Identifying IoT fraud risks: The challenges for operators

Luís Brás, head of professional services, Fraud
Management Area, WeDo Technologies

Today’s increasingly connected world is introducing many new elements of commerce into everyday objects, from cars to energy meters. However, the reality of whether we’re ready to embrace the concept of the Internet of Things (IoT) and make the most of it from a revenue perspective is quite different. The IoT is progressively driving different behaviours and dynamics across business, bringing with it a whole new set of challenges and disruption – especially when considering the backdrop of protecting customers, assets and revenues. As a result, revenue discussion will no longer be confined to a purely finance function; there will be implications for IT spend as we know it and company culture as a whole.

The progression to the IoT will introduce new device manufacturers and application providers that the telecoms industry has previously not worked with, and who don’t understand the risks. This will result in additional security and fraud risk, as these ‘trusted’ parties will need to be audited to ensure the expectations of the CSPs are being met, says Luís Brás, head of professional services, Fraud Management Area, WeDo Technologies

Considerations for a Successful Risk Management Strategy

Fraud and revenue risks associated with IoT may mean different things to different people, depending on where they reside within the product and service delivery chain. In order to stay ahead of the curve, organisations will therefore need to consider and evaluate from as risk perspective what elements of their existing fraud type exposure will increase (or decrease) as a result of launching the new devices or services, and understand the full risks that can be posed by the IoT; both what can result from failures with the technology and what fraudsters stand to gain from attacking the service. As part of the product and service lifecycle, the fraud and security functions will need to be directly involved in performing ‘product and services risk assessments’ that are ultimately linked to defining the required strategies. By making a thorough risk assessment, businesses can ensure they are adopting a balanced approach, with technology, people and processes working together to create an effective strategy.

What defences can be defined?

As CSPs are already aware, they have a responsibility for storing and managing highly sensitive and confidential data associated with their customers and business partners. Consideration will need to be given as to how these new connected devices with the IoT will be secured to maintain the integrity of the information held or exchanged with their partners. Data and privacy protection risks will include the potential for eavesdropping on other users, a device’s data being transmitted over  the network by the criminal masquerading as the customer’s device, or network ID and information being subsequently provided illegally to third parties.

As evidenced by recent high profile fraud and security incidents and breaches, the criminal fraternity are becoming more innovative, deploying new and more focused techniques for obtaining exactly what they want from the services and products they target. The IoT will be no exception. CSPs must never become complacent or forget that these highly organised fraudsters operate their own businesses and need to “service” their own customers. Their business model for committing fraud spans all types of technology and crosses international boundaries, and has traditionally relied heavily on the CSP’s inability to respond and recover in a timely manner. It is this aspect that they will again look to prey upon. One of the essential business requirements for CSPs will be to continually consider the risk, and implement clearly defined fraud, security and risk protection models for the IoT.

The demand and requirements for this progression will lead to more exciting results in the formation of strategic partnerships. CSPs must however, consider the implications and requirements to enable them to minimise exposure to fraud risks associated with mobile devices, applications, processes and different business models. At WeDo, we believe that an Enterprise Business Assurance (EBA) approach allows businesses to face innovation such as the introduction of a new range of connected devices as part of the IoT, head on, capitalising on the opportunity for growth while maintaining tight control over business processes, the customer experience and revenue.

The author of this blog is Luís Brás, head of professional services, Fraud Management Area, WeDo Technologies


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

Nozomi Networks and Tripwire announce strategic partnership

Posted on: September 17, 2021

Nozomi Networks Inc., the provider of OT and IoT security, and Tripwire, a global provider of security and compliance solutions for enterprises and industrial organisations, announced they have partnered to help organisations lower cyber risk with consistent security controls that span their IT, OT and IoT environments.

Read more

RightIndem deploys enterprise-grade conversational AI to simplify customer claims process

Posted on: September 17, 2021

RightIndem, an global insurance technology company, has worked with Bristol-based Amdaris to simplify its customer onboarding process via developing enterprise-grade conversational Artificial Intelligence experiences.

Read more