Phone Fax fraud@cfca.org website Roberta Aronoff Executive Director