2017 Global Fraud Loss Survey

2017 CFCA Survey –

Respondents

2
2017 Survey
In which region are you located?
35.0% 34.2%

30.0%

25.0%

20.0%
15.2%
15.0% 12.7%
8.9% 8.9%
10.0% 7.6%
6.3% 6.3%
5.0%

0.0%
Asia South Central North Western Eastern Africa Middle
Pacific and America Europe Europe & East
South Russia
America
Note: Local, Regional, National and International CSPs participated in the survey

3
2017 Survey
How many subscribers does your company have?
Wholesale Only (no
50,000,001 + end user subscribers)
17.39% 4.35%
25,000,001 to
50,000,000
15.22% <10,000
8.70%

10,000,001 to 10,001 to 1,000,000

25,000,000 10.87%
10.87%

1,000,001 to
10,000,000
32.61%

4
 2017 Survey
What functions apply to your current role and
responsibilities?
Internal Fraud Investigation 38.8%
Vendor/Consultant 2.0%
Law Enforcement 12.2%
Security/Network 16.3%
Legal/Regulatory 14.3%
Finance/Billing/Revenue Assurance 36.7%
Customer Service 18.4%
Fraud Detection 89.8%
End User 2.0%
Security/Physical 8.2%
Operations 20.4%
Sales/Marketing 8.2%
Fraud Investigation 81.6%
Systems Administrator 10.2%
0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0%

Compared to 2015, 5% more time is going to detecting fraud and 14% more time is going to
Customer Care, Billing and Revenue Assurance functions.

5
 2017 Survey
Where is your fraud department situated?
Security 25.58%

Risk Management 9.30%

Operations 9.30%

IT 2.33%

Finance 46.51%

Customer Care 6.98%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

Compared to 2015, departments under Finance shrank by >10% (57% in 2015). However,
Customer Care, Operations and Security each grew by approx. 4%. Some Fraud departments
also reported moving to Revenue Assurance, Collections, Business Intelligence.

6
2017 CFCA Survey –
General Fraud Trends

7
2017 Survey
Direct revenue impacts to CSPs is shifting into
other areas. CSP services are being used to
perpetrate fraud across other industries. 23.3%
% Revenue Loss
4.0%

3.5%
%
3.0% 2017
Var
2.5%
Estimated $2.30
+2.2
2.0% Global Trillion
%
1.5%
Revenues (USD)
Estimated $29.2
1.0% -
Global Fraud Billion
23.3%
0.5% Loss (USD)
0.0% % Loss* 1.27% -0.4%
2008 2011 2013 2015 2017

8
2017 Survey
Global Fraud Loss Estimate:
 $29.2 Billion (USD) annually
 1.27% of global telecom revenues
The 23.2% decrease from 2015 is attributed to several factors
including:
 Increased collaboration and coordination between
carriers within the industry and with law enforcement
 Cessation of casual dialing on major US carrier networks
 Continued migration of cost base from TDM to VoIP
networks which have lower tariffed rates
 Increased focus on cybersecurity issues, which are
harder to associate with revenue losses

For more information please visit: www.cfca.org/fraudlosssurvey/

9
 2017 Survey
How many fraud incidents does your department
handle per month?
Average Total Average # Incidents
# Subscribers Department Size per Month
<10,000 6 51 to 100
10,001 to 1,000,000 9 51 to 100
1,000,001 to 10,000,000 10 101 to 500
10,000,001 to 50,000,000 21 501 to1,000
50,000,001+ 81 1001+
Wholesale Only
6 101 to 500
(no end user subs)

On average the # incidents per month have decreased by 10%.

