Dorrington’s comments came in an interview with ComputerWire after London’s Metro newspaper reported last week the story of a British couple, whose stolen mobile phone was used fraudulently for seven days before T-Mobile realized and blocked the line.
T-Mobile’s spokesperson Patrick Barrow explained the seven-day time lag between the phone being used fraudulently and T-Mobile discovering the fraud by saying that because the couple were abroad, the fraudulent calls were made on T-Mobile partner networks and hence not visible to T-Mobile until those networks sent the call detail records back to T-Mobile.
But Dorrington told ComputerWire that, There are delays when operators are sending information back, but it is usually between a few hours and a few days. Within a very short period this particular case should have rung alarm bells all over the place.
ComputerWire put this argument to T-Mobile’s Barrow, who responded by saying, They wouldn’t know, quite frankly. These calls were on a partner network, not ours. And let’s not forget in all this that it was us who detected the fraud even before the phone was reported stolen.
But Dorrington insisted that the scale of the fraud – around $15,000 in seven days – should have brought it to T-Mobile’s attention far sooner than it did.
This couple said their typical bills were $40 or $50 per month, he said. Less than half a day of the kind of activity the fraudsters were making should have alerted T-Mobile. There are delays in the systems, but this was a gross case and it should have come to light earlier.
Privately held business intelligence specialist SAS Institute sells fraud detection software to operators, as well as to companies in financial services and retail.
Dorrington said that one of the difficulties with fraud management systems is that if they are too rigid in their spotting of unusual patterns, then they throw up large numbers of false positives that the operator needs to investigate. As a result operators are often forced to turn down the sensitivity of the fraud detection systems. But even with a relaxed system, a fraud on the scale of this should still have come to light immediately, added Dorrington.
According to Dorrington, certain types of fraud, for example making constant or nearly constant international calls on a phone for sustained periods, should set off fraud detection alarms immediately, regardless of the sensitivity of the system. Since in this case $15,000 worth of international calls were made in seven days, fraud detection systems should have spotted the fraud quicker than they did, Dorrington said.
Dorrington said that SAS’ fraud detection software is able to learn individual usage patterns and use this knowledge to detect fraudulent behavior. But this is combined with typical fraudulent behavior patterns – such as making persistent international calls – to provide another level of detection. However for the most accurate fraud detection systems, companies need to regularly update the models that govern typical usage by individual customers, in order that the systems do not throw up too many false positives but at the same time do not need to have their sensitivity turned down.
This article is based on material originally produced by ComputerWire.