With the digital transformation of the post-pandemic world, Africa is seeing a massive technology revolution, especially in the telecom industry, which has shifted network infrastructure away from traditional services to more advanced commercial routers, switches, and servers. But this move hasn’t been without some challenges — notably cybersecurity risks. Mordor Intelligence predicts that the entertainment and telecommunication market in Africa will register a compound annual growth rate (CAGR) of 11.2% between 2021 and 2026, but the industry must fiercely combat telecom fraud if it hopes to scale.

A persistent problem in Africa, telecom fraud was one of the central discussions at the recent Africa Tech Festival 2022, held Nov. 14-16 in Cape Town, South Africa. The event, produced by Informa Tech, focuses on technology developments and industry trends in Africa, elevating those at the forefront of digital inclusion.

In 2020, a report by the Sierra Leonean National Telecommunication Commission stated, “Africa is losing around $1.59 billion yearly to telecoms fraud.” There’s a huge market for attackers to exploit here, and unless organizations rethink their approach to telecom fraud, they’ll fall behind the attackers. While this is a worrisome reality, it isn’t all bleak for Africa.

Telecom Fraud Thriving in Africa

Telecom fraud is growing everywhere, but Africa has its own special conditions that leave it even more exposed to the growing threat. Termination rates to African countries are among the highest in the world, making international calls very expensive.

“The cost differential between international and national calls is frequently quite dramatic,” Africa Tech attendee Gavin Stewart, vice president of sales at Oculeus, says. “Therefore, fraudsters commonly apply manipulation so that international traffic masquerades as local/national calls and therefore get cheaper rates. This is achieved by pushing the traffic down illegitimate routings, impersonating a local number ID, or both. This ‘bypass’ fraud activity is particularly endemic across Africa.”

In roaming fraud, for example, fraudsters get hold of SIM cards and use them from overseas markets to call international revenue share numbers. It takes a minimum of three to four hours for the call records to arrive back at the home network for analysis, providing these cybercriminals ample time to fully exploit this revenue stream. The fraud can equally occur by way of a sim box where illegal international voice-over-IP (VoIP) calls are diverted onto local mobile networks. The criminals benefit from the international call charges, but because the call appears to be local, the operator is only paid for a local rate call.

Global telecom fraud usually involves CLI refiling, which Stewart describes as “a kind of bypass fraud where the identifying number of a call is deliberately manipulated to benefit from cheaper termination rates unfairly.” He notes that these cheaper rates are commonly offered for national calls or calls between country pairs that have negotiated a special arrangement, or even calls between members of a large telco multi-country group. “As telco networks have largely migrated to newer SIP-based networks, the technology has inadvertently made it much easier to achieve such manipulations,” he adds.

Fighting Fire With Fire

McKinsey reports that the African domestic e-payments market is expected to see revenues grow by approximately 20% yearly, reaching around $40 billion by 2025. Most of these payments are powered by banks and nonbank players innovating to reduce friction in domestic and cross-border payments to benefit consumers and businesses. The nonbank players in Africa are primarily telecommunications service providers and fintech organizations. The large volume of transactions in the industry is an appealing target for fraudsters.

“Africa has been a global pioneer in mobile money transactions. Equally, this new money transfer channel attracts new and complex fraud use cases. Whereas the traditional banking sector benefits from multiple security layers and controls, a fraudster or cybercriminal targeting mobile money transactions needs only to access a mobile network in order to appropriate funds,” Stewart says.

The future, he opines, will be to turn the advanced techniques used by bad actors against the cybercriminals. “Since fraudsters are manipulating SIP protocols, it follows that SIP level real-time protection is vital. AI (artificial intelligence) is also widely employed by fraudsters to disguise their methods in increasingly subtle ways that can evade the logic of outmoded anti-fraud systems. It is incumbent on telcos to implement AI-based technologies if they are to have any hope of successfully detecting and mitigating AI-driven frauds today,” Stewart says.

Collaborating for a Common Cause

Telecom fraud in Africa cuts across several strata, from multiple opt-in frauds to text messages and international call fraud, with the motherlode being mobile money transactions. However, Stewart believes anti-fraud professionals can band together to deal with the elephant in the room.

“Cybersecurity and anti-fraud professionals have a culture of mutual cooperation, even where they are working for rival companies. It’s normal to share intelligence collaboratively since this is an industrywide fight. With the resumption of face-to-face networking, security professionals will exchange intelligence, in many cases concerning new fraud attack types which were themselves powered up by the pandemic conditions,” he notes.

Beyond employing new technologies in the fight against fraud, companies in the telecoms industry must actively seek collaboration. “Fraudsters are extremely clever, highly organized, and will always exploit the weakest link. The telecoms community must work together to tackle the common threat and invest in innovative solutions to fight it. Telecoms networks that are not equipped with the highest quality security, insights and fraud protection will be the softest targets,” says Clémentine Fournier, Africa regional vice president of sales for BICS.

Source: www.darkreading.com