Fergal Parkinson
Published on: September 19, 2022
The cost of fraud for the United Kingdom is over £190 billion per year, according to the National Crime Agency’s latest data. Cybercrime has also reached record-setting levels as online services increased during pandemic lockdowns over recent years.
British residents are more likely to experience cybercrime than any other criminal activity. The U.K. has even been referred to as the “bank scam capital” of the world.
Mobile device fraud is an easy way for cybercriminals to steal your data and avoid repercussions, when compared to traditional types of fraudulent activity. Mobile fraud particularly has increased by 83% since 2020, according to consumer reports.
This article will go over some of the important information you need to help mitigate fraud and financial crime risk through mobile device intelligence.
Mobile device intelligence is a sophisticated method of identification and verification. It uses software and API datapoints to detect fraud via mobile phone numbers for active prevention and detection.
Most standard security methods are passive, such as:
Unlike passive security methods, mobile intelligence actively analyses your device identity to find analysis patterns in mobile data and behaviour, similar to a digital footprint. In other words, mobile intelligence “learns” a device’s expected behaviour. This allows it to quickly detect digital fraud that uses anomalous behaviour.
Every technology user has a unique digital footprint. This includes both your personal information and your behaviour patterns online.
You leave a digital footprint trail every time you use a connected device for online activity. Digital footprints can be the actions you take or the passive data you produce.
An active digital footprint is any information you knowingly send out online. This can include:
A passive digital footprint is the data companies collect, with or without your knowledge. Although many companies in the past have been found to have a somewhat relaxed approach to regulations, the EU’s General Data Protection Regulation (GDPR) seeks to limit data collected without your consent – increasing transparency online.
Passive digital footprint data includes:
Your personal identity data is also a part of your digital footprint, and the most important part to cybercriminals. Your personal data includes:
This data is a potential goldmine for cybercriminals and is at the centre of digital onboarding processes for a range of financial services. From accessing bank accounts online through to applications for loans and even larger transactions such as mortgages.
Cybercriminals rely on increasingly sophisticated, intrusive methods in order to steal user data. This can include using irregular points of access or performing irregular behaviour on your accounts to access financial or other private information.
Mobile device intelligence is a set of robust mobile number and device signals. There are numerous signals that can bet used to gather phone intelligence, always using trusted datasets such as regulators, trusted third party data providers and network providers. These signals can include how long a user has had their mobile phone number, is it active, being used in the expected device and does it match the name and address they have provided.
The user’s consistent mobile device usage is compared against any irregular behaviour. Through this comparative analysis digital fraud is quickly and easily identified.
An individual’s mobile phone number is amongst one of the longest lasting and consistent sources of data associated with them, meaning that it can be relied on more than traditional verification information such as email addresses or physical locations.
This is also helpful when it comes to a financial institution’s obligations to detect account fraud, given that a consistent datapoint reduces friction and can be monitored proactively. For example, if a mobile device changes country or network this can be identified via mobile number verification.
Mobile Device Verification runs off live network data. There is no global dataset covering mobile phone numbers, so our mobile lookup API quickly validates the number being checked across the different mobile network databases. This process can also be directly and seamlessly integrated into your existing digital onboarding process.
Even small changes to your onboarding process can have a negative impact on your conversion rates for sign ups or applications. If we take the example of submitting a photograph to compare against an ID document, this requires a user a take a photo and also scan/upload an image of a physical document.
In comparison mobile device intelligence factored into your existing process is a fully passive data check, performed in milliseconds as a user submits their information. Our average response time for data lookups is only 5ms!
Every one of your customer accounts is at potential risk of being hacked and taken over for malicious purposes. Mobile Device Intelligence allows you to continue to monitor account activity, again in real time. The benefit of this proactive monitoring is that you can increase friction on a variable basis, only at times when you expect fraudulent activity on the account, without impacting your overall customer experience.
