The cost of fraud for the United Kingdom is over £190 billion per year, according to the National Crime Agency’s latest data. Cybercrime has also reached record-setting levels as online services increased during pandemic lockdowns over recent years.
British residents are more likely to experience cybercrime than any other criminal activity. The U.K. has even been referred to as the “bank scam capital” of the world.
Mobile device fraud is an easy way for cybercriminals to steal your data and avoid repercussions, when compared to traditional types of fraudulent activity. Mobile fraud particularly has increased by 83% since 2020, according to consumer reports.
This article will go over some of the important information you need to help mitigate fraud and financial crime risk through mobile device intelligence.
What is Mobile Device Intelligence?
Mobile device intelligence is a sophisticated method of identification and verification. It uses software and API datapoints to detect fraud via mobile phone numbers for active prevention and detection.
Most standard security methods are passive, such as:
- Multi-factor authentication
- R-mail or SMS verifications
Unlike passive security methods, mobile intelligence actively analyses your device identity to find analysis patterns in mobile data and behaviour, similar to a digital footprint. In other words, mobile intelligence “learns” a device’s expected behaviour. This allows it to quickly detect digital fraud that uses anomalous behaviour.
What is a Digital Footprint?
Every technology user has a unique digital footprint. This includes both your personal information and your behaviour patterns online.
You leave a digital footprint trail every time you use a connected device for online activity. Digital footprints can be the actions you take or the passive data you produce.
An active digital footprint is any information you knowingly send out online. This can include:
- Sending emails
- Posting to social media platforms
- Video and photo sharing
- Using online chat functions and apps
- Filling out online forms
- Creating online accounts
- Installing cookies on your browser
- Geotagging your location
A passive digital footprint is the data companies collect, with or without your knowledge. Although many companies in the past have been found to have a somewhat relaxed approach to regulations, the EU’s General Data Protection Regulation (GDPR) seeks to limit data collected without your consent – increasing transparency online.
Passive digital footprint data includes:
- Social media usage data
- Browsing histories
- Online action history (clicks, scrolling, etc.)
- IP addresses
- Device identity(s)
- Cookies installed without your knowledge
- Geolocation features
Your personal identity data is also a part of your digital footprint, and the most important part to cybercriminals. Your personal data includes:
- Full name and address
- Bank information
- Credit and debit card numbers
- Usernames and passwords
- Sensitive information such as medical records
This data is a potential goldmine for cybercriminals and is at the centre of digital onboarding processes for a range of financial services. From accessing bank accounts online through to applications for loans and even larger transactions such as mortgages.
How Does Mobile Device Intelligence Work?
Cybercriminals rely on increasingly sophisticated, intrusive methods in order to steal user data. This can include using irregular points of access or performing irregular behaviour on your accounts to access financial or other private information.
Mobile device intelligence is a set of robust mobile number and device signals. There are numerous signals that can bet used to gather phone intelligence, always using trusted datasets such as regulators, trusted third party data providers and network providers. These signals can include how long a user has had their mobile phone number, is it active, being used in the expected device and does it match the name and address they have provided.
The user’s consistent mobile device usage is compared against any irregular behaviour. Through this comparative analysis digital fraud is quickly and easily identified.
Benefits of Mobile Device Intelligence
An individual’s mobile phone number is amongst one of the longest lasting and consistent sources of data associated with them, meaning that it can be relied on more than traditional verification information such as email addresses or physical locations.
This is also helpful when it comes to a financial institution’s obligations to detect account fraud, given that a consistent datapoint reduces friction and can be monitored proactively. For example, if a mobile device changes country or network this can be identified via mobile number verification.
Mobile Device Verification runs off live network data. There is no global dataset covering mobile phone numbers, so our mobile lookup API quickly validates the number being checked across the different mobile network databases. This process can also be directly and seamlessly integrated into your existing digital onboarding process.
Even small changes to your onboarding process can have a negative impact on your conversion rates for sign ups or applications. If we take the example of submitting a photograph to compare against an ID document, this requires a user a take a photo and also scan/upload an image of a physical document.
In comparison mobile device intelligence factored into your existing process is a fully passive data check, performed in milliseconds as a user submits their information. Our average response time for data lookups is only 5ms!
Account Takeover Protection
Every one of your customer accounts is at potential risk of being hacked and taken over for malicious purposes. Mobile Device Intelligence allows you to continue to monitor account activity, again in real time. The benefit of this proactive monitoring is that you can increase friction on a variable basis, only at times when you expect fraudulent activity on the account, without impacting your overall customer experience.
Risk of Fraud to Financial Institutions
Financial technology has increased fraud risks. This is due to several factors:
- Remote access
- Emerging/evolving tech solutions
- International interconnection
- Customer vulnerabilities
- Digital data storage
The cost of fraud is undoubtedly high for consumers. But it’s event more costly to financial institutions who pay the price for fraud and proactive management through fraud prevention systems. Fraud prevention falls under anti-money laundering (AML) requirements for financial institutions. AML compliance costs in the UK average £28.7 billion per year.
