2017 Global Fraud Loss Survey

2017 CFCA Survey –
Respondents

2

0% Asia South Central North Western Eastern Africa Middle Pacific and America Europe Europe & East South Russia America Note: Local.3% 6.0% 7.2017 Survey In which region are you located? 35.0% 15.0% 0.2% 15. Regional.0% 20. National and International CSPs participated in the survey 3 .0% 34.0% 25.9% 10.3% 5.9% 8.6% 6.7% 8.2% 30.0% 12.

39% 4.22% <10.001 to 10.35% 25.000 25.000.000.2017 Survey How many subscribers does your company have? Wholesale Only (no 50.001 to 50.000.001 to 10.000.001 to 1.000.87% 1.87% 10.61% 4 .000.000 10.000.000 15.70% 10.000 8.001 + end user subscribers) 17.000.000 32.

3% Finance/Billing/Revenue Assurance 36.4% Fraud Detection 89.0% 20.0% 90.0% 70.4% Sales/Marketing 8.2% Security/Network 16.2% 0.0% Law Enforcement 12. Billing and Revenue Assurance functions.8% Vendor/Consultant 2.2% Operations 20.0% 80.7% Customer Service 18.0% 40.0% Compared to 2015.6% Systems Administrator 10.0% 50. 5 .3% Legal/Regulatory 14.2% Fraud Investigation 81.0% 30.0% 60. 5% more time is going to detecting fraud and 14% more time is going to Customer Care.0% Security/Physical 8.8% End User 2.0% 10. 2017 Survey What functions apply to your current role and responsibilities? Internal Fraud Investigation 38.

Operations and Security each grew by approx. 2017 Survey Where is your fraud department situated? Security 25. Collections. However.58% Risk Management 9.30% IT 2.51% Customer Care 6. 4%. departments under Finance shrank by >10% (57% in 2015). Customer Care.98% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Compared to 2015. Some Fraud departments also reported moving to Revenue Assurance. 6 . Business Intelligence.30% Operations 9.33% Finance 46.

2017 CFCA Survey – General Fraud Trends 7 .

CSP services are being used to perpetrate fraud across other industries.5% Estimated $2.0% - Global Fraud Billion 23.5% % 3.30 +2.0% 3.0% Global Trillion % 1.27% -0.2 2.0% 2017 Var 2.3% % Revenue Loss 4.5% Loss (USD) 0.5% Revenues (USD) Estimated $29.0% % Loss* 1.4% 2008 2011 2013 2015 2017 8 .2017 Survey Direct revenue impacts to CSPs is shifting into other areas. 23.2 1.3% 0.

org/fraudlosssurvey/ 9 .2017 Survey Global Fraud Loss Estimate:  $29.27% of global telecom revenues The 23.2 Billion (USD) annually  1.2% decrease from 2015 is attributed to several factors including:  Increased collaboration and coordination between carriers within the industry and with law enforcement  Cessation of casual dialing on major US carrier networks  Continued migration of cost base from TDM to VoIP networks which have lower tariffed rates  Increased focus on cybersecurity issues.cfca. which are harder to associate with revenue losses For more information please visit: www.

000.000. However.001+ 81 1001+ Wholesale Only 6 101 to 500 (no end user subs) On average the # incidents per month have decreased by 10%.000 6 51 to 100 10.000. 2017 Survey How many fraud incidents does your department handle per month? Average Total Average # Incidents # Subscribers Department Size per Month <10.000.001 to 1.000 50. 10 .000 9 51 to 100 1.000.000.001 to 10.001 to 50.000 21 501 to1.000 10 101 to 500 10. this masks the fact that the number of attempted frauds has increased significantly since 2015.