Financial technology has increased fraud risks. This is due to several factors:
The cost of fraud is undoubtedly high for consumers. But it’s event more costly to financial institutions who pay the price for fraud and proactive management through fraud prevention systems. Fraud prevention falls under anti-money laundering (AML) requirements for financial institutions. AML compliance costs in the UK average £28.7 billion per year.
Anti-money laundering refers to both the regulations and processes used to combat fraudulent activity and the associate funds or “dirty” money. Dirty money is any money generated from criminal activities, including:
Criminals often try to launder large sums of dirty money into “clean” or legitimate money. The goal is to make deposits and transfers without flagging for suspicious activity.
Criminals find creative ways around fraud detection and prevention systems to launder money. Digital fraud has opened up new avenues for criminals to exploit. This includes structuring deposits, claiming revenues from crime as fake revenue, and making complex money transfers.
Know Your Customer (KYC) requirements are an important component of AML. KYC requires financial institutions and related businesses to verify customer identities to ensure their legitimacy. KYC is necessary for onboarding clients and establishing a business relationship. It uses identification and verification techniques to:
KYC technology helps mitigate fraud and money laundering through these methods. Types of fraud include chargeback fraud, loan application fraud, and identity fraud.
Chargeback fraud occurs when customers dispute legitimate charges to their financial institution. They appeal for a refund through their bank instead of the service/product provider.
To initiate chargeback fraud, customers may falsely claim:
Chargeback fraud is successful when financial institutions and merchants don’t communicate. They must verify the claims with each other.
If the financial institution doesn’t investigate and the merchant doesn’t dispute the claim, customers essentially receive products and services for free.
Loan application fraud can take on many forms. This includes using stolen information or identity fraud to apply. Payday loans are vulnerable to loan application fraud since they have more lax qualification standards.
Loan application fraud is especially costly for financial institutions. Fake mortgage loans and start-up loans can run up six-figure losses per incident. The UK lost nearly £5 billion in COVID loan fraud after banks relaxed their KYC requirements. This included loaning money to known criminals previously convicted of money laundering.
Identity fraud and identity theft are interrelated. Identity theft refers to stealing personally identifiable information. Identity fraud is the process of using that information to assume your identity or make a fake identity from your data.
Identity fraud is the largest cost of fraud for individual victims. It currently makes up £5.4 billion out of £9.7 billion per year.
There are several types of identity fraud, which has already adapted to mobile devices. The identity theft data used to perpetrate identity fraud occurs through common mobile device scams such as SMS phishing.
Cybercriminals have many creative ways to commit digital fraud. Mobile devices provide a great opportunity for identity fraud and identity theft.
Consumers use mobile devices more than any other online method and this is increasing true for financial transactions of all sizes. In turn this means all your personal data, financial data, and other sensitive information is right there on your mobile device.
Account Takeover (ATO) fraud occurs when cyber criminals obtain your access credentials, like usernames and passwords. They then use these stolen credentials to control your account(s).
This can include:
When criminals take over your mobile phone number, they can use it to send and receive texts, emails, or phone calls pretending to be you. This potentially allows them into other accounts connected to your mobile device.
For example, someone who committed successful ATO fraud on your mobile number can use it to reset the password on your bank account. They can choose to have the bank’s SMS verification code sent to the number linked to the account- your number- which they now control.
Now they have the luxury to make a new password and access your finances without your bank being the wiser. ATO fraud uses phishing scams, malware, or fraud techniques like SIM swapping and phone number porting. Both consumers and companies are vulnerable to ATO fraud.
SIM (Subscriber Identification Module) cards store your mobile data, like contacts and text messages. They also have important components for mobile device identity:
SIM cards are therefore very lucrative to cybercriminals. SIM fraud can occur through SIM swapping or SIM cloning.
Cybercriminals who gain your personal information can attempt a SIM swap. SIM swapping occurs when a criminal with your personal information convinces your network provider to “swap” your phone number to a new device with a new SIM card.
