New research from Kaleido Intelligence has found that annual fraud losses from voice and operator messaging channels will decline to $17 billion in 2028, an annual decline of 9% on 2024’s projected losses for the year.
Kaleido’s new research, Mobile Network Fraud & Security: 2024 Outlook, shows that a combination of declines in channel use and the shutdown of circuit-switched networks will encourage fraudsters into newer forms of fraud, including attacks on APIs, and the use of AI to directly manipulate the telecoms network and create false subscriber identities. These false identities are a key reason why subscriber fraud will remain the single most damaging form of fraud in the coming years, accounting for nearly $11 billion in operator losses in 2028.
Traditional channels to remain a threat despite declines
The report notes that while voice and SMS fraud will cause fewer material losses over time, the need to maintain backwards compatibility in the networks will keep older vulnerabilities from SS7 and Diameter protocols present long into the 5G era. As a result, Kaleido expects fraud from these channels to plateau rather than disappear altogether, with the rate of decline falling throughout the forecast period.
In the case of SMS, we expect to see declines because of increased adoption of RCS following Apple’s announcement of support for the standard. However, despite increased encryption, variable implementation will leave messaging open as a potential channel for fraudsters, keeping messaging fraud over $6 million in 2028.
Report author, James Moar, said, “The security problems with RCS implementations are emblematic of many security issues within the telecoms space; flexibility and variation in standards implementation, while helpful to operators dealing with diverse infrastructure, continues to make high security an option, rather than a necessity.”
Telco APIs widen attack surface
Kaleido notes that while standardised telco APIs will help with service delivery and in some instances provide a new set of anti-fraud tools, they also broaden the attack surface, giving more potential points of ingress and disruption to the telecoms network. With some of these APIs potentially being used for IoT use cases, telcos need to remain vigilant for DDoS and other automated forms of attack on their networks. Telcos’ inexperience in dealing with API security is a key reason why more advanced forms of attack will increase to almost $8 billion by 2028.
Comment on this article via X: @IoTNow_ and visit our homepage IoT Now
