Mobile payment, some fraud thoughts!


Like10 to15 years ago people used public coin phone booths to do their important calls on the go, on a daily bases it was familiar to see waiting line in front of the cabinet waiting for their turn.

Mobile payment, internal fraud

Coin phones,
Even though calls was clearly cheap, it was common to see some metal circles simulates the coin –Coin fraud– weight and size, in order to cheat the cabinet and establish a free phone call, and guess what? This fake coins was returned to other customers as change after finishing a call. You may also recall that coins connected to a wire where the user can pull it back after finishing his call.

As of now you must not examine any user entered object -coin- from one or two dimensions only, otherwise you have to validate all possible object properties (Weight, size, face and back symbols –Coin detection). And if you are returning results -change- back to the user you should use your own objects not some objects -coins- that was entered from current or even a previous users.

All today’s vending machines know this simple trick and there is a stand alone drawer to return change, user coins are pulled to an exit-less drawer where coins can only entered after looping in spiral tubes making it impossible to be pulled back again – this guy used this in smart way!

And smart card phones,
Later on cabinet with smart card interface was introduced to overcome the coin shortage and to afford expensive and international call cost that do need multiple coins to start.

It didn’t take long before someone discovered that during an established call if you pulled your card out, your call will not drop and you will benefit a free minutes lasts till the end of your call. Such type of system bugs was easy to detect and also easy to be fixed as well.

To fix this issue developers updated the code to deduct minute by minute ahead and to do so the card must be validated every minute upfront and call will drop if the card was ejected during the call.
And internal frauds!

One of the local public phone providers was losing a bulk amount of money on monthly base from a certain cabinet, and it takes time before they discovered that one of the cabinet neighbors was connecting his home phone to the cabinet main wire bypassing the phone terminal and all the charging controls enjoying a free long distance calls, as per the investigation those public phones was connected to multiple lines at the same time one for domestic call, national, international and mobile calls.

To detect which two lines exactly you should use to perform a certain call you would need an expert help, and guess what again? This expert was one of the company internal staff that revealed the wire code during some friendly chat!

This is one of the most tricky frauds and it will always shine the golden role (Never count on the front end controls, back end is a must) !

As you might noticed phones and phone providers are one of the most attractive target for fraudsters and there are millions of trials per day to proceed with a free call and fighting frauds is one of the ongoing daily routine for all service providers.

In today’s world internal fraud attacks is taking a big portion from the daily incidents, systems is now smarter and numerous back doors are fixed leaving a very tight room for experts only to find vulnerabilities and making it extremely hard for normal and even medium users to do so.

That’s why many of today discovered back doors, vulnerabilities and bugs are being revealed by internal staff in most cases!

Khaled Sayed,

 

Photo Credit:

http://s0.geograph.org.uk/geophotos/03/76/21/3762150_df65c912.jpg