Once the swap is successful, they can access and control your phone’s personal information. This opens up pathways to ATO fraud for any online banking and buying accounts connected to your mobile device.
SIM swapping is especially difficult to detect as it uses real information and the legitimate process of switching customer numbers to a new SIM card. Service carriers must be especially vigilant against SIM swapping.
SIM cloning is similar to SIM swapping. Instead of porting your phone number, however, SIM swapping makes an entirely new copy of your SIM card.
This can be accomplished by using cloning tools on the physical SIM card. Cybercriminals can also remotely hack the encrypted signal to your SIM card or siphon SIM info through malware and toolkits.
Like with SIM swapping, the criminal then gains control of your device identity. All your trusted device data is switched from your control to their control.
Phone porting fraud is similar to SIM swapping. Instead of switching your phone number to a new device, however, cybercriminals convince your current network provider to switch your number to a new network provider.
Subscriber fraud uses your personal information to open a fraudulent mobile device account. Any debts incurred using the device are then connected to your personal identity. Subscriber fraud can also be used to carry out illegal activities, like drug trafficking and robbery. Law enforcement may trace the device’s identity back to you. This means victims dealing with fraudulent debts can also have potential legal action against them for crimes they didn’t commit.
Synthetic ID fraud is a form of identity theft. Instead of stealing your entire identity, however, cybercriminals combine both real and fake information to create a new pseudo-identity.
For example, a fraudster can pair your real national insurance number (NINO) with a fake name, address, and birthdate. This creates a new false identity that seems legitimate at first glance to any entity requiring NINO information.
This fake identity can then apply for loans, credit, and financial accounts under your tax number. They’ll disappear when the bills are due, leaving you and the financial institutions to deal with your wrecked financial history instead.
Synthetic ID fraud is costly to both victims and financial institutions. Cybercriminals who commit this form of digital fraud are also difficult to trace.
A different form of fraud, Wanigiri can directly cost you money without needing any more information than your phone number. This scam originated in Japan, with Wanigiri meaning “one ring and cut” in Japanese.
One-ring fraud occurs when cybercriminals call international mobile phone numbers and hang up after one ring. Many people will call the number back to find out why they were contacted.
The call back is charged at a high call charge rate. The longer the victim stays on the line, the more lucrative the fraud. Scammers will employ multiple techniques to keep victims from hanging up, including telling callers to hold for more information or connection to a live person.
Before cybercriminals can use your mobile device for identity fraud, they need your personal information. Besides hacking and malware, there are multiple tried-and-true ways for criminals to gain personal data from your mobile device.
Spoofing uses various techniques to get around caller ID on mobile devices. Spoofers will disguise their number as a local or even a company/government number so it appears you’re being contacted by someone legitimate.
Once you answer the phone, they’ll pose as a legitimate agent and attempt to gain personal information such as account numbers, tax numbers, or login information.
Mobile devices with Bluetooth capabilities are vulnerable to the bluesnarfing technique. Cybercriminals can use public Bluetooth to hijack your connection and siphon any and even all of your device’s stored data.
SMS phishing is the mobile phone version of traditional phishing scams. Cybercriminals will spam texts to your phone, hoping to gain personal information through your responses.
People are more likely to open text messages (98%) than emails (20%) according to marketers, which makes SMS phishing especially lucrative.
All of the different types of fraud listed above rely on a customer’s mobile phone number as the backbone of the means of access to commit fraud. Therefore, performing data verification via a mobile number compared to an email address or other more traditional method provides additional assurance.
This is because there are significantly more checks carried out through this process, including against third party databases from regulators, trusted third party data providers and mobile networks.
Digital fraud generally occurs beyond the sight of both consumers and companies. By the time they notice fraudulent activity, it’s because cybercriminals have already made their profits.
Mobile device intelligence combines dynamic learning with computing response time. The result is a faster, scalable, and more productive fraud prevention system layered onto existing security protections within your digital onboarding process.