66 B – Abuse of Service Terms & Conditions service to enable  $1.03 B – Private Use 11 For more information please visit: www.10 B – International Revenue Share Fraud how they use the (IRSF) service or network  $4.94 B – IP PBX Hacking  $1.10 B – Device / Hardware Reselling  $1.cfca.94 B – PBX Hacking Fraud Method – is  $1.g.39 B – Premium Rate Service attack  $2.03 B – Subscription Fraud (Identity)  $1.02 B – Theft / Stolen Goods revenue from the  $2.27 B – Interconnect Bypass (e.93 B – Subscription Fraud (Application) how they access  $1.27 B – Friendly Fraud  $1.66 B – Account Take Over revenue gain from  $1. SIM Box) to generate  $3.2017 Survey Top Fraud Methods:  $2.30 B – Wholesale Fraud  $1.47 B – Internal Fraud / Employee Theft  $1.org/fraudlosssurvey/ .75 B – Subscription Fraud (Credit Muling/Proxy) the network or  $1.26 B – Arbitrage  $3.35 B – Domestic Revenue Share (DRSF)  $1.38 B – Phishing / Pharming the attack  $1.38 B – Payment Fraud Top Fraud Types: Fraud Type – is  $6.

the top five were: PBX Hacking. Internal Fraud/Employee Theft. and Subscription Fraud (Identity) 12 . IP PBX Hacking. device or configuration weakness In 2015.2017 Survey What do you view as the top 5 fraud methods GLOBALLY? 0% 2% Total 4% 6% 8% % of Responses 10% PBX Hacking IP PBX Hacking Subscription Fraud (Application) Account Takeover Subscription Fraud (Credit Muling/Proxy) Abuse of Service Terms and Conditions Phishing / Pharming Subscription Fraud (Identify) Payment Fraud Abuse of network. Subscription Fraud (Application).

the top five fraud methods were PBX Hacking.0% 5.0% 7.0% 6. Dealer Fraud and Subscription Fraud (Identity) 13 . 2017 Survey What do you view as the top 5 fraud methods at YOUR COMPANY? 0. Subscription Fraud (Application).0% Subscription Fraud (Identity) PBX Hacking IP PBX Hacking Subscription Fraud (Application) Subscription Fraud (Credit Muling/Proxy) Abuse of Service Terms and Conditions Account Takeover Internal Fraud / Employee Theft Phishing / Pharming Payment Fraud In 2015.0% 4. IP PBX Hacking.0% 3.0% 2.0% 1.

6 SMS Faking or Spoofing.6 Mobile Account Takeover.0 CLI/ANI).6 Subscription Fraud (Application).5 IMEI Reprogramming. $1.7 Malware. $0. device (in $ USD Billions) or configuration weakness. $0.5 Logo Abuse.0 14 . $1.6 Subscription Fraud (Credit Clip-on Fraud.0 $0. $1.9 Internal Fraud / Employee Brand Name / Theft.6 Pre-Paid Equipment & Services. $1. $1. $1. $0. $0.9 (Identify). $1. $1. Schemes).8 $0.7 PBX Hacking).9 Subscription Fraud PBX Hacking. 2017 Survey 2017 Estimated Fraud Losses by Method Abuse of network. $1. $1.4 Robocalling. Muling/Proxy).3 Signalling Payment Fraud. $0. $0.3 Spoofing (IP or Dealer Fraud.4 Wangiri (Call Back Manipulation.1 Social Engineering.9 SIM Cloning. $0.4 IP PBX Hacking. $1. $1. $2.8 Phishing / Pharming. $1. $1.6 Abuse of Service Voicemail Hacking Terms and (Not associated with Conditions. $0.

Premium Rate Service.0% 10. SIM box) (e.g.g.0% 15.0% 10. Arbitrage.0% (Roaming) 0. 2017 Survey What do you view as the top 5 fraud types at YOUR COMPANY? (In-Network) 0.0% 20. Device/Hardware Reselling and Theft/Stolen Goods 15 . the top fraud types were: IRSF. SIM box) Arbitrage Arbitrage Theft / Stolen Goods Premium Rate Service Premium Rate Service Theft / Stolen Goods In 2015.0% 20. Interconnect Bypass.0% 30.0% International Revenue International Revenue Share Fraud (IRSF) Share Fraud (IRSF) Interconnect Bypass Interconnect Bypass (e.0% 5.

