DALLAS-As thousands of wireless industry comrades flocked to Dallas last week for the Cellular Telecommunications Industry Association’s Wireless ’96 trade show, so did their enemies-criminals seeking a cloning rendezvous. Anticipating a surge in fraud activity, AT&T Wireless Services Inc. and local law enforcement launched a major offense to detect fraudsters.
A half dozen AT&T fraud experts from around the country assembled in Dallas between Saturday and Thursday to boost local fraud detection efforts. Two major cloning operations were identified in Dallas suburbs. In one case, rapid detection resulted in police executing a search warrant by Tuesday morning. Both cases were undergoing continued investigation by law enforcement late last week.
“They’re still busting as it were,” said Roseanna DeMaria, vice president, business security for AT&T Wireless Services.
AT&T’s mission to blitz cloning fraud, called “Operation: Clone Sweep” is a coordinated effort of home market and roaming market detection nationwide. The country is divided into six regions, each with its own fraud camp. “We’re an interdisciplinary team launching a multifaceted attack,” said DeMaria.
“As a reality, Dallas does not have a fraud problem and we want to keep it this way,” said DeMaria. AT&T and Southwestern Bell Mobile Systems are the two Dallas area cellular operators.
AT&T assailed fraud in Dallas from three angles, said DeMaria. Additional people were brought in to monitor call activity using the company’s Fraud Management System, a profiling detection system created by Inet and IBM Corp.
By market, fraud analysts watch the FMS queue to determine cell sites potentially hot for fraud traffic, notify users when unusual activity occurs on their account, issue users new personal identification numbers and terminate calls believed to be fraudulent.
Also on a regional basis, roaming activity is monitored through AT&T’s national roaming system. NRS operators know a New York user is roaming in Dallas for three days. If calls on that account start originating in Los Angeles, an alarm is triggered.
As these analysts detected fraud activity based on profiling and roaming data, AT&T’s field team sought cloners on the street, detecting scanning of electronic serial numbers and mobile identification numbers.
But bagging the criminals is tricky, said DeMaria. For the field team to catch cloners, operators of the FMS and NRS must not turn off the cloned phones being used.
Once a cloner was identified, AT&T’s fraud team notified law enforcement. In both of the two major cases, busts started with end-users, who agreed to inform the police of the party that cloned their phone. One cloner led to another cloner, and so on, explained DeMaria. She said Texas-based cloned phone sellers were among the criminals caught.