When tumbling phones plagued cellular networks, we recognized the need for an industry-wide solution. We found one: pre-call validation. We deployed it and sent tumbling thieves cowering back to their corner. That was the end of Round 1.

Round 2 began with the emergence of a new and improved, industrial-strength criminal customer, namely the cloner. Once again we recognized the need for an industry-wide solution, and once again we found one: authentication. As we deploy authentication, and Round 2 draws to a close, we must prepare for Round 3, which will introduce the next level of criminal evolution.

The facts are straightforward:

*Fact: Criminals make money from selling cloned phones to other criminals who use cloned phones to ply their illicit trades. This is an extremely lucrative business for all the criminals involved.

*Fact: Criminals will not stop simply because it is more difficult to commit the crime. They will energetically seek the path of least resistance to achieve their goals.

*Fact: Authentication will render the present-day cloned phone extinct. Its deployment and its success are clear. Its wake will drive the criminals to seek new vulnerability points to achieve their illegal goals.

The electronic serial number/mobile identification number (MIN) harvester is directly affected by authentication deployment. For example, in the New York market, where both A- and B-side carriers have deployed authentication, the harvester is taking a chance when he clones a cellular phone with a New York area code. If the MIN is an authentication-capable MIN, the cloned phone will not work, and the cloner will have wasted effort and lost money.

Consequently, the harvester becomes the front-line victim of authentication. His reaction is predictable. He will select roaming numbers on the chance that the roaming partner has not yet deployed authentication. This is, of course, a finite window of opportunity as authentication deployment spreads across the industry, but it is an existing vulnerability for carriers who are not authenticating. The non-authenticating roaming MINs are leaving some carriers unprotected in the fight against fraud.

IN THE INTERIM Naturally, the deployment of authentication diffuses this threat. However, in the interim, even authenticating carriers must protect their customers as they roam to non-authenticating markets. There are several ways to do this. A personal identification number (PIN) feature that protects the roaming customer can serve this function. The roaming PIN brings with it the challenges of customer inconvenience and the complications of communicating a "roaming only" PIN message. Visibility into your customers' usage patterns while roaming allows you to identify multiple clones in variousroaming locations. Hence, your profiler needs roaming visibility. Tools such as collision reports support this approach.

Seeing the aberrant clones is only the first step. Once you have identified the clones operating in three different cities, you will want to shut them off without affecting the true customer. As a result, the cloner will begin to understand that roaming numbers are no longer the easy target they once were.

THE NEXT ROUND As the non-authenticating roaming MIN becomes less useful to cloners, they will be forced to seek additional avenues, such as subscription fraud. This avenue, however, is not entirely the result of authentication deployment.

The rush to market and the post-Telecom Act competitive marketplace is driving bundled offers and alternative distribution channels. These influences are moving toward "virtual customers" in industry acquisition processes. Simply put, carriers are not "vetting" customers as thoroughly at the point-of-sale. Carriers are not using signed subscriber agreements.

As such, the front-end processes to evaluate the validity of customer information and back-end processes to catch the fraudulent subscriptions that elude the front end must be focused and effective. Debit cards and credit-limit monitoring provide carriers with a choice for servicing the unbanked customer. Criminals, however, are seeking out this avenue of attack and are migrating into the pre-existing subscription-fraud-ripe frontier.

BRIBERY IS TRADITION All of the foregoing is far more complex than the simple vulnerability of employee compromise. The criminal is motivated by money, and that is precisely what he will offer your employees to compromise your information. Bribery is a tradition on the criminal frontier.

Ask yourself how many employees have access to the information necessary to clone your customers successfully. Ask yourself how much you are paying those employees who are in possession of these "family jewels." Lastly, do you have a keystroke audit trail of what information an employee has looked at in your system (on the unfortunate chance that you need to investigate an internal breech)?