g. $3. $2.2 Content. Theft / Compromise of data (e.0 Device / Hardware Reselling. $1.g: Friendly Fraud.5 Revenue Share Service (DRSF).4 Call Sell). $0. $0. $0. $0. $1.1 16 .0 Service (DDoS).0 Private Use.3 Arbitrage. $6.g.4 $3. logins).6 (e.3 Theft / Stolen Goods. $1.0 Wholesale Fraud. SIM box). 2017 Survey (Combined) 2017 Estimated Fraud Losses by Type (in $ USD Billions) Denial of Service (DoS) Interconnect Bypass Premium Rate and Distributed Denial of Theft of Arbitrage.2 Cable or Satellite.7 Service. $1. $4.3 Commissions Fraud. $1. $2. Domestic $0.3 Reselling (e.

2017 CFCA Survey – Fraud Locations 17 .

Pakistan and Spain. the top 3 countries were United States. 18 . 2017 Survey Top 10 Countries That ORIGINATE Fraudulent Calls: 6% 5% 4% 3% 2% 1% 0% In 2015.

Somalia and Bosnia & Herzegovina 19 .2017 Survey Top 10 Countries Where Fraud TERMINATES: 8% 8% 7% 6% 5% 5% 4% 4% 4% 4% 3% 3% 3% 3% 3% 3% 2% 1% 0% In 2015. the top 3 countries were Cuba.

2017 CFCA Survey – Company Losses 20 .

5% 8.9% 9.8% 2015 18.8% 10.8% 4.6% 16. the consensus shifted to between 2-3%.1% 17.0% 19.7% 2017 17.8% 9.5% 9.0% % Total Responses 19.9% 16.2% 21.5% 8.8% 17.5% 20% 17.8% 10% 4. 2017 Survey What percentage of the total GLOBAL telecom revenue base do you think is fraud? 30% 25% 22. a majority of CSPs believed fraud losses were between 1-2%.9% 5% 0% < 1% 1-2% 2-3% 3-4% 4-5% 5-10% > 10% 2013 12.8% 2.1% 15% 9.3% 15.1% 22.1% 17. In 2015 and 2017.5% 10.8% In 2013.3% 26. 21 .2% 13.

0% 62% 60. 22 .0% 50. In 2017.0% 30.0% 21% 20.0% 40.2017 Survey Comparison Between 2011-2017 Survey Results in YOUR COMPANY 70.0% < 1% 1-2% 2-3% 3-4% 4-5% 5-10% > 10% 2013 2015 2017 Since 2013 CSPs have report fewer fraud losses per year. 60% of CSPs reported losses less than 2%.0% 8% 8% 10. 82% reported losses less than 2%.0% 3% 0% 0% 0. In 2015.

Communications Fraud Control Association 4 Becker Farm Road 4th Floor PO BOX 954 Roseland.cfca.org email www. Survey Chairman 23 . NJ 07068 +1 973 871 4032 Phone +1 973 871 4075 Fax fraud@cfca.org website Roberta Aronoff – Executive Director Jacob Howell – Board of Directors.

24 . Although communications operators have increased measures to minimize fraud and reduce their losses. communications operators tend to keep their actual loss figures and their plans for corrective measures confidential. including residential and commercial customers. The losses increase the communications carriers’ operating costs. Fraud negatively impacts everyone.About Communications Fraud Communications fraud is the use of telecommunications products or services with no intention of payment. CFCA used a confidential opinion survey of global communications operators to support the global fraud loss study. criminals continue to abuse communications networks and services. Therefore. Due to the sensitive nature of this topic.

By promoting a close association among telecommunications fraud security personnel. 25 . For more information. loss prevention and fraud control through education and information.About CFCA CFCA is a not-for-profit global educational association that is working to combat communications fraud. CFCA serves as a forum and clearinghouse of information pertaining to the fraudulent use of communications services.org. visit CFCA at www. The mission of the CFCA is to be the premier international association for revenue assurance.CFCA.

