Regulators, policy makers and industry gathered in Brussels yesterday for a WG NaN workshop on fraud and misuse of electronic communications services where E.164 numbers play a role. The workshop provided a platform for over 90 representatives from a broad range of stakeholders to share experiences and insights on fraud and to cooperate and collaborate on finding solutions to effectively combat fraud.
The workshop was kindly hosted by the Belgian Institute for Postal Services and Telecommunications (BIPT). Jan Vannieuwenhuyse, BIPT, opened the workshop and welcomed the participants to Brussels. Jan spoke about the importance of the work of WG NaN in this area and the need for a greater focus on fraud by European regulators. Jan also talked about the importance of raising awareness and educating end-users noting the success that has been achieved by the banking sector in this regard.
The WG NaN Chairman, Johannes Vallesverd, then introduced the recently adopted ECC Report 275 entitled “The role of E.164 numbers in international fraud and misuse of electronic communications services”. This report examines the motives, methods and opportunities for committing fraud and presents an inventory of known fraud and misuse techniques particularly where E.164 numbers play a role. The report also looks at the administrative and technical tools that are being developed and deployed to tackle fraud and misuse both in Europe and beyond.
ECC Report 275 makes several recommendations for best practices and one of these is to promote information sharing and cooperation between the various stakeholders. Yesterday's workshop represented a first step in this direction where the latest trends in global fraud and misuse were discussed with a view to collaborating and cooperating on finding appropriate administrative and technical solutions to deal with these issues.
The use of electronic communications networks and services to perpetrate fraud is an increasingly difficult challenge for regulators and industry players to overcome in today’s ever-changing telecommunications landscape. Jason Lane-Sellers, ThreatMetrix and president of the Communications Fraud Control Association’s (CFCA), presented the results of the latest CFCA global fraud loss survey. In 2017, the industry lost US$29.2 Billion. While the reported figures show a downward trend when compared to the previous year, the number of fraud attempts is increasing so vigilance is required from network and service providers. Jason also emphasised that activities are moving away from traditional revenue loss based on call utilisation while the consumer aspect to fraud is increasing. Therefore, operators and service providers will need to strike a balance between protecting revenues and protecting consumers. Jason also provided an overview of the latest quarterly report from ThreatMetrix. An interesting statistic mentioned was that 1 in 10 online account logins is now a fraud attempt.
Katia Gonzalez, BICS, called for a collaborative approach to ensure that international carriers engage only with parties who can demonstrate their active commitment to preventing fraudulent traffic. In an industry that keeps on suffering heavily from fraud globally, a coordinated and collaborative end-to-end approach is a must to effectively fight fraud. An encouraging and coordinated wholesale carrier approach is emerging as the industry viewpoint has started to shift. Katia highlighted the potential of crowdsourcing to alert operators to fraud so that they can take appropriate action rapidly thereby limiting the window of opportunity for fraudsters. Going forward, trust, partnership and collaboration are key to combatting international fraud.
Tom Boyce, ComReg, presented BEREC’s examination of cross-border fraud and misuse issues and its exploration of ways to share information and adopt a common approach to address cases when they arise. The presentation also covered BEREC’s assessment of associated issues, including mobile premium rate services with a cross-border dimension and the powers available to NRAs to take action.
Peter Coulter, AT&T, then made suggestions for improvements in the way that fraud investigations are performed in Europe. Under US law carriers are permitted to share otherwise private information in support of fraud investigations. Peter's presentation described how the statutory framework is supporting carriers and regulators alike in the fight against telephone fraud through the use of cooperative call tracing, and its potential application in the EU. This was considered an interesting observation given that a new ePrivacy regulation is currently being considered in Europe.
David Maxwell, GSMA, then described an initiative by its members to share intelligence with each other on the latest high-risk numbering ranges which are reported by network operators to GSMA. The presentation also covered the challenges associated with maintenance and use of the data and considered the factors that enable numbering resource misuse while outlining countermeasures available to combat associated fraud. David recommended that numbering plan administrators could help reduce fraud and misuse by applying stricter controls over the assignment and leasing of national numbering ranges and improving the quality of published numbering plans.
The WG NaN vice-chair, Liz Greenberg, identified collaboration between industry and regulators, including developing and complying with regulation and guidelines, as a vital element in combating fraud and misuse of numbers. Liz provided information on initiatives in the UK to restore trust in Calling Line Identification (CLI). Liz also provided information on a research programme to look at blockchain technology which has been undertaken by Ofcom for numbering plan management which could help in the fight against fraud.
Ramona Ciripan, Voxbone, also emphasised the potential of crowdsourcing data to understand the trends of CLI misuse which can be a very valuable tool in combatting fraud. Increased cooperation not only among industry players, but also with regulatory authorities is vital in order to understand the complexity of network technologies and fraud behaviour. Ramona also called on regulators to focus their efforts on the intent of the fraudsters rather than on the technologies they use.
Dr. Richard Hill provided information on work ongoing within ITU-T SG2 to revise ITU-T Recommendations E.156 and E.157. Recommendation E.156 outlines the procedures that the ITU's Telecommunications Standardisation Bureau should undertake when it receives reports of alleged misuse from members, including methods to address and counter any alleged misuse. Recommendation E.157 provides guidance for international calling party number delivery. As the ITU is truly representative of the international community, Richard recommended that it provided a forum for Europe to inform governments, regulators and operators in other regions of the world on the good regulatory practices that exist in Europe.
The workshop focus then shifted to misuse of electronic communications services and how such misuse can have an impact on public safety. Cristina Lumbreras, EENA, stated that public safety answering points (PSAPs) have to be available or reachable 24 hours a day, all year long. PSAPs have to ensure that people who are in life-threatening situations and need urgent assistance are able to contact emergency services, that calls can be handled and that first responders can be dispatched. Public Safety organisations, and more importantly, Public Safety Answering Points (PSAPs), have recently suffered attacks. Protecting their telecommunication and information technology infrastructure involves the development and implementation of appropriate and effective safeguards to ensure delivery of critical public safety infrastructure services.
The workshop provided a lot of food for thought for WG NaN and over the coming months the outcomes from the workshop will be discussed and, potentially, new work items will be determined and prioritised as appropriate.
The workshop programme is available here.
The Workshop Presentations are now available at: