Is it time to subscribe to a printer service from HP?

Ever since my dad brought home an...

What’s the best way of buying a phone today?

How did you buy your latest phone?...

MWC: What device highlights did you miss?

So, early last week I predicted that...

The £1.2m o2 iPhone Scam: How did it happen?

Like many people I was very interested to read this story about the recent scams committed on the o2 network (and others). At first it was rather funny to read. It was a bit of ingenuity, a clever ruse and a way to get back at the operators that charge too much anyway. Yeah, yeah, they shouldn’t have done it and it was a bit ‘naughty’, but maybe a modern day Robin Hood story.

At least that was my first thought, then I read it a bit more closely:

..o2 called in the police after losing £1.2m in July alone.

£1.2m in one month!

If they targeted the five UK operators equally, then that’s £6m a month. Yes, a month. Even if o2 was the hardest hit then it’s probably still in the region of £3m a month. So how the hell did the UK operators let this happen? It surely can’t be that difficult to spot in excess of £1m walking out the door. Or can it? And is it negligence in spotting this that keeps my tariffs (and yours) so high?

So I thought I’d ask a couple of experts if they could help explain it to me.

– – – – –

First up, I spoke to Tal Eisner, Senior Director of Product strategy for cVidya Networks. I asked him what his first reaction was to the news:

“In my opinion, the case in question was a master plan and therefore it was quite successful for the people who committed it. The fraudsters not only stole some phones and produced calls, they shipped the phones abroad in order for these calls to go unnoticed, or at least unnoticed while in progress.”

“GSM Operators have been utilising a procedure in the past 2-3 years that goes under the name NRTRDE (Near Real Time Roaming Data exchange). This procedure obligated the operator to send details of roaming calls to the home network of the roamer in time frames of 4 hours, that’s in order to decrease the amount of abuse and fraud while roaming.”

“I strongly suspect that these fraudsters knew which countries to ship their phones to. They did it to countries that have NOT deployed these procedures and thus the time frame of reporting is like the “old times”, pre NRTRDE, which is up to 72 hours. A long enough time to perform many calls – costing the operators a fortune. Smart guys!”

So how this could have happened, how was the international calls element of this important?

“These calls have been deliberately done on roaming because in such cases the operators have no real time detection of the traffic. Moreover, the fraudsters, I suspect, knew in advance where to ship the stolen phones to and originate the calls from. They did it from countries where there is no NRTRDE procedure in place and therefore the home networks received the data of the calls after a 72 hours delay.”

“Operators should deploy NRTRDE ASAP. [They should also have] a Fraud Management System that has all the sufficient tools in order to have as much control as possible over roaming traffic. Roaming is highly expensive and controlling it with 24/7 tools can save millions of dollars every month.”

He was too polite to mention that the cVidya Fraud View product could help here!

– – – – –

Then, I spoke to Paul Paterson, the Operations Director for ImpulsePay. I also asked him what his first reaction was.

“I wasn’t particularly surprised that this sort of thing was going on, but I was surprised with both the amount of money involved and the time it was allowed to go on for. I think o2 must be relieved that they spotted it when they did and I can understand that they might think that it is a victory against fraudsters. But the reality is that they actually lost £1.2million in a single month!”

Premium rate calls seemed to play an important part in this, why?

“Because it’s easy. Setting up a premium phone line abroad takes minutes, and there aren’t really many safeguards against bad debt, as mobile contracts are credit based. So if a fraudster is willing to use stolen information to set up a new contract phone, they can pretty much get away with this type of activity for at least a short time. There are also similar scams involving premium rate messages.”

“Fraud prevention systems are key. For example, if o2 had a system in place which allowed it to flag possible fraudulent activities in real-time, they could avoid this happening in the first place. I think the operators need to look into investing in new systems that flag up, say, a brand new user who is suddenly calling [or texting] premium rated phone lines abroad at hundreds of pounds a month. Given this latest story, and I’m sure a few others that we haven’t heard of, it would be a very worthwhile investment for them.”

– – – – –

Thanks guys, a really interesting take on it.

I keep on having to remind myself that many mobile operator systems are held together with what appears to be very expensive pieces of string. Dear me.

7 COMMENTS

  1. I’m *really* dubious about Tal’s interpretation of the story – is there any evidence to suggest that the calls to PRNs were actually made whilst roaming?

    Sure the handsets will be sold abroad, such that they continue to work once they’ve been identified as stolen (the UK operators share information of stolen IMEIs, but not internationally); but I’d be very surprised if the PRN activity wasn’t taking place in the UK before the handsets were sent abroad.

  2. Hi,
    The info provided in the article is not based on speculations or interpretations, But from reliable sources of information including the London Police, that presented information on the case in their official website.
    The calls were indeed while roaming.

  3. “It was a bit of ingenuity, a clever ruse and a way to get back at the operators that charge too much anyway. Yeah, yeah, they shouldn’t have done it and it was a bit ‘naughty’, but maybe a modern day Robin Hood story.”
    erm…..fraudsters lining their own pockets or possibly funding terrorism. Robin Hood was a nice man in green tights wasn’t he?

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recently Published

Is it time to subscribe to a printer service from HP?

Ever since my dad brought home an HP LaserJet printer (version 3, if memory serves), I have been printing with an HP. Over the...

What’s the best way of buying a phone today?

How did you buy your latest phone? I'm asking because I'm thinking about what I should be doing. When I was living in Oman, I...

MWC: What device highlights did you miss?

So, early last week I predicted that next to nothing from Mobile World Congress would break through into the mainstream media. I was right,...

How Wireless Will Pave the Path to Neobank Profitability

I'm delighted to bring you an opinion piece from Rafa Plantier at Gigs.com. I think it's particularly relevant given the recent eSIM news from...

An end of an era: Vodafone UK turns off 3G services

I thought it was worthwhile highlighting this one from the Vodafone UK team. For so long - for what feels like years, seeing the...

Mobile World Congress: Did the mainstream media notice?

I resolved this year to make sure I wrote something - anything - about Mobile World Congress, the huge mobile industry trade show taking...