Posted on: 13th December 2022, by Magrathea
The long-awaited statement arrived from Ofcom last month, firming up much of what they included in the consultation earlier this year which can be summarised as a three-prong approach:
- Disrupt scams by updating rules and guidance and supporting comms providers to do more;
- Collaborate and share more information between relevant parties (e.g. government, regulators, banks etc);
- Help consumers avoid scams by increasing reporting and raising awareness.
Here we summarise the key points from the statement relating to CLI data. Links to the original documents are included at the end if you would like to study the full text. Because Ofcom have introduced an update to the General Conditions of Entitlement we have got a six month implementation period, with these new rules taking effect in May 2023.
Improving the accuracy of CLI data
The key thing from this statement is an update to the wording of GC C6 to include the requirement for a CLI which “uniquely identifies the caller”. By including these words Ofcom are able to mandate a number of restrictions on calls that do not comply.
The guidance sets out that providers will be required to:
- clarify that the format of a CLI should be a 10- or 11-digit number (with exceptions)
- make use of information that identifies numbers which should not be used as CLI (i.e. DNO list)
- identify calls originating abroad that do not have valid CLI and block them
- identify and block calls from abroad spoofing UK CLI
- prohibit the use of 09 non-geographic numbers as CLI
This is an area of telecommunications which receives a good deal of public scrutiny, as CLIs and moreover CLI integrity is discussed in the context of our responsibilities to disrupting and reducing scam calls and texts. Common scam calls include callers pretending to be from banks or well-known businesses and agencies, presenting legitimate looking CLIs to dupe both the networks carrying the calls and the called party into believing that the call is genuine.
Often it is only when the called party tries to return a call that it is discovered that the CLI was in fact spoofed and is either entirely invalid – although in the shape and form of a legitimate CLI – or belongs to a different organisation altogether.
Reducing these types of incidents via means of CLI controls is not a new area of focus or awareness for telecommunications networks. Indeed Ofcom have released multiple iterations of CLI guidance over the years to try and improve the integrity of the data used but with limited availability of reliable data on which to validate the integrity of a CLI progress has been somewhat limited.
One side effect of the introduction of surcharging UK calls, which was introduced last year, has been a reduction in calls passing through the network with an invalid CLI (these calls are now often surcharged at a hefty rate or blocked entirely), however that does not help reduce spoofing as the number in those situations is usually valid and legitimately allocated and in use.
The step of blocking internationally originated calls that have a UK network CLI (as opposed to presentation CLI, which is allowed) should help reduce the volume of traffic we see from networks that fall outside of Ofcom’s remit. However, there is the very real risk that the originators will simply find a new work around to continue their activities – the goal posts will shift again no doubt.
Meanwhile there are some challenges for networks such as ours to implement these rules without blocking legitimate traffic, for example where a UK client is originating calls that then pass through a network located outside the UK for commercial or technical reasons. In this case the call is correct to have a UK network CLI but is passing through a foreign country so risks being blocked at the point of re-entry to the UK network.
One topic Ofcom have omitted from this statement, rather mysteriously since it was mentioned in previous consultations in some detail, is the use of a common numbering database to help authenticate the validity of CLIs being used. However we have it on good authority that this is still under review and more news might following in the new year.
Unfortunately, Ofcom don’t appear to have taken on board the fact CLI spoofing is simple and rife and the only real way we can stamp out nuisance and scam calls from the network is to stop them at source (or at least as close to source as we can get) which means tracing calls back up the call path to the point of origin – something we understand is almost never done due to cost and resource reasons.
With the capability to spoof CLI being so prevalent we unfortunately can’t get overly enthusiastic that the new regulation will have the impact Ofcom desire but we do agree the revised guidance is sensible and, as long as it is implemented correctly, will have an overall positive impact at least for a while.
This, alongside some other tools we have in the pipeline to help our clients manage their CLI related obligations, should go some way to improving the situation but we do urge our clients to familiarise themselves with the new guidance that takes effect in May and you can be assured that our network will be ready to help you be compliant in time. We will also issue an updated CLI guide to reflect the changes in due course.
If you have any queries or would like to discuss the impact of the changes with us please do get in touch on 0345 004 0040 or support@magrathea-telecom.co.uk
See here for full document https://www.ofcom.org.uk/__data/assets/pdf_file/0031/247486/statement-improving-accuracy-CLI-data.pdf
https://www.ofcom.org.uk/__data/assets/pdf_file/0022/247504/annex2-good-practice-guide.pdf