However, this masks the fact that the number of attempted
frauds has increased significantly since 2015.
10
2017 Survey
Top Fraud Methods:
 $2.03 B – Subscription Fraud (Identity)
 $1.94 B – PBX Hacking Fraud Method – is
 $1.94 B – IP PBX Hacking
 $1.93 B – Subscription Fraud (Application) how they access
 $1.75 B – Subscription Fraud (Credit Muling/Proxy) the network or
 $1.66 B – Abuse of Service Terms & Conditions service to enable
 $1.66 B – Account Take Over revenue gain from
 $1.47 B – Internal Fraud / Employee Theft
 $1.38 B – Phishing / Pharming the attack
 $1.38 B – Payment Fraud

Top Fraud Types: Fraud Type – is

 $6.10 B – International Revenue Share Fraud how they use the
(IRSF) service or network
 $4.27 B – Interconnect Bypass (e.g. SIM Box) to generate
 $3.26 B – Arbitrage
 $3.02 B – Theft / Stolen Goods revenue from the
 $2.39 B – Premium Rate Service attack
 $2.10 B – Device / Hardware Reselling
 $1.35 B – Domestic Revenue Share (DRSF)
 $1.30 B – Wholesale Fraud
 $1.27 B – Friendly Fraud
 $1.03 B – Private Use
11
For more information please visit: www.cfca.org/fraudlosssurvey/
2017 Survey
What do you view as the top 5 fraud methods
GLOBALLY? 0% 2%
Total
4% 6% 8%
% of Responses
10%

PBX Hacking

IP PBX Hacking

Subscription Fraud (Application)

Account Takeover

Subscription Fraud (Credit Muling/Proxy)

Abuse of Service Terms and Conditions

Phishing / Pharming

Subscription Fraud (Identify)

Payment Fraud

Abuse of network, device or configuration weakness

In 2015, the top five were: PBX Hacking, IP PBX Hacking, Subscription Fraud
(Application), Internal Fraud/Employee Theft, and Subscription Fraud (Identity)

12
 2017 Survey
What do you view as the top 5 fraud methods
at YOUR COMPANY? 0.0% 1.0% 2.0% 3.0% 4.0% 5.0% 6.0% 7.0%

Subscription Fraud (Identity)

PBX Hacking

IP PBX Hacking

Subscription Fraud (Application)

Subscription Fraud (Credit Muling/Proxy)

Abuse of Service Terms and Conditions

Account Takeover

Internal Fraud / Employee Theft

Phishing / Pharming

Payment Fraud

In 2015, the top five fraud methods were PBX Hacking, IP PBX Hacking,
Subscription Fraud (Application), Dealer Fraud and Subscription Fraud (Identity)

13
 2017 Survey
2017 Estimated Fraud Losses by Method
Abuse of network, device (in $ USD Billions)
or configuration
weakness; $1.3 Spoofing (IP or Dealer Fraud; $1.1 Social Engineering; $1.0
CLI/ANI); $1.3 Signalling
Payment Fraud; $1.4
Wangiri (Call Back Manipulation;
Schemes); $1.0 $0.8
Phishing / Pharming; $1.4
Robocalling; $0.9
Internal Fraud / Employee
Brand Name /
Theft; $1.5
Logo Abuse;
$0.6
Mobile
Account Takeover; $1.7 Malware; $0.6
Pre-Paid
Equipment &
Services; $0.6

SMS Faking or
Spoofing; $0.6
Abuse of Service Voicemail Hacking
Terms and (Not associated with
Conditions; $1.7 PBX Hacking); $0.6

Subscription Fraud (Credit Clip-on Fraud;

Muling/Proxy); $1.8 $0.5 IMEI
Reprogramming;
$0.6
Subscription Fraud
(Application); $1.9 SIM Cloning; $0.4
IP PBX Hacking; $1.9 Subscription Fraud
PBX Hacking; $1.9
(Identify); $2.0

14
 2017 Survey
What do you view as the top 5 fraud types at
YOUR COMPANY?
(In-Network) 0.0% 5.0% 10.0% 15.0% 20.0% (Roaming) 0.0% 10.0% 20.0% 30.0%

International Revenue International Revenue

Share Fraud (IRSF) Share Fraud (IRSF)

Interconnect Bypass Interconnect Bypass

(e.g. SIM box) (e.g. SIM box)

Arbitrage
Arbitrage

Theft / Stolen Goods

Premium Rate Service

Premium Rate Service

Theft / Stolen Goods

In 2015, the top fraud types were: IRSF, Interconnect Bypass, Arbitrage, Premium
Rate Service, Device/Hardware Reselling and Theft/Stolen Goods

