Fraud management units and security departments in telecommunications companies, retail concerns and any other businesses that currently sell goods or services electronically on the Internet should take special care with the launch of third generation (3G) mobile telephone services.
That is the message from Alcatel Telecom, a fraud management group with expertise in telecommunications, which has been considering the onset of new mobiles that route voice and text messages via the Internet rather than radio base stations.
Alcatel’s product marketing manager, Tania Taylor, warned ‘Crime 2001’ – a conference endorsed by the Association of Chief Police Officers (ACPO) – that new opportunities for lucrative fraud could result over and above that experienced on the Internet and e-commerce. Taylor added that there could be confusion over who would be held liable.
At present, said Taylor, criminals make big money by selling voice calls, diverted remotely from a switchboard to an international number. However, in the hands of a thief or fraudulent subscriber using a fake credit card number, the ability to use 3G ‘phones to order washing machines, dish washers, music systems or other high value electronic goods means that opportunities to make money are multiplied.
Advantages for fraudsters over defrauding retailers via the Internet, using ‘card-not-present’ scams, include the mobility offered to 3G ‘phone users. Retailers might also assume that subscribers to a 3G telephone service will have been screened in advance by operators for honesty and reliability, making vendors more likely to accept a series of large orders.
Another problem concerns possible disputes over liability. Ms Taylor said that Internet Service Providers (ISPs) are rarely held liable for on-line crime, with retailers picking up the cost of cons such as ‘card-not-present’ fraud because it’s assumed that ISPs know very little about their customers.
However, this may well not apply for m-commerce deals, where retailers might strike a deal with telecommunication companies over giving their subscribers the right to buy goods and services with a 3G mobile.
Tania Taylor said: "Who’s liable if tickets are bought fraudulently from a football club? Is it the operator, or is it the club?" She added that the likelihood was that ‘telcos’ would have to pay if their ‘phones offered users the chance to order tickets from a particular vendor – because of the expectation of advanced screening by operators.
Other problems that could be faced include the theft of digital content (probably text) from sites that are made available via a 3G mobile.
There will also be difficulties in investigating telecommunications fraud. At present, said Ms Taylor, security departments are able to trace a call using logging records, checking where and when a given call was made and who received it. Even if a call is diverted onto another network, roaming data will be supplied by a linked telco, and a full set of records can be analysed for strange patterns that might indicate that fraud is actually taking place.
With 3G and the Internet, this is different. Here, it’s easy to check where and when a call is made and even how much data is transferred to a handset, but the call tracing will only say which Internet host is being used to access the World Wide Web. There will be no record of who receives a call, or how it’s routed.
