Communications Crime Strategy Group – Supplementary Written evidence (FDF0088)
Q232 To confirm: Ofcom has consulted on industry action against “spoofing” and we anticipate formal publication of its conclusions later in 2022. We understand Ofcom has a clear policy direction which we expect will lead to agreement on the measures needed to limit CLI misuse and support technical implementation.
CCSG members support Ofcom’s policy direction to limit UK CLI use with internationally originated calls unless these are permitted use cases, notably: mobile roaming, corporate and internet telephony.
Q233 While, as I said to the Committee, customer awareness of what to do if you receive a scam message is important, I should clarify that reporting scams to 7726 is effective at low volumes of reports as scams are examined using an automated cross-industry platform and new scams and their variants are detected quickly through this process.
Q233 To clarify my “need for realism” point was not made in respect of SMS scams or SIM farm use. Examples of where industry is constrained include: voice calls which are, by policy and technical design, “any-to-any” so can be originated by any customer in the UK/internationally to any customer in the UK and cannot be subject to prior filtering by content; and services used by customers through Internet access we supply which are now generally encrypted and communications providers, again, cannot subject these to filtering by examining specific call or message content.
Mobile operators all have existing controls on the maximum number of SIMs that can be bought at any one time from them, but different types of sales channels and re-sellers make it possible to aggregate the total SIMs in one person’s or organized group’s possession.
Q237 The source of digital frauds is the fraudster, not the communications service provider which carries the inbound call or message, the customer who is subject to fraud or the bank which provides the financial return path. To avoid misconceptions on the part of the committee I confirm that CCSG members are comfortable in taking responsibility for “hardening” our services against fraud through technical and other countermeasures. This is clearly our role.
Q238 I believe that Professor Feng’s point may have been repeated by Baroness Bowles as being a comment from me. Clearly business is driven by revenues (and profit) but the Professor’s argument is too simplistic. In the case of fraud, the investment argument is not about a (conventional) search for new revenue, but is about preserving and protecting existing customer revenue. This argument is well understood, for example, by Ofcom and Government when valuing new spectrum for auction. Revenues from preserving and protecting our retail customer base are very much larger and more important to providers’ continued business viability than incremental traffic revenues from in-bound fraudulent SMS or calls.
27 July 2022