Comreg and Ofcom aligning on scam calls

Posted on: 30th May 2024, by Magrathea

The topic of scam calls is hot hot hot, unlike our summer currently!  And not just in our industry either.  According to the National Crime Agency, fraud is the most commonly experienced crime in the UK and accounts for over 40% of reported incidents.  When you consider that we believe fraud often goes unreported, with victims feeling embarrassed or struggling to know how to report it, the figures are probably even worse than we think.

 

As an industry we have battled various types of fraud over the years and each time a new intervention comes in we see a reduction for a while and then the fraudsters shift their tactics and a new type crops up.   In our experience specific telecoms fraud is now quite rare, many of the mechanisms for gaining money through telephone use itself are thwarted and not as fruitful as they once were.

 

However, telephone calls are a common conduit for scam calls and so, whatever way you look at it, our industry is stuck right in the middle of one of the largest types of crime in the UK!

 

Recent years have seen this problem escalated to the very top, the Home Office launched their first UK Fraud Charter in 2021 and Ofcom have been focussing on the topic too with a number of interventions implemented to try and reduce the number of scam calls terminated to UK based users.

 

But as we know, any criminal worth their salt, will keep finding different ways to achieve their results and so the interventions have to be reviewed and updated constantly.  For Magrathea that means responding to ongoing consultations and getting involved in Industry wide groups, including CCUK, so we can keep abreast of the wider industry efforts to improve the efforts to stamp out scams.

 

As well as disrupting calls, at Magrathea, we believe it should be simpler to report issues, share intelligence and, most importantly, trace the source of nefarious calls in order to deal with originator.  CLI spoofing is a constant headache for a wholesale carrier like us, with our reputation tarnished through the misuse of numbers, often ones we haven’t even put into service!  Trying to explain these cases to law enforcement, let alone members of the public, can be difficult and rarely offer any assurances that our industry is really on top of this issue.

 

Some good news is that the Home Office have picked up the mantle to create a new UK Fraud Charter, although this will presumably be delayed while the government goes through the election process!

 

The new charter will be created by a wider selection of industry this time, with CCUK representing the smaller service providers that were not included in the first one.  Having identified that the largest networks have some fairly good systems in place already, we hope to see more sharing of best practice and useful intelligence across the sector, making it more useful for all.   The plan is to review data sharing, law enforcement activity, scam call and text mitigation techniques as well how better to support victims when fraud has occurred.

 

We will keep abreast of the Charter progress and share updates in our newsletter.  Meanwhile, our current priority is to implement the latest statement from Comreg.  With Irish residents suffering just the same issues this is top of their agenda too!

 

Magrathea established a presence in Ireland many years ago and we offer the same core services and products that we do in the UK, including providing all types of numbers and giving access to the local emergency call handling authority.

 

Whilst there are always some differences between the UK and Irish regulatory regime, particularly since Brexit, fortunately there are also many similarities meaning we can often provide simple guidance for our clients operating in both territories.  Where there are differences we highlight these to ensure our clients are compliant with specific regulations.

 

Magrathea is pleased that both Ofcom and Comreg have now confirmed that they will not be forcing the introduction of a STIR/SHAKEN style service, recognising that it would be expensive and complex and is currently not proportionate to mandate.  As you know this has been implemented in the USA with mixed reports of success.  Instead, both regulators are introducing measures to try and make it much more difficult for fraudsters to connect calls to their target.

 

In the UK we are currently waiting on a statement from Ofcom which will almost certainly mandate the blocking of any call that originates outside of the UK with a UK presentation number (this is in addition to network numbers which was implemented last year), Ofcom expect this to have a drastic impact on the problem but have not yet settled on a way to block calls with a mobile CLI without inadvertently preventing those roaming abroad from making calls.  Until this is resolved we are likely to see scam calls shift from geo numbers to mobile numbers.

 

Comreg are slightly ahead of the curve having introduced the measures on a voluntary basis last year, they are now mandating them.  Specifically, they have introduced six new measures:

 

Interventions to reduce scam calls progressing to their target

 

The first four have a six-month implementation period and the last two have longer; Magrathea clients can rest assured that the measures which are applicable to us have already been implemented.

 

  • Call originators are required to block any call with a CLI on the ‘Do Not Originate’ (DNO) list. This is a list of phone numbers provided by Comreg that should never be used as CLI (e.g. a banks inbound call centre number) so calls can be blocked at source.

 

  • Call originators are required to block any call with a CLI on the ‘Protected Numbers List’. This is a list of numbers that have not been assigned by Comreg to any operator and therefore should never originate calls, essentially the same as the DNO list.

 

  • Networks are required to block mobile calls originating abroad that have an Irish CLI (except when the mobile is roaming). This is quite a challenge to ensure genuine roaming calls are not blocked, therefore Comreg have only mandated this for the largest providers for now (those with a turnover figure of €50 million or more).

 

  • Networks are required to block calls from local CLI that actually originate abroad. This aligns with Ofcom’s mandate, soon to be expanded to any CLI rather than just network CLI.  This will ensure only calls that originate in country, display a local CLI. 

 

  • Voice Firewall, a dynamic blacklist of numbers to be updated real time and block calls from reaching end users. This intervention has an 18-month implementation window and is only applicable to large voice providers (those with over 330,000 subscribers). 
  • The final intervention relates to SMS. Comreg have mandated a sender ID registry which will be controlled by Comreg, essentially if you aren’t on the register, you will not be able to transit SMS.

 

Know your customer (KYC) process – due diligence

 

Alongside the new interventions Comreg, much like Ofcom did last year, have published updated guidance on how they expect everyone to comply with KYC requirements.

 

Much of this guidance matches what we already advise in the UK but there are some extra steps so in June we will be publishing a specific due diligence guide for Ireland to ensure the differences are clear to our clients.

 

The key thing to note is the requirement to only assign Irish geographic numbers to people or businesses within a ‘minimum numbering area’ (effectively grouping locations located near to each other, a list is in our guide), and you must get documentation to verify this.   We already require you to hold end user details so we believe that any changes needed to fulfil this requirement will not be overly onerous for our clients.  Comreg have also stated that no numbers need to be withdrawn where they do not meet the conditions, they are content that the focus be on any new allocations from this point in time.

 

Sub-allocation of numbers

 

This is one area Magrathea really fought Comreg on, as they were suggesting that sub-allocation should be stopped.  Fortunately, they looked at all the evidence for how beneficial this business model is so have decided to allow it and the Numbering Conditions have been updated to reflect this.

 

There are some changes though.  Comreg want to be clear that the range holder and the sub-assignee are jointly responsible for the use of the number and so we now have to register any client that uses our numbers with Comreg.   Any clients that we need to register retrospectively will be contacted directly over the next few days and any new clients will simply have this as part of the onboarding process – it’s a simple form and not too onerous.

 

In summary, these are the key points our clients operating in the Irish market need to know:

 

  • If you are being assigned numbers by a range holder, ensure you are registered with Comreg.
  • Check your KYC process, be sure to verify customer location information and be able to prove you have done so.
  • If you originate calls, check your customers only use a CLI that is assigned to them (or they have permission to use) and that they are in the location the CLI is tied to.