Fintech, Digital Fraud, and AML Compliance
Anti-money laundering refers to both the regulations and processes used to combat fraudulent activity and the associate funds or “dirty” money. Dirty money is any money generated from criminal activities, including:
- Drug trafficking
- Human trafficking
- Bribery and extortion
Criminals often try to launder large sums of dirty money into “clean” or legitimate money. The goal is to make deposits and transfers without flagging for suspicious activity.
Criminals find creative ways around fraud detection and prevention systems to launder money. Digital fraud has opened up new avenues for criminals to exploit. This includes structuring deposits, claiming revenues from crime as fake revenue, and making complex money transfers.
Fraud and KYC
Know Your Customer (KYC) requirements are an important component of AML. KYC requires financial institutions and related businesses to verify customer identities to ensure their legitimacy. KYC is necessary for onboarding clients and establishing a business relationship. It uses identification and verification techniques to:
- Verify a customer’s identity
- Accept/reject customer applications
- Monitor customers’ ongoing behaviour
- Assess risks of potential criminal behaviour
KYC technology helps mitigate fraud and money laundering through these methods. Types of fraud include chargeback fraud, loan application fraud, and identity fraud.
What is Chargeback Fraud?
Chargeback fraud occurs when customers dispute legitimate charges to their financial institution. They appeal for a refund through their bank instead of the service/product provider.
To initiate chargeback fraud, customers may falsely claim:
- They never actually bought the services or products.
- They never received any services or products.
- The products and services they did receive were defective or incomplete.
Chargeback fraud is successful when financial institutions and merchants don’t communicate. They must verify the claims with each other.
If the financial institution doesn’t investigate and the merchant doesn’t dispute the claim, customers essentially receive products and services for free.
What is Loan Application Fraud?
Loan application fraud can take on many forms. This includes using stolen information or identity fraud to apply. Payday loans are vulnerable to loan application fraud since they have more lax qualification standards.
Loan application fraud is especially costly for financial institutions. Fake mortgage loans and start-up loans can run up six-figure losses per incident. The UK lost nearly £5 billion in COVID loan fraud after banks relaxed their KYC requirements. This included loaning money to known criminals previously convicted of money laundering.
What is Identity Fraud?
Identity fraud and identity theft are interrelated. Identity theft refers to stealing personally identifiable information. Identity fraud is the process of using that information to assume your identity or make a fake identity from your data.
Identity fraud is the largest cost of fraud for individual victims. It currently makes up £5.4 billion out of £9.7 billion per year.
There are several types of identity fraud, which has already adapted to mobile devices. The identity theft data used to perpetrate identity fraud occurs through common mobile device scams such as SMS phishing.
Types of Identity Frauds
Cybercriminals have many creative ways to commit digital fraud. Mobile devices provide a great opportunity for identity fraud and identity theft.
Consumers use mobile devices more than any other online method and this is increasing true for financial transactions of all sizes. In turn this means all your personal data, financial data, and other sensitive information is right there on your mobile device.
What is Account Takeover Fraud?
Account Takeover (ATO) fraud occurs when cyber criminals obtain your access credentials, like usernames and passwords. They then use these stolen credentials to control your account(s).
This can include:
- Credit card accounts
- Banking accounts
- Government benefit accounts
- Online shopping accounts
- Social media accounts
- Email accounts
- Mobile phone accounts
When criminals take over your mobile phone number, they can use it to send and receive texts, emails, or phone calls pretending to be you. This potentially allows them into other accounts connected to your mobile device.
For example, someone who committed successful ATO fraud on your mobile number can use it to reset the password on your bank account. They can choose to have the bank’s SMS verification code sent to the number linked to the account- your number- which they now control.
Now they have the luxury to make a new password and access your finances without your bank being the wiser. ATO fraud uses phishing scams, malware, or fraud techniques like SIM swapping and phone number porting. Both consumers and companies are vulnerable to ATO fraud.
What is SIM Fraud?
SIM (Subscriber Identification Module) cards store your mobile data, like contacts and text messages. They also have important components for mobile device identity:
- International mobile subscriber identity (IMSI)
- Integrated circuit card identifier (ICCID)
- Authentication key (for encryption)
SIM cards are therefore very lucrative to cybercriminals. SIM fraud can occur through SIM swapping or SIM cloning.
1. SIM Swap
Cybercriminals who gain your personal information can attempt a SIM swap. SIM swapping occurs when a criminal with your personal information convinces your network provider to “swap” your phone number to a new device with a new SIM card.
Once the swap is successful, they can access and control your phone’s personal information. This opens up pathways to ATO fraud for any online banking and buying accounts connected to your mobile device.
SIM swapping is especially difficult to detect as it uses real information and the legitimate process of switching customer numbers to a new SIM card. Service carriers must be especially vigilant against SIM swapping.
2. SIM Cloning
SIM cloning is similar to SIM swapping. Instead of porting your phone number, however, SIM swapping makes an entirely new copy of your SIM card.
This can be accomplished by using cloning tools on the physical SIM card. Cybercriminals can also remotely hack the encrypted signal to your SIM card or siphon SIM info through malware and toolkits like SIMJacker.