15
 2017 Survey
(Combined) 2017 Estimated Fraud Losses by Type
(in $ USD Billions)
Denial of Service (DoS) Interconnect Bypass Premium Rate
and Distributed Denial of Theft of Arbitrage; $0.6
(e.g. SIM box); $0.7 Service; $1.0
Service (DDoS); $0.2 Content;
$1.3 Arbitrage; $3.3 Theft / Stolen Goods;
Theft / Compromise
of data (e.g. logins); $1.4
$3.0 Device / Hardware
Reselling; $2.0
Private Use; $0.2
Cable or Satellite;
Domestic
$0.5
Revenue Share
Service (DRSF); $1.3
Reselling (e.g: Friendly Fraud; $2.4
Call Sell); $1.0 Wholesale Fraud; $4.3

Commissions Fraud; $6.1

16
2017 CFCA Survey –
Fraud Locations

17
 2017 Survey
Top 10 Countries That ORIGINATE Fraudulent Calls:
6%

5%

4%

3%

2%

1%

0%

In 2015, the top 3 countries were United States, Pakistan and Spain.

18
2017 Survey
Top 10 Countries Where Fraud TERMINATES:
8% 8%

7%

6%

5% 5%
4% 4% 4%
4% 3%
3% 3% 3%
3% 3%

2%

1%

0%

In 2015, the top 3 countries were Cuba, Somalia and Bosnia & Herzegovina

19
2017 CFCA Survey –
Company Losses

20
 2017 Survey
What percentage of the total GLOBAL telecom
revenue base do you think is fraud?
30%

25%
22.0%
% Total Responses

19.5%
20%
17.1% 17.1%

15%
9.8% 9.8%
10%
4.9%
5%

0%
< 1% 1-2% 2-3% 3-4% 4-5% 5-10% > 10%
2013 12.3% 26.3% 15.8% 17.5% 8.8% 10.5% 8.8%
2015 18.9% 16.2% 21.6% 16.2% 13.5% 10.8% 2.7%
2017 17.1% 17.1% 22.0% 19.5% 9.8% 4.9% 9.8%

In 2013, a majority of CSPs believed fraud losses were between 1-2%. In 2015
and 2017, the consensus shifted to between 2-3%.

21
2017 Survey
Comparison Between 2011-2017 Survey
Results in YOUR COMPANY
70.0%
62%
60.0%

50.0%

40.0%

30.0%
21%
20.0%
8% 8%
10.0%
3%
0% 0%
0.0%
< 1% 1-2% 2-3% 3-4% 4-5% 5-10% > 10%

2013 2015 2017

Since 2013 CSPs have report fewer fraud losses per year. In 2015, 60% of
CSPs reported losses less than 2%. In 2017, 82% reported losses less than 2%.

22
Communications Fraud Control Association
4 Becker Farm Road 4th Floor
PO BOX 954
Roseland, NJ 07068

+1 973 871 4032 Phone

+1 973 871 4075 Fax

fraud@cfca.org email
www.cfca.org website

Roberta Aronoff – Executive Director

Jacob Howell – Board of Directors, Survey Chairman

23
About Communications Fraud
Communications fraud is the use of telecommunications products
or services with no intention of payment. Fraud negatively impacts
everyone, including residential and commercial customers. The
losses increase the communications carriers’ operating costs.
Although communications operators have increased measures to
minimize fraud and reduce their losses, criminals continue to
abuse communications networks and services. Therefore,
communications operators tend to keep their actual loss figures
and their plans for corrective measures confidential. Due to the
sensitive nature of this topic, CFCA used a confidential opinion
survey of global communications operators to support the global
fraud loss study.

24
About CFCA
CFCA is a not-for-profit global educational association that is
working to combat communications fraud. The mission of the
CFCA is to be the premier international association for revenue
assurance, loss prevention and fraud control through education
and information. By promoting a close association among
telecommunications fraud security personnel, CFCA serves as a
forum and clearinghouse of information pertaining to the
fraudulent use of communications services. For more
information, visit CFCA at www.CFCA.org.

