Mobile Telephony Fraud

Over the years, different types of fraud or deceptive practice have evolved in mobile telephony, designed to be financially damaging to their victims who, in this case, are cellular subscribers or customers, and sometimes the operators themselves.

As reported at the time by the Cellular Telecommunication Industry Association, in 1998, telephony fraud, ranging from technological data theft to simple theft of telephones, cost the industry approximately US$ 182 million.

If this problem is to be addressed effectively, technical and legislative efforts must be joined in order to develop a system to bring an end to illicit practices involving the cellular industry.

From the technical standpoint, the assistance of operators, equipment suppliers, and manufacturers is needed to develop networks and terminals whose enhanced security measures make them less vulnerable to different types of fraudulent activity.

From the legal standpoint, national governments must participate in developing a legal framework that defines and sanctions mobile telephony fraud-related offenses, as they are the guarantors of, inter alia, private property, security, and privacy of communications. Such a framework must be flexible enough to permit adjustment to take account of the ongoing development of the supply of new products and services in the cellular industry, which may create avenues for new types of crime.

It may be said that today the scope for mobile telephony fraud is literally boundless. In fact, financial inducements are such that what may have begun as local illicit practices have become transnational businesses.

As regards software, when Electronic Serial Numbers (ESN) and Mobile Identification Numbers (MIN) of cellular telephone equipment are obtained, the equipment’s identity is clearly being stolen as telephone calls may be made, even from other countries, that are charged to the number of the compromised equipment if the mobile communication networks and exchanges to which these subscribers belong do not have authentication features. Such features have thus far been able to limit opportunities for cloning by means of random keys generated from switches and transmitted encrypted over the air. These features are among the many security mechanisms used by mobile operators to prevent losses resulting from such criminal practices.

As regards hardware, cellular terminals themselves are being stolen and activated in other countries, thereby evading the “blacklists” that normally exist, which are shared by different cellular service companies operating within a country.

What should be done?

The complexity of the topic clearly calls for a series of actions and the collaboration of all parties involved, each to the extent of its capabilities and responsibilities, to include operators, equipment suppliers, governments, and even users themselves.

At the VI Meeting of PCC.I, CANTV of Venezuela proposed a solution in connection with stolen equipment and the direct negative impact of such theft on both customers and operators, based on establishing a database of lost and stolen cellular equipment, which could be shared or read by companies of different countries with a view to preventing or reducing illicit cross-border trafficking in such equipment.

That proposal serves to revive the topic as, earlier, PCC.I at its XV Meeting, held in October 2001, in Asuncion, Paraguay, had adopted a resolution entitled “Exchange of Electronic Serial Numbers of Mobile Termminals Declared Stolen/Lost,” contained in the Final Report of that meeting.

Today, the rationale for that proposal remains valid, and may be summarized essentially as the substantial financial loss incurred by operators and users alike as a result of the growing theft of cellular equipment and that fact that much equipment stolen in one country is later activated in another. In addition, brief informal consultations conducted with some of the region’s operators confirmed the common interest in and concern to bring an end to such illicit trade in cellular equipment.

In addition, the document presented urges the Administrations and officers of CITEL to work together in this area and to make any other type of suggestion tending to resolve or mitigate this problem.

Lastly, the document also proposes a work plan that includes objectives, priorities, commitments, an information exchange form, information controls and audits, and the periodicity and method of forwarding information, among other topics of interest in implementing the database.

The sole objective of establishing a database shared by countries of the Americas is to prevent a serious and growing problem, cellular equipment theft, with ensuing benefit to the general public. However, other possible solutions to this problem and many other forms of mobile telephony fraud unquestionably exist. This therefore remains an open question and participation by all sector members is needed if solutions are to be identified.

Belkys Díaz
Coordinadora de Análisis e Inteligencia Tecnológica
Compañía Anónima Nacional de Teléfonos, CANTV
e.mail: bdia@cantv.com.ve

Silvia Fernández
Especialista de Asuntos Regulatorios
Compañía Anónima Nacional de Teléfonos, CANTV
e.mail: sferna@cantv.com.ve