Network Analytics

What Does Fraud in a Cable Network Look Like?

By Incognito on August, 30 2016

Stay up to date

Each cable modem has a unique 48-bit hexadecimal address which is known as the MAC address. A unique 48-bit address translates into 281 quadrillion possible address combinations, each of which is unique to a modem. With a number of this size, you can imagine that you shouldn’t ever have two identical MAC addresses appear in your network.

However, the reality is that when you offer a service, you can expect that some evil genius will find a way to steal it!

Cloning in simple words means that two modems have the same MAC address and hence appear to be the same device. This means that the cloned modem will receive the same class of service as the original modem, but without paying a penny for it.

There are many ways that the cable industry has adapted to prevent service theft through cable modem cloning. For example, most CMTS units will not allow two identical MAC addresses to be provisioned. However, a cloned modem can be moved to appear behind another CMTS in order to hide itself, and unfortunately, you would never know. This means that as your network expands, or if you already have a large subscriber base, you become more prone to having cable modem fraud affect your network. In a 2015 report, The Communications Fraud Control Association (CFCA) estimated that service providers in North America incurred close to $1billion in lost revenue from fraud.

In most cases, the person behind the cloned modem aims to steal the highest class of service that they can. This increases bandwidth usage in the network without returning revenue for it and decreases QoS for other paying subscribers. Imagine that you are watching a live stream of a tennis match or a political debate or your favorite show, but your network quality decreases because of a non-paying customer stealing your share of bandwidth. You wouldn’t be very happy, would you?

From the service provider’s perspective, not only are your paying customers experiencing a decreased QoS but you are also simultaneously providing high QoS for a cloned device without getting a penny in return.

In order to combat this source of revenue leakage and decrease in QoS for valued customers, you need a solution that is well informed about your entire network configuration and can automatically detect and manage cable modem fraud. Once you have a solution that can stop fraud in its tracks, you’ll not only stop revenue leakage, you’ll also be able to more easily manage QoS for your legitimate subscribers.

In my discussions with several providers, I’ve learned that many times once the cloned modem is caught in the act, the offender actually turns into a paying customer when their services are blocked. Some service providers were not even aware of the revenue loss until they spent time investigating just how much fraud was being committed across their network.

Are you aware of fraud on your network?

Submit a Comment

Get latest articles directly in your inbox, stay up to date