Employees are critically important to fraud management. Millions can be invested on security systems and infrastructure, but this investment can be eviscerated by an internal compromise. In a corporate culture that values employees and educates them on good security practices (i.e., password protection, information security), the internal threat can be contained and even minimized. It must, however, be addressed, or this low-hanging fruit will become the criminal's garden of Eden.

The last two avenues of attack are physical facilities and logical facilities. The latter refers to operating networks and systems. In both areas, total invulnerability is unrealistic because the most secure physical location, like the most secure operating system, is one that you can neither enter nor leave. In each area, security standards must be created that indicate a baseline level of protection to secure the carrier's assets. Similarly, breaches must be traceable through an audit trail if you hope to investigate security failures.

PREPARATION How do you prepare for Round 3? First, you must recognize that criminals are committed to seeking new points of vulnerability. You must create a plan that coordinates all security efforts across all areas of vulnerability.

Second, you must create and deploy meaningful security standards. New build-outs must build to the standards' security specification, and existing build-outs must be brought into compliance.

Third, security awareness must be driven across the employee base as part of every employee's job.

Finally, the "business" security initiative must be driven from the CEO through his operational team and interwoven into the corporate culture. Security must be a priority in a visible way to keep the criminal from winning the next round.

Vendors are working diligently to arm carriers against subscription fraud. Accessing personal information is easier than ever before, and criminals are obtaining identities and using them to defraud wireless carriers at accelerating rates. Many carriers are finding that obtaining a biometric piece of information about the subscriber or would-be subscriber is an effective way to combat subscription fraud, according to Richard Green, T-Netix vice president of wireless sales.

"The most compelling of all biometrics in the telephony world is, of course, the voice," he said. "Why not use an individual's own voice print to check for previous service abuses or to prevent multiple service requests with different identities?"

According to T-Netix, voice-verification tools can reduce subscription fraud dramatically. T-Netix's newest product, the Voice Verifi-Air (VVA), uses this method to help you identify fraudsters. With VVA, you can control subscription fraud and agent fraud as well as enhance security for your customer account access activity with a single installation. By confirming the identity of an agent or customer on the front end, you will remove the burden on your customer service representatives (CSRs) to identify fraudsters. According to Green, by requiring voice print for verification, dishonest agents and fraudsters will no longer be able to manipulate the system to their advantage.

Subscription fraud is expected to cost the wireless industry 30% of the total $1.1 billion in reported 1996 revenue losses -- that's $904,000 each day.

In order to stay one step ahead of these fraudsters, carriers need to prevent fraudulent activity before it even begins. It is critical that you have an automated customer activation process to minimize the level of fraudulent activity. At Wireless '98, Lightbridge is showcasing Telesto, an integrated customer-acquisition and retention solution that can help you do just that.

Lightbridge's Telesto offers Fraud Detect, a tool that identifies subscription fraud at the point-of-sale and prevents it from happening. It also uses ProFile, an intercarrier database of accounts-receivable, write-offs and service shut-offs that provides on-line prescreening of potentially fraudulent applicants.

ALLTEL already has taken steps to combat subscription fraud by implementing these tools.

"ProFile helps us identify applicants who have a history of bad debt...," said Angela Talton, ALLTEL manager of financial services. "We no longer see the same customers come back and churn through our system. Fraud Detect has greatly reduced the write-offs we were seeing. Of course, some are always going to trickle in, but it's not at the magnitude it was before we were using the product."

By implementing fraud-detection tools, ALLTEL has reduced fraud and seen significant cost savings.

"I keep a record of how many 'hits' we've received every month," Talton added, "and they indicate that we have reduced subscription fraud by about 45.2% in one month."

In addition, Lightbridge's InSight, a customer database that carriers scan for previously qualified applicants to eliminate the re-qualification process, allowed ALLTEL to avoid sending applications to manual review -- a time-consuming and costly process.

"In addition to eliminating the number of credit-bureau inquiries, InSight helps us prevent our existing customers, who may have had their current account suspended, from activating with a new line of service," Talton said.