Like with SIM swapping, the criminal then gains control of your device identity. All your trusted device data is switched from your control to their control.
What is Porting Fraud?
Phone porting fraud is similar to SIM swapping. Instead of switching your phone number to a new device, however, cybercriminals convince your current network provider to switch your number to a new network provider.
What is Subscriber Fraud?
Subscriber fraud uses your personal information to open a fraudulent mobile device account. Any debts incurred using the device are then connected to your personal identity. Subscriber fraud can also be used to carry out illegal activities, like drug trafficking and robbery. Law enforcement may trace the device’s identity back to you. This means victims dealing with fraudulent debts can also have potential legal action against them for crimes they didn’t commit.
What is Synthetic ID Fraud?
Synthetic ID fraud is a form of identity theft. Instead of stealing your entire identity, however, cybercriminals combine both real and fake information to create a new pseudo-identity.
For example, a fraudster can pair your real national insurance number (NINO) with a fake name, address, and birthdate. This creates a new false identity that seems legitimate at first glance to any entity requiring NINO information.
This fake identity can then apply for loans, credit, and financial accounts under your tax number. They’ll disappear when the bills are due, leaving you and the financial institutions to deal with your wrecked financial history instead.
Synthetic ID fraud is costly to both victims and financial institutions. Cybercriminals who commit this form of digital fraud are also difficult to trace.
What is Wangiri (one-ring) Fraud?
A different form of fraud, Wanigiri can directly cost you money without needing any more information than your phone number. This scam originated in Japan, with Wanigiri meaning “one ring and cut” in Japanese.
One-ring fraud occurs when cybercriminals call international mobile phone numbers and hang up after one ring. Many people will call the number back to find out why they were contacted.
The call back is charged at a high call charge rate. The longer the victim stays on the line, the more lucrative the fraud. Scammers will employ multiple techniques to keep victims from hanging up, including telling callers to hold for more information or connection to a live person.
Other Common Mobile Phone Fraud Techniques
Before cybercriminals can use your mobile device for identity fraud, they need your personal information. Besides hacking and malware, there are multiple tried-and-true ways for criminals to gain personal data from your mobile device.
1. Mobile phone spoofing
Spoofing uses various techniques to get around caller ID on mobile devices. Spoofers will disguise their number as a local or even a company/government number so it appears you’re being contacted by someone legitimate.
Once you answer the phone, they’ll pose as a legitimate agent and attempt to gain personal information such as account numbers, tax numbers, or login information.
Mobile devices with Bluetooth capabilities are vulnerable to the bluesnarfing technique. Cybercriminals can use public Bluetooth to hijack your connection and siphon any and even all of your device’s stored data.
3. SMS Phishing
SMS phishing is the mobile phone version of traditional phishing scams. Cybercriminals will spam texts to your phone, hoping to gain personal information through your responses.
People are more likely to open text messages (98%) than emails (20%) according to marketers, which makes SMS phishing especially lucrative.
How Does Mobile Device Intelligence Reduce Fraud?
All of the different types of fraud listed above rely on a customer’s mobile phone number as the backbone of the means of access to commit fraud. Therefore, performing data verification via a mobile number compared to an email address or other more traditional method provides additional assurance.
This is because there are significantly more checks carried out through this process, including against third party databases from regulators, trusted third party data providers and mobile networks.
Digital fraud generally occurs beyond the sight of both consumers and companies. By the time they notice fraudulent activity, it’s because cybercriminals have already made their profits.
Mobile device intelligence combines dynamic learning with computing response time. The result is a faster, scalable, and more productive fraud prevention system layered onto existing security protections within your digital onboarding process.
Account Takeover Protection
Mobile device intelligence adds another layer to account takeover protection. ATO protection uses intelligence systems to monitor accounts and analyse suspicious transactions and other high-risk behaviours.
When suspicious activity occurs, mobile intelligence can help notify you before cybercriminals can access your user’s account information. It can also aid in identifying the points criminals used to attempt access.
SIM-Swap Fraud Prevention
Mobile device intelligence reduces fraud by keeping digital footprints safe and current. Mobile device intelligence can increase sim-swap fraud prevention, for example, by verifying a user’s location history with the newly requested device location.
If the location matches previous footprint patterns, it reduces the chances of false positives. If there’s anomalous behaviour behind the request, however, mobile intelligence can sound the alarm before cybercriminals have time to perform ATO fraud through SMS verification.
Loan Application Fraud Detection
Mobile device intelligence paired with loan applications can detect patterns in both applicant history and known fraud activity. It can also verify if multiple fraudulent requests have been attempted using the same information along with other key markers left by irregular account activity.
This also reduces the time and effort it takes for ongoing investigations, while adding more precision to your initial validation processes. It also reduces customer friction for legitimate requests that match up with previous patterns and have low-risk thresholds.
TMT Analysis for Your Mobile Intelligence Solutions
Fraud is an expensive and time-consuming issue for consumers and companies alike. Your mobile device identity relies on dynamic mobile intelligence solutions to keep it safe.
Talk to our experienced mobile device intelligence team to learn more about how additional authentication can be seamlessly integrated into your existing onboarding process.