30
Tue, Nov
0 New Articles

Only one UK telco has acted on Ofcom directive to block VoIP scams

News

Scammers not shaken, operators haven't stirred

UK regulator Ofcom has revealed that it ordered telcos to stem the tide of scam calls by instructing ‘major’ operators to block suspicious international calls at source. To date only one operator has acted on Ofcom’s directive while the other are ‘exploring methods of making it work’.

The directive concentrated its focus on Voice over IP (VoIP) calls and it has asked operators to block suspicious international calls that are masked by a UK number. However, some say security has been a low priority for too long. 

Britain’s vulnerable subscribers are a lucrative revenue stream for global fraudsters. According to this Ofcom report 44.6 million UK people were targeted in the past three months. Only two per cent responded and followed the scammers’ instructions but that created 892,00 victims.

Criminals run vice over internet protocol

Ofcom’s Networks and Comms Group Director Lindsey Fussell claimed the regulator has worked with telco on technical solutions, namely blocking, at source, ‘suspicious international calls’ that are masked by a UK number. “We expect these measures to be introduced as a priority, at pace, to ensure customers are better protected,” said Fussell.

However, some critics have said that mobile operators are slow to act on security threats, not just to the subscriber but to their own operations. If the opportunity cost of new revenue streams is greater than the cost of security, then the safety aspect of the customer experience is not a top priority, businesses and consumers say. In March fraud busting service provider Revector outlined the frustrations involved in getting different departments to work with each other.

Blocking nuisance calls is not enough 

Existing measures to tackle nuisance calls are not fully effective, reports ISP Review, which said many operators don’t do enough, with the worst offenders being among the smaller providers and some VoIP firms. “We haven’t seen any useful technical details on the approach being taken here or precisely what Ofcom has requested operators to do,” it complained.

Europe’s mobile operators would need to co-operate and co-ordinate their efforts tightly and this will be difficult to achieve. Many genuine calls could be blocked in the process. Since operators don’t inspect traffic before passing it on, spoofing UK numbers is easy to for criminals who want to give their scam calls the facade of credibility.

“It’s an excellent step in the right direction,” said Matthew Gribben, a former consultant to the UK government’s intelligence agency (GCHQ), but "It doesn’t fix everything."

The IETF offers some hope of protection

Meanwhile OFCOM and the EU are calling on mobile operators to investigate the options offered by the STIR/SHAKEN system. This is a suite of protocols marshalled together by the Internet Engineering Task Force (IETF) which combines the use of Secure Telephony Identity Revisited (STIR) with Signature-based Handling of Asserted information using toKENs (SHAKEN). To date much of the work has focused on the US and Canada.

In the UK the frequency scam-tainted customer experiences evoked furious responses. 

“The most obvious thing to have done but it’s unbelievable it’s took 20 years to do it,” said Anthony Goodman on ISP Review. 

“It’s ridiculous how many scam calls and e-mails you get in this country,” said another disappointed customer, William Wilkinson.

“Unless fines are handed out we’ll see some UK smaller carriers continue to pass calls on because it makes them some money,” said Scott, another disillusioned UK telephone subscriber. “It’s the last days of unchecked calls so they will just milk that final opportunity.”