Scott Rice
CIO, Sprint
Data to Decisions
Sprint (NYSE: S) is a communications services company that creates more and better ways to connect its customers to the things they care about most. Sprint served 54 million connections as of September 30, 2017 and is widely recognized for developing, engineering and deploying innovative technologies, including the first wireless 4G service from a national carrier in the United States; leading no-contract brands including Virgin Mobile USA, Boost Mobile, and Assurance Wireless; instant national and international push-to-talk capabilities; and a global Tier 1 Internet backbone.
Sprint (along with our mobile telecom peers) is facing an increasing amount of fraudulent activity targeting customer accounts, mobile devices, and network services—from device theft, to identity theft, to account takeovers. Mobile phone-related fraud is a big business. Fraudsters, hackers, and other bad actors employ a number of creative techniques to try and compromise our network, hijack user information, and piece together customer identities that are then sold for a lot of money on the dark web.
Fraudsters are all about making money. They may steal a phone and a Sprint user account, but often that user’s password is the same one that they use for their bank account. These fraudsters will take that user information and password and apply what they learn elsewhere to perpetuate more fraud.
Personal data is highly valuable to these bad actors. Professional fraudsters make a living piecing that data—your email, your Social Security Number, etc.—together into one identity. They put the human identity together, then come to Sprint to test it. Or they might try to access many phones, find a way in and then takeover user accounts or steal user data until they are discovered. You may block one spot and then they pop up in 15 other areas. Today’s fraudsters are extremely organized and professional. At Sprint we knew we needed a completely new approach to combat fraud.
At Sprint, we challenged ourselves to become better about monitoring, spotting and stopping fraud. The challenge that we face is the magnitude of the problem. We have terabytes of data streaming daily. We have hundreds or thousands of alerts of potential fraud that can take teams of people hours or days to comb through. Off-the-shelf security solutions require immense customization that make it difficult to adapt to fraudsters’ ever-changing behavior.
To protect our customers, the Sprint Fraud Management team implemented an innovative anti-fraud system that combines network monitoring, data analytics, and real-time search technologies from Elastic to spot suspicious and potentially fraudulent behavior and then block it before customer accounts can be compromised.
We turned to Elastic’s technology and applied that to fraud detection, using the Elastic Stack to log, monitor, and analyze data across hundreds of systems in order to identify malicious activity. We have found that the Elastic Stack helps us manage our data in whatever way we need. For ex., our fraud team might see a single account that was compromised. Our IT team can now take that information and look across hundreds of systems to identify other customers who may be impacted by the same activity. Previously, this took days of tedious work, but with the Elastic Stack it’s now as simple as a browser search.
Elastic’s technology has also enabled us to use that data to watch behavior patterns to identify fraud activity. By watching and understanding normal customer behavior we can easily see anomalous or atypical behavior that may indicate fraud.
Fraudsters come after us because our customer volumes are so high they think they can slip into our systems unnoticed. With the Elastic Stack, Sprint can find and tag the behavior and shut it down immediately. There are known fraud rings we track and observe in order to understand how they operate and where they will go next. Elastic allows us to take a much more predictive and proactive approach to finding and stopping fraud, which is seen as an industry breakthrough on fraud detection.
-We have experienced a steep reduction in the number of fraud-related incidents reported by customers identifying themselves as victims.
-Outside security consultants report a dramatic reduction in the availability and value of Sprint user credentials for sale on the dark web.
-What had taken days with teams of people now takes hours with just one person. In our fraud team, for example, it would take our team six to eight days to find an answer that they can now find in minutes.
-We also look at ROI, and our IT team notes that they receive a return on the Elastic investment every 90 days.
The Elastic Stack, which encompasses the open source products Elasticsearch, Logstash, Kibana and Beats and commercial features for security, alerting, machine learning, graph analytics and more.
The fraud management project has changed the way IT is viewed inside Sprint. Through this project, our Fraud Management and IT teams are providing real value to improve the performance and efficiency of business units inside Sprint.
One of the the most telling business metrics is watching the availability and price of Sprint customer credentials on the dark web. Often these fraudsters will steal a vast amount of credentials and then post them for sale to other bad characters. We have contracted with a vendor that specializes in dark web visibility and they found that the amount and value of Sprint's credentials have been dramatically reduced for sale on the dark web. Not only are fraudsters compromising fewer Sprint user accounts, but often we are able to disable or deactivate those accounts before the data can be sold.
Today on the dark web over 50% of Sprint customer credential buyers want a refund vs. 5% previously—meaning that more than half of the bad guys purchased our credentials only to find that they were useless. That’s a direct reflection of our fraud detection efforts. Meanwhile, from talking to our telecom competitors, we found that our anti-fraud work has moved fraudsters to our peers.
In addition to fraud detection, Sprint’s goal was for our machine data to ingest and visualize real-time mission critical data and share it instantaneously to drive key business decisions. The executive office corridor now has flat-screens displaying Sprint’s key metrics, where employees can stay in constant contact with company performance.
Sprint won awards for their ability to utilize data effectively, including the CIO 100 Award in 2017 and 2018 for data in fraud detection.