Sophisticated Fraud Rings Target Wireless Carriers

Wireless carriers are under attack by groups of fraudsters, who are using stolen identities to buy large numbers of phones, and then selling them quickly through online sites or overseas. And thanks to customer authentication processes that are less than airtight, they’re getting away with it.

ID Analytics has uncovered the existence of these fraud rings, which all have a standard MO: each obtains a batch of stolen data— perhaps the name, address, date of birth and Social Security numbers of hundreds of people. Then, they use this information to place orders in person and online for new cellular service.

“When thieves breach a major source of consumer data, such as a healthcare company or a retail chain, they often separate the stolen personal information into batches and sell them to the highest bidders,” explained Stephen Coggeshall, chief analytics and science officer at ID Analytics, in a blog. “In the wireless industry, where a customer might pick up a device worth hundreds of dollars and agree to pay for it later, the problem of identity theft increases the risk of significant losses. That risk also extends to the consumer whose stolen identity is used to acquire a phone.”

The perpetrators will often use the correct name and Social Security number, which might be enough to get a transaction approved, with a new address or series of addresses, especially if the phone is to be delivered by mail. Sometimes though, the dates of birth or other information may be incorrect, because it wasn’t included in the purloined data.

When there’s an unusual volume of a particular kind of suspicious transaction in one location, it suggests perhaps there’s a more sophisticated fraud ring at work.

“The first transactions might not appear suspicious,” Coggeshall said. “The idea that someone would move … and open new cell-phone accounts for their family isn’t unusual. But when there’s a pattern of inconsistency in the data, such as the same person applying multiple times with different addresses or dates of birth, or one person buying phones in the same day from multiple vendors, the data starts to tell a story.”

In one theft pattern detected by ID Analytics’ researchers, the identities of a number of people who had lived in Texas for years were used to buy phones in Philadelphia. It started with a slow trickle at first, with one identity used to apply for several dozen phones over a three-month period, perhaps to test the scheme. Then the activity picked up, with multiple people using multiple identities. In all, the ring applied for more than 300 fraudulent phone accounts over a nine-month period.

The patterns in the data leapt out: addresses that were thousands of miles away from where those people had historically made purchases. In this case, it was a series of addresses in Philadelphia, often on the same street but with different street numbers.

“For wireless carriers, being able to open new accounts in minutes is essential,” Coggeshall said. “Fraud prevention measures can add time, cost and hassle to the process, resulting in customer abandonment. But the carrier needs to verify the customer’s identity. This can be done in a variety of ways, from contacting the individual through multiple channels prior to approval, to more secure and advanced measures, like real-time authentication.”

What’s Hot on Infosecurity Magazine?