The Most Frequently Asked Questions About Cloning Fraud

1. What is cloning fraud?
2. How do service providers handle reports of cloned phones?
3. How big of a problem is cloning fraud?
4. Can digital phones be cloned?
5. What exactly is "Authentication"?
6. I recently heard that a digital "encryption" algorithm was broken. How does this affect Authentication?
7. What is IS-41?
8. What are service providers doing to combat cloning fraud?
9. Are these methods effective?
10. Is my phone Authentication capable?


1. What is cloning fraud?

Cloning is the process of taking the programmed information that is stored in a legitimate mobile phone and illegally programming the identical information into another mobile phone. The result is that the "cloned" phone can make and receive calls and the charges for those calls are billed to the legitimate subscriber. The service provider network does not have a way to differentiate between the legitimate phone and the "cloned" phone.

2. How do service providers handle reports of cloned phones?

Legitimate subscribers who have their phones cloned will receive bills with charges for calls they didn't make. Sometimes these charges amount to several thousands of dollars in addition to the legitimate charges. Typically, the service provider will assume the cost of those additional fraudulent calls. However, to keep the cloned phone from continuing to receive service, the service provider will terminate the legitimate phone subscription. The subscriber is then required to activate a new subscription with a different phone number requiring reprogramming of the phone, along with the additional headaches that go along with phone number changes.

3. How big of a problem is cloning fraud?

The Cellular Telecommunications Industry Association (CTIA) estimates that financial losses in due to cloning fraud are between $600 million and $900 million in the United States.

4. Can digital phones be cloned?

Yes, however, the mobile phones employing digital TDMA and CDMA technology are equipped with a feature known as "Authentication." Some newer model analog phones also have this feature. Authentication allows the mobile service provider network to determine the legitimacy of a mobile phone. Phones determined to be "clones" can be instantly denied access to service before any calls are made or received.

5. What exactly is "Authentication"?

Authentication is a mathematical process by which identical calculations are performed in both the network and the mobile phone. These calculations use secret information (known as a "key") preprogrammed into both the mobile phone and the network before service is activated. Cloners typically have no access to this secret information (i.e., the key), and therefore cannot obtain the same results to the calculations. A legitimate mobile phone will produce the same calculated result as the network. The mobile phone's result is sent to the network and compared with the network's results. If they match, the phone is not a "clone."

6. I recently heard that a digital "encryption" algorithm was broken. How does this affect Authentication?

Encryption algorithms also use secret information known as "keys" to scramble voice or data information. The algorithm, in conjunction with the key, is used to specially "encode" the information being sent so that eavesdropping on the information produces no discernible result. The same keys are used to "decode" the received information. Although both Encryption and Authentication use keys and mathematical algorithms, they are quite different. In fact, the Authentication algorithm and the key used for Authentication are generally considered more secure than the recently broken Encryption algorithm.

7. What is IS-41?

IS-41 (i.e., Interim Standard No. 41) is a document prescribing standards for communications between mobile networks. The standard was developed by the Telecommunications Industry Association (TIA) and is used primarily throughout North America as well as many Latin American countries and Asia. The IS-41 network communications standard supports AMPS, NAMPS, TDMA, and CDMA radio technologies. IS-41 is the standard that defines the methods for automatic roaming, handoff between systems, and for performing Authentication.

8. What are service providers doing to combat cloning fraud?

They are using many methods such as RF Fingerprinting, subscriber behavior profiling, and Authentication. RF Fingerprinting is a method to uniquely identify mobile phones based on certain unique radio frequency transmission characteristics that are essentially "fingerprints" of the radio being used. Subscriber behavior profiling is used to predict possible fraudulent use of mobile service based on the types of calls previously made by the subscriber. Calls that are not typical of the subscriber's past usage are flagged as potentially fraudulent and appropriate actions can be taken.

Authentication has advantages over these technologies in that it is the only industry standardized procedure that is transparent to the user, a technology that can effectively combat roamer fraud, and is a prevention system as opposed to a detection system.

9. Are these methods effective?

Yes, for the most part. However, Authentication is the most robust and reliable method for preventing cloning fraud and it is the only industry "standard" method for eliminating cloning. The fact that it is standardized means that all mobile telecommunications networks using IS-41 can support Authentication. There is no need to add proprietary equipment, software, or communications protocols to the networks to prevent cloning fraud.

10. Is my phone Authentication capable?

Maybe. If the phone supports TDMA or CDMA digital radio, then yes. Otherwise, it depends on how old the phone is and the make and model. Almost all phones manufactured since the beginning of 1996 support the Authentication function. The best bet is to check with your service provider.