View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
January 11, 2004

T-Mobile was slow to detect fraud

T-Mobile's fraud detection systems or processes are not working properly - that's according to the SAS Institute's head of fraud solutions, Peter Dorrington.

By CBR Staff Writer

Dorrington’s comments came in an interview with ComputerWire after London’s Metro newspaper reported last week the story of a British couple, whose stolen mobile phone was used fraudulently for seven days before T-Mobile realized and blocked the line.

T-Mobile’s spokesperson Patrick Barrow explained the seven-day time lag between the phone being used fraudulently and T-Mobile discovering the fraud by saying that because the couple were abroad, the fraudulent calls were made on T-Mobile partner networks and hence not visible to T-Mobile until those networks sent the call detail records back to T-Mobile.

But Dorrington told ComputerWire that, There are delays when operators are sending information back, but it is usually between a few hours and a few days. Within a very short period this particular case should have rung alarm bells all over the place.

ComputerWire put this argument to T-Mobile’s Barrow, who responded by saying, They wouldn’t know, quite frankly. These calls were on a partner network, not ours. And let’s not forget in all this that it was us who detected the fraud even before the phone was reported stolen.

But Dorrington insisted that the scale of the fraud – around $15,000 in seven days – should have brought it to T-Mobile’s attention far sooner than it did.

This couple said their typical bills were $40 or $50 per month, he said. Less than half a day of the kind of activity the fraudsters were making should have alerted T-Mobile. There are delays in the systems, but this was a gross case and it should have come to light earlier.

Privately held business intelligence specialist SAS Institute sells fraud detection software to operators, as well as to companies in financial services and retail.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Dorrington said that one of the difficulties with fraud management systems is that if they are too rigid in their spotting of unusual patterns, then they throw up large numbers of false positives that the operator needs to investigate. As a result operators are often forced to turn down the sensitivity of the fraud detection systems. But even with a relaxed system, a fraud on the scale of this should still have come to light immediately, added Dorrington.

According to Dorrington, certain types of fraud, for example making constant or nearly constant international calls on a phone for sustained periods, should set off fraud detection alarms immediately, regardless of the sensitivity of the system. Since in this case $15,000 worth of international calls were made in seven days, fraud detection systems should have spotted the fraud quicker than they did, Dorrington said.

Dorrington said that SAS’ fraud detection software is able to learn individual usage patterns and use this knowledge to detect fraudulent behavior. But this is combined with typical fraudulent behavior patterns – such as making persistent international calls – to provide another level of detection. However for the most accurate fraud detection systems, companies need to regularly update the models that govern typical usage by individual customers, in order that the systems do not throw up too many false positives but at the same time do not need to have their sensitivity turned down.

This article is based on material originally produced by ComputerWire.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU