What Does Fraud in a Cable Network Look Like?

businessman using laptop with thief shadow

There are many ways that fraud can appear in your network. Our focus today will be on cable modem cloning and its affect on your bottom line, as well as the quality of service (QoS) impacts that fraud has on your legitimate end users.

Let’s start with the basics: what does cable modem cloning mean?

Each cable modem has a unique 48-bit hexadecimal address which is known as the MAC address. A unique 48-bit address translates into 281 quadrillion possible address combinations, each of which is unique to a modem. With a number of this size, you can imagine that you shouldn’t ever have two identical MAC addresses appear in your network.

However, the reality is that when you offer a service, you can expect that some evil genius will find a way to steal it!

Cloning in simple words means that two modems have the same MAC address and hence appear to be the same device. This means that the cloned modem will receive the same class of service as the original modem, but without paying a penny for it.

There are many ways that the cable industry has adapted to prevent service theft through cable modem cloning. For example, most CMTS units will not allow two identical MAC addresses to be provisioned. However, a cloned modem can be moved to appear behind another CMTS in order to hide itself, and unfortunately, you would never know. This means that as your network expands, or if you already have a large subscriber base, you become more prone to having cable modem fraud affect your network. In a 2015 report, The Communications Fraud Control Association (CFCA) estimated that service providers in North America incurred close to $1billion in lost revenue from fraud.

In most cases, the person behind the cloned modem aims to steal the highest class of service that they can. This increases bandwidth usage in the network without returning revenue for it and decreases QoS for other paying subscribers. Imagine that you are watching a live stream of a tennis match or a political debate or your favorite show, but your network quality decreases because of a non-paying customer stealing your share of bandwidth. You wouldn’t be very happy, would you?

From the service provider’s perspective, not only are your paying customers experiencing a decreased QoS but you are also simultaneously providing high QoS for a cloned device without getting a penny in return.

In order to combat this source of revenue leakage and decrease in QoS for valued customers, you need a solution that is well informed about your entire network configuration and can automatically detect and manage cable modem fraud. Once you have a solution that can stop fraud in its tracks, you’ll not only stop revenue leakage, you’ll also be able to more easily manage QoS for your legitimate subscribers.

In my discussions with several providers, I’ve learned that many times once the cloned modem is caught in the act, the offender actually turns into a paying customer when their services are blocked. Some service providers were not even aware of the revenue loss until they spent time investigating just how much fraud was being committed across their network.

Are you aware of fraud on your network?

  • Share: