News

Carriers ‘face fines at 10% of turnover’ for passing spoof calls

Lindsey Fussell Ofcom.jpg

Carriers that let spoof calls into the UK could be fined 10% of relevant turnover, according to new rules that the regulator has announced today.

Ofcom, the UK regulator, is following the US Federal Communications Commission (FCC), which is imposing fines on companies that route spoof calls through borders to US customers.

Lindsey Fussell (pictured), Ofcom’s group director for networks and communications, said: “Scam calls and texts are a major source of fraud, and they represent a clear and present danger to every phone user. Criminals are becoming increasingly sophisticated, and it’s easy to be caught out by a scam.”

Ofcom said today that its new rules will come into force in May 2023. Carriers – including wholesale carriers transmitting the calls from overseas into the UK – will be expected to making sure a number is formatted correctly, ensure it’s not on a do-not-originate list, and identify and block calls from abroad spoofing a UK caller ID.

Eli Katz, CEO of XConnect, told Capacity today: “This Ofcom announcement is the next important step on the journey of restoring trust to caller ID. It will also help reduce spam, robocalling, vishing and other types of fraud.”

He said: “At XConnect, we work with the largest tier of global operators and mobile operators to provide a suite of services to implement the range of global validation and attestations capabilities to meet regulatory and industry drivers.”

Ofcom’s announcement today did not specify the fines that will be imposed on companies that fail to check validity of numbers, but a spokesman at the regulator told Capacity this morning that “our normal enforcement applies”, and added: “We can fine companies up to 10% of the relevant turnover.”

This level appears smaller than in the US, where the FCC has been imposing fines of around $4,000 on each of a small number of spoof calls, according to one observer of the industry.

This information – via a global carrier – is based on a small number of calls that the company let into the US, where the FCC has imposed similar rules to those planned by Ofcom.

However this person noted that “an average carrier will be doing hundreds of millions of calls into the US, and just [a few] calls have triggered [these fines].”

At first the FCC focused on what it calls “robocalls” that originated from inside the US, under a measure called Stir/Shaken, but its new, more forceful stance comes after the regulator has started to tackle calls that come from outside the country.

“We are seeing lots more recognition by major global carriers,” said an executive close to the US and European market.

It’s clear that Ofcom is learning from the US example, and is starting to tackle fake phone numbers. Ofcom said today: “Scams are a widespread problem – 41 million people have received a suspicious call or text in the last three months. A common tactic used by criminals to defraud victims is to imitate – or ‘spoof’ – the phone numbers of legitimate organisations, like banks and Government departments.”

The UK regulator said: “To help combat this problem, we are strengthening our rules and guidance to require all telephone networks involved in transmitting calls – either to mobiles or landlines – to identify and block spoofed calls, where technically feasible. This will make it harder for scammers to use spoofed numbers.”

Ofcom said: “Our guidance to telecoms firms to identify and block calls from abroad that falsely use UK numbers is based on an industry initiative, which some providers have already implemented voluntarily. One of these – TalkTalk – previously stated it had seen a 65% reduction in complaints about scam calls since it introduced this measure.”

Fussell said: “We’re constantly working with phone companies and other organisations on new ways to combat these scams. Blocking fake numbers can have a significant impact, so we’re making sure all phone companies apply this protection for their customers.”

The regulator has also issued new guidance to phone companies on how they can prevent scammers from accessing valid phone numbers. “This sets out clear expectations for providers to make sure they run ‘know your customer’ checks on business customers,” said Ofcom.

Outside the UK and the US, different countries are tackling the issue in their own way. Katz told Capacity last month: “Australia has issued some guidance, especially with numbers that look like national numbers.”

Across the European Union, regulators are approaching the issue country by country, said Katz. “Everyone has got local flavours.”

In an interview with Capacity earlier this year, Katz said spoof callers had moved outside the US to evade Stir/Shaken rules. He told Capacity that the FCC’s rule change was also a revenue opportunity. “On a global basis, the industry would significantly benefit from restoring trust in caller ID, both in the voice and messaging ecosystems. In the good old days, trust was there – but we’ve lost that.” There is also the possibly of providing identity services, he added.

In its submission to Ofcom ahead of today’s rule change, XConnect said: “It will be an important step in the journey of restoring trust in caller ID, not just on UK national calls, but also on internationally originated calls. Moreover, as the certification solutions for international calls are a much longer-term project, this is the first step in global CLI validation which will remain with us for quite some time.”

XConnect said: “Given the complexities in routing a call and the number of parties along a route (and the variability of CLI compliance by the originator), it should be mandated that all parties in the call path undertake validation, to include the transit and terminating operator, and thereby ensure that the objective of moving to calls the consumer can trust is achieved.”