Communications Week February 03, 1997, Issue: 648 Section: Telepath -- Technology Platforms: The elements that make up converging networks Client/server technology helps identify trouble -- Service providers move quietly to reduce fraud By Paul Korzeniowski Service providers are keeping a dirty little secret. They know that each day, hundreds-maybe even thousands of people-pick up telephones and place calls with no intention of ever paying their phone bills. The telephone companies also know these people will probably get away with their crimes even if carriers collect evidence and identify the perpetrators. Mum's the word Carriers don't like to make this admission, for a couple of reasons. Mostly they don't want to appear powerless in combatting toll fraud. Publicizing the problem could hurt rather than help these companies: Publicity could lead to more prosecutions but also might cause public utilities to scrutinize current telecommunications rates-rates which typically bury toll fraud losses in a company's operating costs. Telephone companies have been grappling with how to deal with this problem for years. In fact, before founding Apple Computer Inc. in the 1970s, Steven Jobs and Steve Wozniak were phone freaks who viewed breaking into the telephone network as more of an intellectual challenge than a malicious crime. Such thinking remains common today. "There is a certain segment of the population that feels it should never have to pay for a telephone call because carriers make excessive amounts of money," said Phillip Redman, an industry analyst with The Yankee Group, Boston. Indeed, he said, the bandits view phone companies as large, greedy corporations and themselves as modern-day Robin Hoods. Accordingly, the bad guys have developed various techniques to skirt paying for telephone services. People looking to obtain free service identify loopholes in central-office switch software so their calls either go undetected or are improperly billed. This group also preys on the carelessness of employees, often leafing through dumpsters in search of old phone listings or calling companies and asking for employees with common names, such as Joseph Smith. Once they have a name, the hackers work to identify passwords so they can route their calls through a company's PBX. Counterattack For their part, service providers have been using technology to thwart illegal phone use. The Board Room Inc., Romeoville, Ill., sells a hardware and software package that automatically kicks out unusual calling patterns. The system will alert a carrier, for instance, when a company suddenly starts making hundreds of calls to Paris. The carrier then works with the customer to close the security hole by taking certain steps, such as issuing the employee a new account. Gathering call-pattern information is difficult because customers place millions of calls during a month. But technology can help: Traditionally, such information was available only in mainframe batch files, generated only once every few weeks, or monthly. With the advent of client/server systems, carriers can monitor this information in real-time and identify problems daily. Customers, too, have taken steps to close up security holes. Telco Research Corp., Nashville, Tenn., sells a toll-fraud system that immediately sounds an alarm when an unusual calling pattern occurs. Steve Doster, director of marketing at the company, said that during the past few years many large companies have purchased such systems. Corporate fraud is down The result is that corporate toll fraud is becoming less common. "PBX monitoring systems have become more sophisticated and less costly, so the volume of corporate hacking has been on the decline during the past few years," said Michael Restovich, senior manager for investigations at MCI Communications Corp.'s Dallas office. Mr. Restovich estimated that corporate hacking represents 20 percent of carriers' lost revenue. Even more vexing problems arise when career criminals are involved. In certain cases, they use false information to open new accounts and have no intention of ever paying for what they use. Unfortunately, toll fraud is gaining favor among criminals. Because of competitive pressures, carriers are signing up new customers quickly. So quickly, in fact, that they may not screen a new account diligently enough to find out if it is based on a false social security number or street address. The problem is so pervasive that bandits often already have opened a new account as a carrier gets ready to close a delinquent one. Criminals also steal telephone calling-card account numbers. Mr. Restovich cited estimates that say carriers lose as much as $2 million per day from the use of fraudulent calling cards. Improved software will not eliminate these security holes: Telephone companies must gather evidence so that those making the calls can be prosecuted. This process is difficult because the perpetrators often give out false addresses and are constantly on the move, one step ahead of their pursuers. Internal investigators For their part, service providers have set up internal investigation teams to find the perpetrators. In recent years, MCI has hired investigators who once worked for federal agencies, such as the Federal Bureau of Investigation and the U.S. Secret Service. These