A global crime wave of stolen, fraudulently obtained, sold-but-not-activated and activated-but-not-used smartphones is costing mobile carriers billions of dollars in lost revenue annually. Millions of devices are stolen throughout all stages of the device lifecycle — from shipments (5 to 25 percent) to in-store theft and robberies (increasing at a rapid rate of 200 percent year-over-year).
In the U.S. alone, GSMA estimates that over 4 million devices a year are trafficked, costing upwards of $900 million. And that estimate is just for prepaid devices. Include postpaid and the impact is far larger. This little-talked about problem is not just costing the carriers. Subscribers are also taking a hit. Verizon just recently reported that about 7,000 customers are directly impacted by this problem every month.
Mobile carriers today are utilizing a number of different tools in an effort to lock down devices and prevent smartphone theft. Yet, the problem persists. If we closely examine these tools, we can see why.
Software “Kill Switches”
This anti-theft software allows the consumer to remotely deactivate their device if stolen, rendering it useless. Some states, including California and New York, mandated this technology in 2015. California reported that smartphone-related thefts fell 22 percent just one year after the law went into effect.
But even with the positive impact of the technology, there are still gaps in protection that can be exploited. This method only helps once the device is registered to a consumer, leaving the devices vulnerable up to that point. CTIA also warned that a kill switch could be misused by hackers who could gain unauthorized access to the device. Plus, many carriers were opposed to the technology as it was expected to have an impact on innovation and revenue.
Manual Unlock Codes
Most carriers today are using software locks on each active device to prevent it from being used on another carrier’s network. For customers that want to switch carriers but keep their device, they have to first go through a tedious and cumbersome verification process with their provider to receive the manual unlock code to free up the phone.
Besides the poor experience they offer to subscribers, manual unlock codes are known to be extremely easy for a hacker to overcome, and can even be bought in bulk on the dark web. They’re also expensive to administer and maintain, and don’t protect devices pre-activation (such as those in transit or in storage).
Temporary Post-purchase Lock Periods
Verizon, the only major carrier still selling unlocked devices, recently announced it would be implementing a slightly modified software-based lock/unlock system due to the struggles with theft and fraud. The carrier will soon require a temporary lock period to prevent customers from switching to another carrier for 60 days after purchase. After the two-month “fraud safety check period,” the phones will unlock automatically.
While this improves the customer experience and reduces some of the administration and maintenance costs, the other challenges with the manual unlock method still exist.
Embedded Hardware-based Protection
The newest tool in the toolbox, currently being used by two of the top four carriers in the U.S., is notably different because it’s hardware-based. It embeds remote lock/unlock technology directly into a device’s secure hardware during the manufacturing process. This prevents fraudulently obtained devices from being unlocked or reused by an unauthorized party at any stage of the device’s lifecycle. The service can also be deployed and scaled rapidly across devices from multiple manufacturers.
This tool gives carriers complete control over the remote lock and unlock process while providing a more positive customer experience and reducing costs.
Layering tools to deter smartphone theft
The best approach for carriers looking to deter systemic smartphone theft is to adopt a layered approach to cover all the bases.
First, embed secure unlock/lock technology into the device during the manufacturing process. This will protect the device from the production line and throughout device’s lifecycle, deterring thieves from trafficking those devices. Customers should also be empowered with a software kill switch, should they lose their phone or be subject to individual phone theft.
Thieves look for the path of least resistance. Carriers can protect themselves and their customers by utilizing a strong, multi-layered anti-theft strategy, forcing thieves to turn their attention elsewhere.