Report from Fraud Workshop

ECC Working Group Numbering and Networks (WG NaN) provides a platform for stakeholder dialogue on telecoms fraud at its public workshop in Brussels, 11 December 2018

In 2017, the telecommunciations industry lost almost US$30bn to fraud. As enabling technology continues to push intelligence to the edge of the network, the use of electronic communications services to perpetrate fraud is an increasingly difficult challenge for the industry to overcome.

With this in mind, regulators, policy makers and industry gathered in Brussels on 11 December 2018 for a WG NaN Public Workshop entitled "The Role of E.164 Numbers in International Fraud and misuse of Electronic Communications Services".

More than 90 representatives from a broad range of stakeholders came together at the Belgian Institute for Postal Services and Telecommunications (BIPT) to share their experiences and insights on the subject.

The scale of the problem

Telecoms fraud comes in many shapes and forms and it is a global phenomenon that requires a global response (another article in this edition of the ECC Newsletter provides an A to Z of fraud techniques which you can read here). The motivation for fraud is often linked to organised crime. All of this activity takes place over a global mesh of interconnected networks where it can be difficult to distinguish between legitimate and illegitimate traffic in an ecosystem that processes billions of transactions and communications sessions each day.

The latest available figures from the Communications Fraud Control Association (CFCA) show that the telecommunications industry lost US$29.2bn to fraud in 2017. In his keynote address, Jason Lane-Sellers, president of the CFCA and director of solutions consulting at ThreatMetrix, noted that while fraud loss in revenue terms shows a downward trend, fraud attempts are increasing year-on-year. Mr Lane-Sellers also noted that one in 10 online account login attempts is now a fraud attempt which is a sobering thought for consumers and businesses alike.

What can be done to prevent fraud?

At the workshop, WG NaN Chairman, Johannes Vallesverd, introduced the recently adopted ECC Report 275. The report not only examines the motives, methods and opportunities for committing fraud, but also looks at the administrative and technical tools that are being developed to tackle fraud and misuse.

ECC Report 275 makes a number of recommendations for best practices. These include regulations on CLI spoofing, the need for transparency and raising awareness, encouraging real-time data analytics and promoting information sharing and cooperation. In fact, promotion of information sharing and cooperation was one of the biggest themes to emerge from the workshop, which in itself represented a first step in this direction.

Collaboration is key

In her presentation, Katia González, head of Fraud Prevention at BICS, said that "trust, partnership and collaboration" are key to combatting international fraud, sentiments that were echoed by other speakers throughout the day. She called for a collaborative approach to ensure international carriers work only with parties who can demonstrate their active commitment to preventing fraud. She also recognised the emergence of a coordinated wholesale carrier approach throughout the industry which in itself is an encouraging development as more and more entities in the value chain make fraud prevention a strategic priority. Ms González also referred to crowdsourcing as one way in which operators can collaborate and be alerted to fraud quickly and to take appropriate action decisively.

Ramona Ciripan of Voxbone said that when an instance of fraud and misuse is detected it can be beneficial to share related information between operators and other relevant stakeholders. This process can be steered by the competent telecommunications authorities. She warned though that the process can only work if confidence and trust is created between the stakeholders and information is shared based on a mutual collaboration.

The regulator’s role

Fraud is a crime and is a matter for law enforcement authorities in the first instance. However, tackling fraud is a major challenge for law enforcement given the global nature of networks and the constraints of jurisdictional boundaries. In these circumstances, telecoms regulators have an important role to play in eliminating the opportunities for fraud through technical and administrative means particularly where E.164 numbers play a role. In his opening remarks at the workshop, Jan Vannieuwenhuyse, BIPT, highlighted the need for a greater focus on fraud by European regulators and, over the course of the day, many speakers called for closer collaboration between industry and regulators as it was considered vital for an effective response. When it comes to numbering, there are certainly administrative and technical means that could be deployed which would have a positive impact. A key question though is whether regulatory efforts should be focused on supporting law enforcement and the industry or whether regulators should have a leading role? This is an interesting question that was addressed during the panel discussion.

