Posted on: 28th February 2024, by Alison Kerevan
Readers of our newsletter will know why we were delighted to receive the recent Ofcom statement confirming that we will not be forced to adopt STIR/ SHAKEN style CLI authentication – for now at least.
We had argued that this highly complex and expensive tactic to reduce scam and nuisance calls was disproportionate and unlikely to deliver the benefits needed. To introduce such a solution before even properly embedding and testing existing rules and guidance would have been a serious error of judgement. And it seems Ofcom agree!
Ofcom have clearly considered the various responses from industry which aligned with ours and have decided to prioritise an enforcement programme instead. Having released additional guidance on their expectations around due diligence and ‘know your customer’ checks back in November 2022, they are now understandably on a mission to check who is complying and how effective this is.
Know your customer
This is an incredibly difficult thing for everyone in the service chain to get right. Those that are determined to behave badly are getting smarter about how they disguise their intentions, often only once service is underway can they be detected as bad actors – and even then, the outcome is often that they simply start-up elsewhere under a different guise.
It requires a continuous cycle of checking, monitoring and evidencing which all takes considerable time and effort, but is of course crucial if we are to stamp out the distressing number of scam and nuisance calls we suffer in the UK. And although we know many in the value chain will struggle to find the resource that this work requires, we all need to do as much as we can, including working together where appropriate.
Here at Magrathea we pride ourselves on our due diligence process and it underpins everything we do as a responsible network but, despite our best efforts, we get caught out too – we think it’s impossible not to right now, but in those cases we focus on reacting quickly and decisively to minimise impact. Each episode is a learning experience and our team work hard to improve the way we monitor and check clients constantly.
Blocking UK caller line identity (CLI)
Alongside launching the enforcement programme, Ofcom are also consulting on extending the existing CLI blocking rules on Network CLI to include Presentation CLI. This means that calls entering the UK from overseas will be blocked if they have either a Network or Presentation CLI – unless they meet one of the exceptions for legitimate use cases.
Whilst we fully expect this consultation to result in a mandated change, we also don’t really anticipate much opposition. Most of the key networks have been working on this change via the NICC for a while now and have, in theory at least, captured the legitimate use cases and established how to ensure minimal disruption to genuine calls.
However, there is one big challenge yet to be resolved and that is the use of mobile numbers as CLI. We are already getting reports that scam calls are shifting from the usual UK geo ranges across to mobiles, which of course makes sense as previous mitigation steps take effect and make it more challenging to use UK numbers.
Also, the vast majority of people are using mobiles now so we generally feel comfortable taking calls from these ranges, leaving us more vulnerable.
Ofcom are now asking industry to come up with a solution to this problem. The key issue here is that mobiles are often roaming outside the UK and so the use of them as CLI from overseas can very often be legitimate. The challenge is to distinguish between these legitimate use cases and the nefarious use of numbers by those outside of the UK but seeking to convince those they call they are based here.
This particular quandary is being worked on by the members of the NICC CLI Task Group right now as all networks will need a way to check for roaming mobiles if this extra level of blocking is to be introduced. We can be certain that, once a good solution is proposed, Ofcom will look to mandate that too.
Meanwhile, if anyone disagrees with us and thinks we should have pushed for STIR/SHAKEN to be introduced in the same way as it was in the USA – we have it on good authority that to say the results have been disappointing is an understatement. Combine that with the fact that there are now patent disputes underway which will keep the networks tied in knots for a while…we think we will be grateful for Ofcom’s decision!