As operators transition from their established roles as connectivity providers to take advantage of the world of digital services, the door is also being opened to a range of new threats.
Much of the focus is on challenges related to privacy. As was noted at the GSMA’s Mobile 360 Privacy & Security event last week, in order to provide customers with the services they want, operators amass huge amounts of personal data, which is likely to prove appealing to governments and hackers alike.
But it is not only privacy which is a central issue in the digital world. As more and more devices are connected to the network, and the range of services available balloons, the opportunities for fraudsters are also transformed, creating threats which operators will have to deal with.
It’s not just the evolving technology landscape which poses challenges. Changes to EU roaming regulations will also lead to the introduction of new tariffs for both European and out-of-region traffic, and one can be sure that fraudsters will be looking for ways to exploit any loopholes.
At the WeDo Technologies Worldwide User Group & Summit last week, there was a clear call for collaboration to tackle this. As Chris Walters, board director of industry group CFCA, said: “Our companies may compete, but our fraud teams have to work together.”
Last year, CFCA estimated communication industry fraud losses of $38.1 billion, down 18 per cent over a two year period, which was attributed to “an increase in collaboration and coordination among carriers” in identifying and stopping fraud.
Raul Azevedo, product development director at WeDo, said that fraudsters don’t limit their attention to single operators, and therefore a single-operator approach to tackling fraud is not effective.
“Usually what they do is knock someone’s door, and if they detect a flaw, either in the service offer or systems, they attack. And if it works, they will go to another operator, or another country, and try the same approach to get the maximum out of those vulnerabilities,” he noted.
But there are reasons why an operator may want to keep an attack under its hat. Firstly, owning up to an attack means revealing your own vulnerabilities, admitting that you have been a target. And secondly, helping a competitor avoid fraud takes some degree of largesse – and a criminal busy elsewhere is less of a threat.
“Some operators are prepared to do that, and they are doing that within existing forums. But they are a minority – and it is probably the same minority that is suffering from these new challenges. Because of that they are more open, they see more value from these types of synergies,” Azevedo said.
“The large majority likes to get the information, and not contribute. And this works best if everyone contributes,” he continued.
WeDo is keen to position its User Group as a way to bring the industry together to collaborate, and unsurprisingly it sees this extending into the fraud arena. “For us as a vendor, creating a community and a loyal customer base is a good thing,” he said.
While it is looking to drive collaboration among its customer base first, “the final vision is to open this to others, because the value is in the collaboration”.
Certainly to begin with there are benefits for sharing information across operating companies within the same group, where there are fewer issues related to making sensitive information available to a wider community, “but the maximum value comes when you do that on a larger scale”.
And one way of addressing this is likely to be enabling certified operators to opt-in and submit data on an anonymous basis.
The analogy used was with the antivirus market, where software definitions can be updated seamlessly, although with regard to fraud protection it is “more complex due to the business specifics each operator has”.
“You are not concerned when your antivirus is updated, it’s zero effort. And you don’t know who the first victim of the attack was. That use case could be a good example for us to follow,” Azevedo said.
Noting that the concept of collaboration is not new, and that discussions have taken place for some time, it is “better to do it now, creating the conditions, talking about the best way to organise this, to set up the systems to support this.”
“By entering digital services, by having communications through IP, the number of threats will increase, aligned with the trends in cybercrime,” Azevedo warned.
The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.