Summary Bullets:
- A new survey by the Communications Fraud Control Association (CFCA) shows communications fraud remains a significant cost to network operators despite steady improvement over the past ten years.
- A small but growing number of operators have begun implementing machine learning and artificial intelligence as crucial components of their fraud management systems, but most operators have not.
A new survey by the Communications Fraud Control Association (CFCA) shows both good news and bad news in network operators’ efforts to control communications fraud. Communications fraud happens whenever a person or group uses communications services with no intention of payment. In order not to encourage even more fraud, operators like Vodafone and AT&T are understandably reticent when it comes to revealing how their own fraud prevention mechanisms and procedures stack up against competitors. However, these operators are more forthcoming in anonymously responding to the annual survey by the CFCA, which represents operators, security and risk management vendors, and law enforcement authorities.
The good news: total revenue lost to communications fraud last year was $28.3 billion, less than half of losses suffered at “peak fraud” in the late 2000s. The bad news: the rate of decline has slowed significantly, an indication that remaining fraud is extremely hard to root out. Making matters worse, the relative flattening out of fraud losses is happening at a time when overall telecoms revenue continues to decline rapidly. As a result, fraud accounted for 1.74% of total operator revenues, compared to just 1.27% of total revenue in 2017.
And what this year’s results reveal, in part, is a sense of resignation on the part of operator security teams. For example:
- “Lack of perceived interest or understanding by law enforcement” continues to be the leading reason for not reporting cases to law enforcement, with 41% of respondents saying they have no faith in the judicial system to administer the right punishment to deter others;
- 43% of respondents indicated their company reports fewer than ten cases to law enforcement annually;
- 10% of respondents reported they have stopped reporting potential violations of law to the proper authorities; as a result, 7% fewer cases were reported to law enforcement last year than in 2017.
As operators increasingly conclude they must look inward in order to address communications fraud, a growing number of them are getting more sophisticated in adopting rules and tools to help identify fraud and mitigate the damage from attacks. Rules-based fraud management systems continue to be the dominant approach by far – utilized by 70% of respondents to the CFCA survey. However, there are signs of progress, as 6% of respondents indicated they have begun implementing machine learning and artificial intelligence as crucial components of their fraud management systems.
Unfortunately, that still represents a small portion of respondents, especially when compared to the 15% of respondents who indicated their fraud management systems were entirely manual. Depending on whether you’re an optimist or a pessimist, that finding represents a major opportunity to continue to cut down on telecoms fraud – or a clear signal that fraudsters will have lots of addressable opportunities for the foreseeable future.