Regulator-led Initiatives

Tom Boyce, head of the International Unit at ComReg in Ireland, presented on the Body of European Regulators for Electronic Communications’ (BEREC) examination of cross-border fraud and its exploration of information sharing methods to tackle fraud. BEREC developed a process for sharing information on potential fraud that would allow European operators to react by blocking traffic or withholding wholesale payments. Mr Boyce pointed out though that the terms "fraud" and "misuse" are often not defined by individual authorities and this can be problematic for operators who need to make decisions fast.

As an active contributor to the International Telecommunications Union’s (ITU) work on dealing with fraud and misuse, Dr Richard Hill described the ITU Telecommunications Standardisation Bureau’s (TSB) ongoing work to revise ITU-T Recommendations E.156 and E.157. Recommendation E.156 in particular outlines the procedures that the TSB should undertake when it receives reports of alleged misuse from members, including methods to address and counter any alleged misuse.

Both of the above-described information-sharing initiatives may be regarded as being regulator-led where information is gathered and then shared with law enforcement authorities, regulators and operators across the globe. The fundamental issue with this type of approach is the speed with which initial reports are submitted to the ITU or BEREC and the speed with which the information is disseminated and acted upon.

Information needs to be shared in almost real time and from multiple sources in order to generate intelligence which can be used to take decisive action. Sources include information from traffic analysis, crowdsourced information from end-users and information sharing between operators. It is recognised within the industry that many operators fail to remove fraudulent content from their networks because of contractual obligations and the fear of mistakenly blocking legitimate traffic that may look suspicious. Issues surrounding customer privacy and inter-operator contracts remain obstacles to a full-on assault on fraudulent activity and operators need to have confidence in the intelligence they have at their disposal before taking action. Regulatory support would benefit in these circumstances. Multiple sources of information are therefore necessary to ensure that decisions taken to restrict fraudulent activities are based on accurate and reliable intelligence.

On the subject of fraud investigations, Peter Coulter, AT&T, made suggestions for improvements in the way such investigations are conducted in Europe. Mr Coulter pointed out that in the US there is a "regulatory regime which encourages cooperation between carriers in the traceback and trace forward of fraudulent traffic". Carriers are permitted to share otherwise private information in support of fraud investigations. That framework, which allows cooperative call tracing, supports carriers and regulators alike in the fight against telecoms fraud. Mr Coulter said it could be potentially applied in Europe - an interesting observation given that a new ePrivacy regulation is currently being considered. "Customer privacy must give way to this tool for fraud investigations if we are to be successful in stopping fraudulent exploits involving signalling abuse," he said.

David Maxwell from GSMA, described an initiative by its members to share information with each other on the latest high-risk numbering ranges which are reported by network operators to GSMA. During the presentation, Mr Maxwell called on regulators to introduce stricter controls over the assignment and leasing of national number ranges and by publishing and maintaining up-to-date numbering plans in order to assist the industry in the fight against fraud. Educating consumers to the dangers of fraud and raising awareness is also an important component of reducing fraud. Mr Vannieuwenhuyse pointed to the success of campaigns to raise awareness and educate end-users the banking sector in reducing fraud and protecting consumers.

Emerging technologies may help

Blockchain technology could help in the fight against nuisance calls and fraud and Elizabeth Greenberg from Ofcom UK provided information on a research project to look at blockchain technology which has been undertaken in the UK. Results from this project are expected sometime later this year or early next year. Another useful development is the SHAKEN/STIR protocols which if implemented could be used to authenticate numbers used as CLI in communications networks. SHAKEN/STIR is now being widely deployed in the US and could reach European shores in the not too distant future.

Next Steps for WG NaN

The workshop provided a lot of food for thought on what telecoms regulators can do to support the industry and protect consumers. New work items, such as an ECC Report on CLI spoofing, an update of the ECC’s guidelines on CLI, and principles for call blocking and withholding payments have been agreed with work on the CLI spoofing already under way.

Further information on the workshop, including the programme and presentations, is available here.