It's a major concern in the industry.
My company has been approached by networks in the past about this problem – it's a major concern in the industry.
There are a range of tactics used to get customer data about the networks people use, their specific accounts and even if they have insurance for their phone. Companies then use this information to contact a customer, offer them a better deal and steal their business – it’s commercial espionage and theft of data on a massive scale. It also undermines networks providing good services to their customers.
The risk is often the ‘trusted insider’ who goes bad – and technical security procedures and policies alone won't prevent it. Networks need to diagnose the problem up-stream, getting to grips with their customer data and monitoring how it (and hence the customer base) behaves as a whole over time. It’s important to understand the big picture in terms of your customers' behaviour – the problem with mobile phone networks is that they have hundreds of thousands of customers. Can you imagine a smaller business failing to know its clients, unconcerned about whether they retain them and not watching for signs of competitors stealing them away?
By continuously auditing, monitoring, assessing and diagnosing their client base it's possible to see problems as – or even before – they occur. If the technology notices that a particular pattern of standard behaviour starts to become erratic or considerably changes, something might be afoot. We specialise in this kind of monitoring, letting networks know the state of health of their client base and helping to control the conditions that retain customers and protect them from fraudsters.
Another tactic used by unscrupulous companies is to use ‘Autodialler’ machines, which randomly dial phone numbers using smart calculators. They already know the type of number generally owned by each network, then callers use social engineering techniques to find out more about the customer's account and offer what appears to be a better deal and also win the insurance business for the phone. Together this can be very lucrative.
The difference between an Autodialler and a data thief is that the Autodialler doesn’t need to enter the company database. Some may say this is fair game but that couldn’t be further from the truth – left unchecked this situation can develop into a continuous ‘churning’ of customers, driving prices even lower so service suffers, customers suffer and the businesses involved become difficult to control and manage. It undermines the economic basis for developing good standards by service providers; if the problem grows then the temptation for everyone to do it is overwhelming. We should remember that these businesses employ people, provide taxes for the economy and develop new technologies we can sell internationally. It is not in anyone’s long term interests to engage in this. In the short term the ‘sharks’ using Autodiallers make vast amounts of money but inevitably someone will try it on their service provider as well. And, so the story goes on....
Richard Leary - Forensic Pathways
Biting the hand that feeds IT