Thank You 26 .

Also includes abuse of company's credit and adjustment policy Mobile Malware Compromised Mobile Applications PBX Hacking Compromised PBX systems used to make calls IP PBX Hacking Compromised IP PBX used to make fraudulent calls Phishing / Pharming Theft of personal info or credentials via hacking. device or configurationExploitation of a configuration weakness to gain access to a network or device. Signalling Manipulation Manipulation of the SIP or SS7 signaling message to hide the true origination or identity of a caller SIM Cloning Duplicated SIM card used to charge phone calls back to the original SIM card SMS Faking or Spoofing Manipulation of the ANI to hide the true origination or identity of SMS or MMS Social Engineering Manipulation of an employee or customer to unintentionally give out important information Spoofing (IP or CLI/ANI) Manipulation of the IP address/CLI/ANI to hide someone's true origination or identity Subscription Fraud (Application) Creation of false details to gain access to goods and services with no intention to pay Utilization of real identity details (with authorisation for payment) to obtain goods and services with no Subscription Fraud (Credit Muling/Proxy) intention to pay Utilization of a real identify without the owners knowledge to obtain goods and services with no intention to Subscription Fraud (Identify) pay Voicemail Hacking (Not associated with Compromised voicemail system used to make calls PBX Hacking) Wangiri (Call Back Schemes) Call back fraud schemes Payment Fraud Utilization of stolen credit cards. Account Takeover Manipulation and utilization of existing customer account in order to gain devices or service Brand Name / Logo Abuse Acquisition and use of a company's logo without permission Clip-on Fraud Stealing service by attaching wires to another customer's phone equipment Dealer Fraud All types of fraud conducted by indirect and 3rd party dealers IMEI Reprogramming Changing the IMEI of a handset to hide the true origination or identity of a caller Internal Fraud / Employee Theft Theft of service or equipment by employees. Abuse of Service Terms and Conditions Violation of the carrier's service terms and conditions or acceptable use policy. Includes VoIP equipment such weakness as a modem or router. vishing. etc… Pre-Paid Equipment & Services All types of fraud and abuse involving pre-paid equipment and services Robocalling Use of computerized auto-dialers to deliver pre-recorded messages to perpetrate fraud. phishing. 2017 Survey Fraud Method Definitions: Fraud Method Description Abuse of network. debit cards or counterfeit checks in order to obtain service 27 .

or applications Wholesale Fraud Exploitation of wholesale interconnect agreements 28 . Switch Access Stimulation.g. games. routers… Friendly Fraud Utilization of Charge Backs. etc… to perpetuate services Interconnect Bypass (e. Returned Checks. Card Holder Not Present.g. IPTV devices. SIM Unauthorized insertion of traffic onto another carrier’s network. This includes Interconnect Fraud and GSM box) Gateway Fraud or SIM Boxing. International Revenue Share Artificial inflation of traffic terminating to international revenue share providers Fraud (IRSF) Premium Rate Service Artificial inflation of traffic terminating to premium service providers Private Use Use of a service neither directly nor indirectly paid for without rendering some kind of financial compensation Service Reselling (e.g: Call Sell) Resale of stolen phone services Theft / Compromise of data Includes such things as the acquisition of personal information or intellectual property (e. tablets. logins) Theft / Stolen Goods Equipment Theft Theft of Content Stealing content such as ringtones. 8yy (DRSF) Dip Pumping and CNAM Revenue pumping schemes Device / Hardware Reselling Resold equipment such as handsets. 2017 Survey Fraud Type Definitions: Fraud Type Description Arbitrage Exploitation of the differences in rates between different countries Cable or Satellite Signal theft or retransmission from a cable or satellite provider Commissions Fraud Schemes used by dealers to collect additional commissions and spiffs Denial of Service (DoS) and Distributed Denial of Service An explicit attempt to make a machine or network resource unavailable to the users of a service (DDoS) Domestic Revenue Share Abuse of Carrier Interconnect agreements through such things as Traffic Pumping.