purebill.com

Stephen Jones writing on billing and application migration

 subscribe to purebill link
. Home . About . Archive . Links . Billing . Reference . Subscribe . Search . .
. Column Archive . Article Archive .

Article Comment: Minimising customers' billing exposure to Fraud

22 December 2005

Link: Cell Phone companies and Security by Bruce Schneier

Link: How a terror group cloned Ted Roger's cellphone by Peter Cheney (Globetechnology)

The Globetechnology article outlines how a Rogers Wireless customer (Susan Drummond) was sent a monthly bill for $12,237 instead of an expected $75. Whilst Susan Drummond was on vacation, her phone was stolen and used to make excessive calls in a pattern that was wildly different to her normal calling pattern. It was only when she received her bill that she discovered and determined what had happened.

Rogers Wireless claimed that there was nothing they could do to stop the ongoing and excessive charges (whilst Susan Drummond was still on vacation and unaware of what was taking place), however subsequent investigation revealed that they did have fraud systems which for some unidentified reason had not halted service on this occasion.

Bruce Schneier (a systems security expert) links to and discusses the article outlining how Rogers Wireless had the control / opportunity to deploy tools (fraud detection software, anti-cloning network technologies) that could limit customers' exposure to this and other fraudulent acts. Bruce Schneier suggest that only when the biller, and not their customers, is liable for fraudulent charges will the biller incur sufficient (financial) incentive to reduce the fraud that occurs.

The points to note from both articles and the comments on Bruce Schneier's article include:

  • Billers should use fraud systems to monitor their customers' activity and actively action anomalies as and when they occur. To support prompt detection and response, network transactions / charges must be received and processed promptly.
  • Options exist to limit a phone service's maximum bill to a small (3x) multiple of a customer's regular billing total. This provides an additional layer of processing that limits a fraud in a manner sensitive to a customer's normal spending pattern (i.e. high spenders' limits will relatively larger).
  • Where unusual spending is detected by the biller, and the network service is not automatically suspended (disconnected), customers must be contacted sensitively by email or phone call and/or challenged (e.g. by the network) to provide something such as a PIN number that is unknown and undiscoverable to a thief or a fraud perpetrator.

Fraud detection operates widely within the financial industry and similar restraints to customer spending (declined credit card transactions, credit limits) may reduce the impact of fraud on network customers, and limit the unrecoverable charges accrued by billers. Not all billers will be able to detect excessive spending and limit customers' access to their network; for example, water / gas utilities can only detect excessive use weeks or months after the fact.

Tags: , , , ,

.
Comments welcome: feedback(at)purebill.com Stephen Jones © - Copyright and reprint rules | Sitemap .