Mobile operators are developing means of protection against telephone scammers

Despite the government’s active fight against telephone fraud and identity theft, their number continues to grow. For the entire 2023, the Antifraud system for blocking calls from spoofed numbers, created by Roskomnadzor, blocked 622 million suspicious calls. In December, this figure was the highest – 120 million calls. Kommersant looked into what anti-fraud protection measures telecom operators are implementing today.

For the general fight against fraudsters, all Russian operators must join Antifraud by the end of 2024, but despite this, the methods of criminals are becoming more and more sophisticated. The battle of shield and sword may prove endless, experts say. “This situation is typical for all information security: some improve deception mechanisms, others improve protection mechanisms. The weakest link in protection, as a rule, is the human factor, and communication by phone and instant messenger is the easiest and fastest way to interact with the victim. And from anywhere in the world,” noted Lev Afanasyev, head of the Innostage anti-fraud solutions group.

Fraudsters are constantly adapting to new conditions, inventing new ways to bypass the system and using modern technologies. The latest trend is the use of neural networks and deepfakes. “In real time, such technologies still work quite poorly. They have not yet received wide distribution, only targeted stories,” said Kaspersky Fraud Prevention technical consultant Kirill Kulakov.

For different needs

Antifraud is also constantly being improved – new algorithms for analyzing and processing data, machine learning methods and biometrics are being added. Antifraud systems are used in a variety of industries, including financial services, e-commerce, online gaming and telecommunications.

“The unique feature of every anti-fraud system is its ability to adapt to changing fraud scenarios. Some systems use behavior analysis to identify anomalous user actions, while others are based on device verification or authentication,” commented Andrey Efimov, engineer of the information security department at IMBA IT.

There are several main types of anti-fraud systems, notes, in turn, commercial director of Art Engineering Artem Stenyushkin:

1. Systems for monitoring user behavior on a website or application that detect suspicious activity.
2. Authentication systems that verify the identity of the user when entering a site or performing certain actions.
3. Transaction monitoring systems that analyze financial transfers and identify suspicious transactions that may indicate fraud.
4. Data analytics systems that use machine learning algorithms to identify anomalies and predict possible fraud.

Antifraud products can be paid or free, but the difference between them is small, experts say. Paid systems often offer wider functionality, support and active updating of protection algorithms, provide more accurate data and tools for detecting and preventing fraud.

You can also divide antifraud into B2C (user) and B2B (corporate) segments. Typically, mobile operators offer both options – for subscribers and for businesses, while cybersecurity companies mostly work with the corporate segment.

“Label” for scammers

MTS’s anti-fraud platform is based on machine learning algorithms and is designed to identify bank clients susceptible to telephone fraud. “What makes it special is that it uses two analysis models: the first model creates a customer profile based on his actions and a variety of attributes, while the second model analyzes the flow of events in real time to identify patterns often used by fraudsters. The combination of these two models helps determine whether a client is being subjected to social engineering,” the company commented.

Currently, the anti-fraud platform is used exclusively in B2B, but in the future MTS plans to introduce it into its mobile network to protect subscribers. For now, the “Defender” service for protecting against spam calls is working for them, to which more than 40 million people have connected. For the entire 2023, the system was able to block more than 2 billion spam calls.

The new anti-fraud platform is being used as a pilot project and is being tested with several banks, so the cost is calculated individually for each client. The cost of the “Defender” service for the first connection for seven days is 0 rubles, then 3 rubles. in a day.

Beeline (VimpelCom), based on its anti-fraud platform, has created a service for recognizing suspicious numbers for subscribers called Label. The company noted that they provide protection against spam and scammers, as well as additional protection against unauthorized SIM card replacement, to subscribers free of charge.

Beeline also claims that their anti-fraud platform processes about 5 thousand requests per second and 150 million per day, and it takes 50 milliseconds to process one call. “When processing calls, it can check whether the subscriber is roaming, monitor subscriber activity in 2/3G and LTE networks, and check the subscriber’s current connection. Potentially, the platform can be scaled for larger tasks. In July 2022, the problem of integrating the Beeline platform with similar systems operated by the largest Russian telecom operators was solved,” the company added.

At the same time, the operator also works with the corporate segment – Beeline has created a cloud service that gives other Russian operators the opportunity to connect to the unified Antifraud system, in accordance with the requirements of Roskomnadzor, as well as connect their subscribers to the fraud protection system. 318 operators became clients of the platform, but Beeline does not disclose the names of the companies, as well as the cost of services. It is known that among them are broadband providers and mobile operators.

Bots, traffic, verification

The Tele2 anti-fraud system has existed since 2019. Now the company is working on integrating its MVNO partners into it (operators Tinkoff Mobile, SberMobile and VTB Mobile operate on the Tele2 networks).

“We note that connecting to an anti-fraud solution reduces fraudulent traffic by ten times during the first two weeks of operation. Operators have been actively cooperating for several years in terms of call verification and combating number spoofing. Anti-fraud systems installed by Tele2, other operators and a number of banks work like this: when a call arrives on the Tele2 network, the system contacts a similar solution on the network of another operator and asks whether the call is really coming from that operator,” the operator’s representatives added. Tele2 also did not disclose the cost of antifraud services.

MegaFon detects and blocks calls from telephone scammers to its subscribers and subscribers of its subsidiary Yota automatically free of charge. “To detect and block unwanted calls, we use our own technological solutions, and also cooperate with other large operators in terms of call verification, block fraudulent numbers according to lists from the Central Bank,” MegaFon’s press service reported.

The company has connected 25 regional MVNO operators to its system and provides anti-fraud services to representatives of other industries. True, they refused to talk about the cost of services here: “The solution allows you to protect your business from fraudulent calls by providing a specialized API and MegaFon’s analytical mechanisms.” The technology integrates with partner systems, and information exchange is configured in a secure channel. For example, in 2020 we developed an anti-fraud system for financial organizations. It identifies suspicious calls using analytical algorithms based on big data. We are now working in this direction with Sber, VTB, Tinkoff and other banks.”

Kaspersky Lab’s anti-fraud analytical platform Kaspersky Fraud Prevention is intended only for corporate clients. These are mainly representatives of the financial sector, e-commerce and retail, and government organizations.

“The analytical platform uses various technologies to analyze the characteristics of user online sessions, including the use of machine learning methods. Used in real time to actively detect complex fraud schemes in online and mobile remote service channels. The solution analyzes the characteristics of the user’s device and environment not only at the time of login, but also in the future, allowing one to identify deviations in the user profile and effectively detect complex attacks,” explained Kaspersky Fraud Prevention technical consultant Kirill Kulakov.

Risk-based authentication methods determine how similar a user’s behavior is to what happened in the past. In case of suspicious actions, the system transmits signs indicating the need to block the session. The system also protects against account theft, identifies fraudulent accounts, identifies bots, remote control, emulators, the use of anonymization tools, and device spoofing.

Karashash Nogaeva