25
Thank You

26
 2017 Survey
Fraud Method Definitions:
Fraud Method Description
Abuse of network, device or configurationExploitation of a configuration weakness to gain access to a network or device; Includes VoIP equipment such
weakness as a modem or router.
Abuse of Service Terms and Conditions Violation of the carrier's service terms and conditions or acceptable use policy.
Account Takeover Manipulation and utilization of existing customer account in order to gain devices or service
Brand Name / Logo Abuse Acquisition and use of a company's logo without permission
Clip-on Fraud Stealing service by attaching wires to another customer's phone equipment
Dealer Fraud All types of fraud conducted by indirect and 3rd party dealers
IMEI Reprogramming Changing the IMEI of a handset to hide the true origination or identity of a caller
Internal Fraud / Employee Theft Theft of service or equipment by employees; Also includes abuse of company's credit and adjustment policy
Mobile Malware Compromised Mobile Applications
PBX Hacking Compromised PBX systems used to make calls
IP PBX Hacking Compromised IP PBX used to make fraudulent calls
Phishing / Pharming Theft of personal info or credentials via hacking, phishing, vishing, etc…
Pre-Paid Equipment & Services All types of fraud and abuse involving pre-paid equipment and services
Robocalling Use of computerized auto-dialers to deliver pre-recorded messages to perpetrate fraud.
Signalling Manipulation Manipulation of the SIP or SS7 signaling message to hide the true origination or identity of a caller
SIM Cloning Duplicated SIM card used to charge phone calls back to the original SIM card
SMS Faking or Spoofing Manipulation of the ANI to hide the true origination or identity of SMS or MMS
Social Engineering Manipulation of an employee or customer to unintentionally give out important information
Spoofing (IP or CLI/ANI) Manipulation of the IP address/CLI/ANI to hide someone's true origination or identity
Subscription Fraud (Application) Creation of false details to gain access to goods and services with no intention to pay
Utilization of real identity details (with authorisation for payment) to obtain goods and services with no
Subscription Fraud (Credit Muling/Proxy)
intention to pay
Utilization of a real identify without the owners knowledge to obtain goods and services with no intention to
Subscription Fraud (Identify)
pay
Voicemail Hacking (Not associated with
Compromised voicemail system used to make calls
PBX Hacking)
Wangiri (Call Back Schemes) Call back fraud schemes
Payment Fraud Utilization of stolen credit cards, debit cards or counterfeit checks in order to obtain service
27
 2017 Survey
Fraud Type Definitions:
Fraud Type Description
Arbitrage Exploitation of the differences in rates between different countries
Cable or Satellite Signal theft or retransmission from a cable or satellite provider
Commissions Fraud Schemes used by dealers to collect additional commissions and spiffs
Denial of Service (DoS) and
Distributed Denial of Service An explicit attempt to make a machine or network resource unavailable to the users of a service
(DDoS)
Domestic Revenue Share Abuse of Carrier Interconnect agreements through such things as Traffic Pumping, Switch Access Stimulation, 8yy
(DRSF) Dip Pumping and CNAM Revenue pumping schemes
Device / Hardware Reselling Resold equipment such as handsets, tablets, IPTV devices, routers…

Friendly Fraud Utilization of Charge Backs, Returned Checks, Card Holder Not Present, etc… to perpetuate services

Interconnect Bypass (e.g. SIM Unauthorized insertion of traffic onto another carrier’s network. This includes Interconnect Fraud and GSM
box) Gateway Fraud or SIM Boxing.
International Revenue Share
Artificial inflation of traffic terminating to international revenue share providers
Fraud (IRSF)
Premium Rate Service Artificial inflation of traffic terminating to premium service providers
Private Use Use of a service neither directly nor indirectly paid for without rendering some kind of financial compensation
Service Reselling (e.g: Call Sell) Resale of stolen phone services
Theft / Compromise of data
Includes such things as the acquisition of personal information or intellectual property
(e.g. logins)
Theft / Stolen Goods Equipment Theft
Theft of Content Stealing content such as ringtones, games, or applications
Wholesale Fraud Exploitation of wholesale interconnect agreements

28