Mobile device intelligence adds another layer to account takeover protection. ATO protection uses intelligence systems to monitor accounts and analyse suspicious transactions and other high-risk behaviours.
When suspicious activity occurs, mobile intelligence can help notify you before cybercriminals can access your user’s account information. It can also aid in identifying the points criminals used to attempt access.
Mobile device intelligence reduces fraud by keeping digital footprints safe and current. Mobile device intelligence can increase sim-swap fraud prevention, for example, by verifying a user’s location history with the newly requested device location.
If the location matches previous footprint patterns, it reduces the chances of false positives. If there’s anomalous behaviour behind the request, however, mobile intelligence can sound the alarm before cybercriminals have time to perform ATO fraud through SMS verification.
Mobile device intelligence paired with loan applications can detect patterns in both applicant history and known fraud activity. It can also verify if multiple fraudulent requests have been attempted using the same information along with other key markers left by irregular account activity.
This also reduces the time and effort it takes for ongoing investigations, while adding more precision to your initial validation processes. It also reduces customer friction for legitimate requests that match up with previous patterns and have low-risk thresholds.
Future risks of online fraud for financial institutions include evolving technological developments, geopolitical events, and interconnected financial networks that may increase the risks, exposures, and complexity of fraud and financial crime. As perpetrators become increasingly sophisticated, financial institutions need to stay vigilant and implement effective countermeasures to mitigate these risks.
One key area of concern is the rise of card-related fraud in the digital space. The JPMorgan AFP Payments Fraud and Control Survey highlighted an alarming 10% increase in card-related fraud types in 2022. While overall online fraud volumes may show lower numbers, it is important for banks to remain cautious and proactive in addressing potential threats.
Another risk is the emergence of hybrid online frauds, which are likely to gain momentum in the near future. These frauds combine different techniques and exploit vulnerabilities in payment systems, posing a significant challenge for financial institutions. As criminals adapt and evolve their tactics, financial institutions need to constantly update their security measures to stay one step ahead.
Moreover, the adoption of innovative technologies in fraud and financial crime risk management, such as machine learning and enhanced data analytics, is both an opportunity and a challenge. While these technologies can enhance detection and prevention capabilities, they also require continuous attention to address potential vulnerabilities and adapt to new types of threats.
Financial institutions need to prioritise cybersecurity and invest in robust security measures to protect customer data and prevent online fraud. Collaboration with industry partners and regulatory bodies can also foster a collective approach to addressing fraud risks and sharing best practices.
Fraud is an expensive and time-consuming issue for consumers and companies alike. Your mobile device identity relies on dynamic mobile intelligence solutions to keep it safe.
Talk to our experienced mobile device intelligence team to learn more about how additional authentication can be seamlessly integrated into your existing onboarding process.
The utilisation of mobile device intelligence significantly contributes to mitigating financial crime risk by offering valuable insights into transaction legitimacy and customer behaviour. By analysing device data including, device type, and usage patterns, financial institutions can identify irregularities and highlight suspicious activities, thereby aiding in the prevention of fraud and money laundering.
Although mobile device intelligence provides valuable insights for risk mitigation, there are indeed privacy concerns related to its application in financial services. The collection and analysis of data from mobile devices raise issues regarding user consent, data protection, and the potential misuse of personal information. Financial institutions must navigate these privacy considerations cautiously to ensure adherence to regulations and uphold customer trust.
Although mobile device intelligence offers advantages, depending solely on it for risk reduction in financial institutions can pose limitations and challenges. One such limitation is the inability to create comprehensive customer profiles or identify sophisticated financial crimes that may not be evident through mobile device data alone. Therefore, while mobile device intelligence is incredibly valuable, it should be complemented with other risk management measures to ensure comprehensive protection against financial crime.
Last updated on September 18, 2024
"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."
"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”
"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."
"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."
"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."
"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."
"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."
"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."
"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."
We provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >
