Carrier Billing Security Blog 1: Industry Challenges

Alex Radonjic

In the recent Rocco Direct Carrier Billing Vendor Performance Report 2018, 112 Mobile Network Operators from 91 countries were asked which requirements for them are the most important when choosing their Direct Carrier Billing Vendor. Beside Implementation Process, Business Focus, Direct Connectivity and many other, Security was by far the most important requirement. So, let’s see what the most common challenges are, that MNOs are frequently facing which will be covered in this post, as well as the best industry practices on how to solve them which will be covered in the following ones.

 

Industry Challenges

As the Direct Carrier Billing industry is aware of these problems for quite some time, it is important to mention them, and those are Payment Page Frauds. A most common example is when a Confirmation page is opened on the web, therefore one depends on the end-user to do something: to make an interaction or click something in order for the payment process to be initiated. So traditionally the frauds were mainly Iframe-ing, meaning that the fraudulent developers wanted to hide the real payment page under the “fake” one. In this situation the main goal was to incentivize the end-user to click on the fraudulent “fake” page, as the real page was hidden underneath it. So, a click meant an automatic subscription or a one-time payment without end-user’s knowledge about it.

Then with time, and further App developments, publishers started opening Confirmation Pages directly from the applications. That meant fraudulent developers could open the certain webpage in background while the end-user sees something totally different. Whatsoever they can program certain interactions to happen in the background as well without end-user ever initiating any of them. The applications therefore give you all the power to have an interaction with a webpage in the background, without a slightest chance that the end-user can ever be aware of it.

These common problems lead to unhappy end-users, and the increased number of complaints, which eventually become a bad-debt for the MNO, and in the worst-case scenario can lead to the churn of their existing subscribers. All of this directly influences the reputation of the whole industry, where it has a severe impact on all the parties included.

To sum everything up, in order to prevent a fraud of this complexity and protect the end-user, including the MNOs and the reputation of the DCB industry, one has to be more sophisticated than ever, and cannot use only one Security feature, but a combination of a few.

 

These continually-evolving security solutions in the carrier billing industry will be covered in the next Blog post. So stay tuned.