Are Carriers’ Own Processes Helping Fraudsters?

One of the outcomes of the 11th annual i3forum event was a discussion surrounding number hijacking and whether fraudsters and hackers are using the existing carrier policies and agreements in order to delay being stopped.

Robert Benlolo, Senior Product Manager for Tata Communications, raised the question in a LinkedIn post, asking:

Number hijacking? Is a police report really needed if confirmation from number range owner validates that calls were never processed on their end?  Are hackers using our own disputing process against us?.

Telcos are facing problems that aren’t going away, with instances of SIM swaps (to facilitate account takeovers), illegal number spoofing, and a global surge of wangiri. The public is aware of these problems, causing damage to the reputations of communications providers.

Benlolo’s post generated support from well-respected peers, including Kingsley Unah of Airtel Nigeria and Jan Dingenouts, Head of Carrier Relations at Athalos.

Commenting on the post, Kingsley Unah stated:

Carriers working together will sure help the fight against fraud. While PLMN, who are at the receiving end, can do little to stop this, as they only see the credible carrier terminating the call, the carriers must amongst themselves agree on [the] best way to weed out the unscrupulous carriers handing these fraudulent calls to them.

NDAs can contain a clause that in the event of suspected fraud, carriers are free to disclose the source of their traffic.

I spoke briefly with Jan Dingenouts, who believes in naming-and-shaming:

We should make public on LinkedIn all fraudulous carriers with contact details in order they think twice before committing fraud.

In the same post, Benlolo requested a call to action to get involved in the discussion to help shape telecoms industry best practices.

Fraud and corporate security expert, David Morrow, also remains an advocate for collaboration, adding:

For me the most interesting question is why telcos require a police report.  Is it because they don’t trust each other and, if so, how do we fix the process?  This is another area which would potentially benefit from an effective blockchain solution – no delay; no repudiation.

The Risk & Assurance Group (RAG) and the i3forum share a common goal: to change the industry globally to better combat fraud.

Telcos working in silos from one another, encumbered by process and policy, undoubtedly provides an opportunity for exploitation.  Operators must agree that there are common enemies which we can rally against together.

Whatever you believe the solution should be, with declining revenues and an increasing number of sophisticated threats, the only answer is for industry players to band together and provide a unified defence against dark actors through collaboration and the sharing of information.

Membership is free for both the Risk & Assurance Group and the i3forum. You and your telco should take advantage of the education and services offered by both.

Rob Chapman
Rob Chapman
Rob is the Chief Operating Officer of the Risk & Assurance Group (RAG). He is responsible for the planning and execution of each RAG event. Rob's goal is to bring together professionals from across the industry and drive RAG's agenda forward.

Rob started working for RAG full time in 2018, having served as Chair on a voluntary basis for the previous four years.

Before joining RAG, Rob was a senior consultant at Cartesian. He has worked in revenue assurance and billing roles for TalkTalk, Verizon Business, Energis and Hutchinson 3G.