20.5k unique visitors in the last 3 days

How Little Do We Know about Fraud?

A homily on the need to admit ignorance.

A little learning is a dangerous thing;
Drink deep, or taste not the Pierian spring:
There shallow draughts intoxicate the brain,
And drinking largely sobers us again.

Alexander Pope

How much do you know about the extent and kinds of fraud that blight comms providers and their customers? This is a rhetorical question, but let me encourage thoughtful consideration of how this question might be answered by proposing six possible responses:

  1. “I know everything that can be known about fraud”
  2. “I know enough to justify my status as an expert about fraud”
  3. “I know about the frauds I have personally dealt with, but I cannot claim to know much else”
  4. “I know enough about fraud to bluff my way through my job”
  5. “I know nothing about fraud”
  6. “I know so little about fraud that it would be better if I knew nothing”

Few people would respond with the first or last answers. This is a shame, because I expect the correct answer for most anti-fraud professionals in comms providers would be the third, fourth or final option of this list, with roughly equal numbers for each. If I had to answer this question, then my answer would be the second option if I was trying to impress my audience, or the sixth option if I was being honest. This is because I lack recent first-hand experience of tackling frauds, although I spend plenty of time reviewing second-hand accounts of the extent and kinds of fraud that occur. I spend a lot of time reviewing these second-hand accounts, so I know what people are saying about fraud. But I am also a professional, so I can deduce that many of these second-hand accounts are unreliable. This makes it difficult to know what little can be trusted because it is so unlikely that there will be two good and independent sources of objective data which corroborate each other.

Most of the supposed corroboration that occurs in the field of fraud management is no better than the repetition of hearsay: somebody guesses that fraud averages such-and-such percent of their company’s revenues, then a second person hears that assertion and repeats it, then a third hears it from the second person and repeats it too, then the originator of the claim hears the third person and becomes more confident about their guess. The guess gains the status of a fact by virtue of being repeated so often and questioned so rarely. It seems as though three people know something, when the truth is that three people are unaware of how little they know.

τούτου μὲν τοῦ ἀνθρώπου ἐγὼ σοφώτερός εἰμι· κινδυνεύει μὲν γὰρ ἡμῶν οὐδέτερος οὐδὲν καλὸν κἀγαθὸν εἰδέναι, ἀλλ᾽ οὗτος μὲν οἴεταί τι εἰδέναι οὐκ εἰδώς, ἐγὼ δέ, ὥσπερ οὖν οὐκ οἶδα, οὐδὲ οἴομαι· ἔοικα γοῦν τούτου γε σμικρῷ τινι αὐτῷ τούτῳ σοφώτερος εἶναι, ὅτι ἃ μὴ οἶδα οὐδὲ οἴομαι εἰδέναι.

I am wiser than this man, for neither of us appears to know anything great and good; but he fancies he knows something, although he knows nothing; whereas I, as I do not know anything, do not fancy I do. In this trifling particular, then, I appear to be wiser than he, because I do not fancy I know what I do not know.

Socrates, as recounted by Plato

The problem with criticizing ignorance is that many people respond by becoming defensive, when the actual goal was to discover what little is actually known so real learning can begin. Responding with hostility to the accurate observation of ignorance is not a new phenomenon; the ancient Athenians killed Socrates in 399BCE because he so routinely pointed out the ignorance of his countryfolk. How people respond to the observation that they are ignorant will partly be influenced by their status, partly by their temperament, and partly by their culture. Those with high status are more likely to dismiss any questions about the source of their information, even though (or because) their status may be associated with the extent of their learning. Individuals with a phlegmatic character do not feel pressured to pretend they know something when they do not. I could also make observations about cultures that care deeply about ‘saving face’, but the culture wars of the last few decades have emboldened ignoramuses who insist such generalizations must be shouted down at every opportunity. This further illustrates why those few who have some useful insights may be reluctant to share them with others.

It is better to remain silent at the risk of being thought a fool, than to talk and remove all doubt of it.

Maurice Switzer

Switzer’s adage has been copied and misattributed many times because it is funny and sharp, but I do not entirely agree with it. There is no risk in saying something if you are saying the same thing as everyone else around you. Risk is only introduced when saying something different to everyone else. Switzer did not consider the possibility that the person who is speaking might be surrounded by fools. Appeasing fools by only telling them what they want to hear is not better than warning them about their foolishness, though it is a lot more convenient. Which is more important when trying to tackle fraud: that no professional should ever be inconvenienced by pointing our their mistakes and failings, or that professionals suffer the regular inconvenience of being compelled to do a better job?

I recently had a bad experience with a web developer for a marketing business. He knew nothing about fraud suffered by comms providers, but thought it was his job to go beyond the remit of configuring typefaces and writing the website’s style sheet. This was done by googling about fraud and copying the assertions he had seen written elsewhere. He had no idea if those statements were accurate or not. But they sounded like reasons to buy a fraud product, so he copied them anyway. It is easy to see how complete nonsense can be repeated over and over, especially by people whose goal is marketing, not academic research. Falsehoods assume a veneer of truth because they are repeated, not because people are independently verifying the claims that are being made. The fact that businesses do not want to share hard data about fraud further encourages an anti-scientific approach to learning about fraud. A scientist seeks to reproduce findings in order to confirm they are accurate. Most businesses who engage in selling anti-fraud software do the opposite. They want the wildest marketing claims to be believed, so they never challenge those claims even when they possess data that contradicts those claims.

Crying wolf is a gimmick that only works with audiences that have little interest and little information. The phrase ‘crying wolf’ exists because those with experience will reject attempts to get attention by pretending things are worse than they really are. That the anti-fraud sector is caught in a trap where it has to continually cry wolf to get attention demonstrates an inability or an unwillingness to reduce fraud. If you believe your job depends on fraud always getting worse, then you will spend your entire career failing to reduce fraud.

There is a way out of the mess created by utterly unreliable measures of fraud, as learned by examining how other people started to extricate themselves from a similar mess. For many years, the measures of the total extent of data breaches were even less reliable than the measures we use for fraud. The most important failing was that organizations would try to keep breaches secret. If they did report a breach, they often underreported the true scale of the breach. Meanwhile, the data that was breached would be used to enable a variety of crimes, and would be sold on marketplaces for criminals. So it became possible to show from alternative measures that not all organizations were voluntarily supplying accurate and complete reports of the breaches they suffered. This prompted legislators in various countries to demand the mandatory disclosure of data breaches. Obliging organizations to report breaches is not an immediate fix to the problem, but it discourages the dishonesty which had previously been widespread. I expect it is only a matter of time before legislators apply a similar logic to mandating telcos (and other businesses) to disclose any and all frauds suffered by them and their customers.

The reason to expect this change stems from the emergence of alternative measures of fraud that previously did not exist. The communications industry is so rotten with fraud that it also affects huge numbers of phone users to an unprecedented degree. Consumer reports of fraud to the police are also notoriously inaccurate, and it is always assumed they understate the true scale of crime. But now the scale of crime is so large that there are literally hundreds of thousands of modern slaves that have been forced to work in fraud factories situated in countries like Myanmar and Cambodia. The size of the criminal economy needed to sustain so many slaves eclipses the rather silly opinion polls that telcos have routinely confused with a useful measure of fraud. The notion that all telecoms fraud is typically worth 2 percent of telco revenues breaks down when confronted with the reality that only some kinds of fraud are generating the equivalent of 40 percent of the Gross Domestic Product of entire countries. Crime at this scale is a threat to both national and international security. Modern day slavery in poor countries, and its use to target victims in rich countries, will force legislators to reappraise the scale of the problems that the communications industry has been unable to measure adequately.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email