investigators trail criminals and collect information to be used for indictments. But carriers cannot just haul the perpetrators into court and prosecute them. Instead, they have to work with city, state and federal law enforcement officials, who ultimately determine who will be charged. Mr. Restovich admitted that toll fraud is not a high priority for many government agencies. "Toll fraud is often found in large cities, places like New York and Los Angeles," he said. "Police departments and prosecutors there are often overwhelmed battling murders, rapes and robberies." Selective prosecution It also is difficult to gauge how entrenched the problem is. Prosecutors seem more interested in charging rings of thieves than individual criminals. And gathering information on rings is more difficult than collecting evidence against individuals. So carriers can complete months or even years of investigative work, hand it over to authorities-and never see anyone prosecuted. Additionally, many carriers will not talk about toll fraud, and those that do, like MCI, admit there is a problem but are unwilling to detail how much they lose each year. Pride partly explains why these carriers are closemouthed, but in interviews observers presented another consideration: "Carriers do not want to publicize toll fraud because they know it could be political suicide," said Glenn Ross, a project manager at The Board Room. "If carriers ever were successful in rooting out the problem, then they may have to deal with local public utility commissions, which may be more interested in passing any savings on to consumers than letting telephone companies keep it," Mr. Ross said. The result is that carriers simply seem to consider fraud a part of their daily business and refuse to publicize it. There is one notable exception: the cellular communications sector. There, fraud is so rampant it could easily stymie overall market growth. The Yankee Group estimates, for instance, that fraud accounted for approximately 5 percent of all cellular revenue in 1996. Fraud pervades this segment for a couple of reasons. As in the wireline side of the telecommunications industry, the atmosphere is so competitive that carriers do not carefully screen potential customers. Consequently, criminals often use stolen social security numbers or false addresses to open new accounts. Also, the legal community has lagged several steps behind the technology. It wasn't until 1995, when federal statutes covering cellular telephone fraud were completed, that carriers were empowered to do anything at all. The communications medium itself contributes to the problem. Criminals can sit near busy bridges and use special electronic monitoring devices to pull callers' ID numbers from their phones. In half a day, a criminal can walk away with hundreds of legitimate account numbers. And these stolen numbers have become the foundation of a very lucrative business. Entrepreneurial criminals One trick is to tag a cellular phone with a stolen account number and sell a phone with an unlimited number of calls on a street corner for $100 or less. Bargain-hunting pedestrians who do not want to pass up a good buy purchase the device, make calls for a month or two, then are told the phones are stolen. If the customer returns for a refund, he invariably finds that the vendor has since moved on to another street corner. Still, this problem, once pervasive, has been dissipating, according to Mr. Redman of The Yankee Group. "Carriers have been trying to educate consumers, and many now know that deals which sound too good to be true often are illegitimate," he said. But even though the street-corner game may be slowing, other rackets are taking its place. Another ruse entails establishing a neighborhood calling center. The criminal notifies local residents that they can call home-often a foreign country-for as low as $10. These pricey international calls then show up on victims' phone bills. "Two times, I have had my cellular phone number stolen while traveling through Manhattan," said Bill Santos, president of InfoCellular Inc., a cellular telephone software supplier in Wayland, Mass. "One time, the crooks placed $12,000 of calls, and the second time they made $11,000 of calls before the problem was detected. Most of the calls were out of country." Help is on the way Improved technology should help cellular suppliers battle this problem. Cellular network carriers have been moving from analog to digital technology; this way, their systems will more easily support features such as encryption, device identification information which cannot be duplicated, and call-back capabilities, which ensure that only authorized users are availing themselves of services. Consequently, predicts The Yankee Group, cellular fraud will account for only 3.2 percent of the industry's total revenue in 2000. And, while such a drop would be positive, no one expects the problem to disappear altogether. "Carriers constantly come up with new techniques to combat fraud, but the perpetrators are also busy developing new ways to skirt the system," said Mr. Ross of The Board Room. "The battle seems never-ending." Paul Korzeniowski is a free-lance writer in Sudbury, Mass. E-mail your reactions to this article to telepath@cmp.com. Copyright (c) 1997 CMP Media