In the financial realm, a phone number is often a unique identifier that serves as a means of identification, authentication, and even transacting. Because phone numbers are necessary in obtaining financial products and ultimately transacting within them, it is important to understand how a seemingly innocuous phone number can be an indicator of identity fraud.
Overview: The Phone Number Assignment Process
Service providers such as the major telecom companies and the VoIP providers that have grown in popularity in recent years serve subscribers (i.e., the person to whom the directory number is assigned) with phone numbers whenever the subscriber establishes service. Phone numbers in the US are allocated in blocks of 1000 sequential numbers for net new assignments by a non-governmental regulatory body, the North American Numbering Plan Administration (NANPA). The NANPA creates these blocks based on the Numbering Plan Area (NPA) and Central Office Exchange Code (abbreviated, CO), and numerically sequences the blocks based on the subscriber numbers, which are the last four digits of the phone number. Block allocation typically only happens when the existing blocks of phone numbers for an NPA and CO combination are sufficiently exhausted.
Phone numbers often go un-utilized for various reasons. Across all carriers who reported their phone number utilization in 2019, the FTC found that 42% of phone numbers assigned to carriers were available for assignment to customers. Businesses that require several phone numbers for their operations purchase wide ranges of sequential phone numbers and leave some unused to lower overall subscription fees.
Analysis: Using Unassigned Numbers to Perpetuate Identity Fraud
Similarly, fraudsters obtain unallocated phone numbers and have been doing so for years in various call-related scams. In our ongoing research of nuanced fraud tactics that we use to improve our modeling, it was no surprise that fraudsters were finding new ways to employ phone numbers in their attempts to use ID theft victims’ identities to apply for financing with our partner financial institutions. In our review of a sample over 100,000 partner application records, our Fraud Intelligence Team found interesting trends:
The phone numbers were not associated with the applicant.
The area codes were not in the same state as the application address.
Many phones were disconnected.
Most of the falsified phone numbers were all from a single major phone carrier.
Seeing these trends, our Data Science and Fraud Intelligence teams set out to assess just how pervasive the abuse of unassigned numbers in committing ID fraud really is.
To begin, we sought to understand if the phone numbers used by ID theft perpetrators were random or had some element of non-randomness. This curiosity led us to discover that these applicants were collectively using certain ranges of unassigned phone numbers in sequential order. The pattern of action by fraudsters followed the process of finding unassigned phone numbers and following a sequence of using the same area code and additional phone numbers with similar digits sans the last four.
Our Data Science team explored creating a feature around these blocks of phone numbers called the phone window filled rate – which quantifies how many unassigned phone numbers are sequentially close to a particular phone number. A low phone window filled rate indicates that the phone number in question does not have many neighbors assigned (i.e., it is more likely in a consecutive range of unassigned phone numbers). In contrast, a high window filled rate means the phone number does have assigned neighbors. In our population of applications, we see that most applications do not use phone numbers that are in large ranges of unassigned phone numbers; however, there is a significant percentage (approximately 1.5% of all applications) that do use phone numbers that are within the largest range of unassigned phone numbers. See the chart below for the distribution of phone window filled rates across our applications in detail.
Understanding the phone window filled rate provides risk teams with another aspect of fraudulent behavior when assessing applications for identity theft. As seen in the charts below, both VoIP carriers and major carriers see a high correlation with ID theft when the unassigned block of phone numbers is significant.
The phone window filled rate effectively measures potential fraud ring activity as the correlation to ID theft is non-trivial and highlights the closely coordinated use of sequential phone numbers for fraud. We have incorporated this feature into our latest ID theft model to ensure the model is accounting for the higher likelihood of fraud when a phone number is found to be a part of a group of unassigned phone numbers. SentiLink’s team of experts is available to recommend specific treatment strategies for preventing identity theft based on the needs and goals of your business – feel free to reach out!