The Sinister Side of Shadow IT: Corporate Mobile Device Theft

Insiders Are Stealing and Selling Smartphones Undetected for Years

When you think about mobile device fraud, you might think about SIM swapping, cloning or subscriber fraud. You have good reason to—they’re the very tactics the Federal Communications Commission warns against.

But when it comes to corporate mobility, there’s another threat lurking in the shadows – device procurement fraud.

 What is Mobile Device Procurement Fraud?

Mobile device procurement fraud occurs when an employee or a group of employees purchase and sell company-owned mobile devices (e.g., phones, laptops, tablets, MiFi cards, etc.) and associated calling plans “off the books” for their own financial gain.

There are several variations on the scheme:

• They buy extra devices every month and sell them on the aftermarket, such as eBay.

• They sell upgraded devices instead of sending them to the employees that should receive them.

• They register devices and calling plans under fake usernames on the corporate account and sell them to non-employees.

 How Does Mobile Device Procurement Fraud Happen?

This plot is particularly insidious because it’s perpetrated by insiders who are authorized to procure mobile devices and activate mobile calling plans on behalf of an enterprise employer. Buying phones is literally their job, which is one reason the deception often goes undiscovered.

They may get away with the crime for months, or even years, for many reasons, such as:

• They often are trusted, long-term employees of the organization.

• They usually run the enterprise mobility program, including purchasing, distribution, and reporting.

• Sometimes they are former employees whose purchase authorizations were not revoked.

• The fraudulent line items from their activities are buried among are hundreds of monthly transactions.

• There’s no executive oversight or third-party auditing.

How Much Does Mobile Device Procurement Fraud Cost?

Mobile device procurement fraud can cost your enterprise thousands of dollars in both stolen devices and hijacked calling plans. For most enterprises, approximately 5 percent of the line count is new or due for an upgrade every month. Those devices are prime targets for fraud.

Let’s do the math on just the devices: If you have 1,000 employees, you’ll have on average of 50 device transactions every month. At about $800 (for the iPhone 12) per device, that’s $40,000 per month.

It’s easy to see how these losses can skyrocket—especially when you consider that the fraudulent activity can go undetected for months and even years. Due to the large of enterprise mobile procurement, perpetrators are willing to commit felony theft because they believe they can do it under the radar.

They’re not wrong. In one particularly egregious case that vMOX discovered, a procurement manager targeted new iPhone releases, stealing as many as a hundred new iPhones a month while employees made do with the older versions. The scam ran for three years before it was exposed.

How Can Mobile Device Procurement Fraud Be Uncovered?

If you’re wondering whether mobile device procurement fraud is happening at your enterprise organization, look for these risk factors:

• Expensive devices that have zero usage – Follow up with users to ensure they received their new devices. It’s possible an employee didn’t like one and failed to return it, but it also may be that they never received it, or it’s been stolen and sold on the aftermarket.

• Single-threaded purchasing and approvals – If your procurement manager buys devices, receives shipments and approves invoices, there’s risk for abuse. Instead, institute a tiered approval process for oversight.

• Outdated authorized purchaser lists – If you’ve had multiple procurement managers, it’s possible they’re still on your mobile carriers’ authorized purchaser lists and can simply call in and make purchases on your dime. Be sure to monitor and maintain up-to-date authorized purchaser lists with each of your mobile carriers.

• Employees have multiples of the same device type – Employees rarely need multiple smartphones, laptops or tablets. One of each is standard. If they have more than one of any type, it should raise questions about potential abuse. Setting a policy of one device per type, per employee will help to flag existing outliers and mitigate future risk.

• Inconsistent reporting and auditing – Lack of financial reporting also can be a red flag. According to an article about cell phone procurement fraud in CFO Magazine, business units should be required to review complete phone bills, and phone lines should be regularly matched to the current company roster. You don’t want to pay for unused phones at a minimum, but you also may find fraud.

How Can You Protect Against Mobile Device Procurement Fraud?

Protecting against mobile device procurement fraud requires vigilance and constant data analysis. A Mobile Expense Management provider can make this process easier with proactive monitoring to ensure mobile billing accuracy and detect anomalies before they become financial, security or compliance risks.

Look for a provider that:

• Analyzes invoices to reconcile line, user and mobile device information

• Compares contracted rates and commitment requirements with actual provider billing

• Disputes incorrect charges

• Requests credits

• Tracks service orders

• Detects anything out of the ordinary, such as unusually high or low usage, zero usage devices, potentially fraudulent purchases and redundant devices and services

Reach out to vMOX to learn how you can better protect your enterprise against mobile device procurement fraud.