Global Title leasing, is it time to just stop?

Samantha Kight, Head of Industry Security, GSMA

Over the past few weeks Global Title (GT) leasing has been in the spotlight. With all the conversations happening around it, it got me wondering, is it time to stop?  

Thinking about it, GT leasing was developed as a method for operators to enable enterprise services. Using the SS7 protocol it served as a way to keep 2G and 3G networks running by routing signalling messages across telecommunications networks to third parties. 

Back then, GT leases were incredibly useful – used to support a number of services such as SMS aggregation for the authentication of banking and healthcare services; and supporting fraud prevention, verifying transactions by confirming the location of banking customers. 

The challenge is that today, the misuse of GT leasing presents significant security issues and opportunities for nefarious activity. 

In particular, the lack of control around who they are leased to, what signalling traffic they are generating, their reasons for collecting data and the use of that data. All of this means that third parties can use the SS7 protocol to monitor SMS or calls, track the location of individuals and send spam or smishing messages.  

Today there is no absolute requirement for GT leasing to support any particular service, and in recent years, the GSMA has encouraged its members to consider alternative approaches to achieve their business goals.  

 At the GSMA we are committed to preventing the abuse of systems, including GT leasing, and enhancing the transparency, traceability, and accountability across the ecosystem. For years the GSMA’s Fraud and Security Group has published a range of recommendations for network operators to address the underlying SS7 vulnerabilities. We have also established a taskforce of industry SS7 experts to define recommendations to address the privacy and risks associated with GT leasing, and earlier this year published the Global Title Leasing Code of Conduct. 

So, is it time to just stop? As an industry we need to ensure GT owners recognise and take responsibility for the leasing decisions they make, through proper due diligence on potential GT lessees, accurate and frequent monitoring of traffic generated by lessees, and active in threat intelligence sharing.  

It is crucial that as an industry we work together to terminate any access that bad actors have to GTs and signalling systems, and that organisations improperly using leased GTs are stopped, with leased GTs revoked by the lessor and blocked by other operators. As an industry we also need to work together to identify and share information on bad actors so that they are unable to acquire new GTs from other operators. 

With technology evolving at a rapid pace, it has never been more important for us to work together, examine the landscape, and ensure we are asking the challenging questions, and adjusting and building systems that are transparent, traceable and as secure as possible for everyone. 

If you would like to know more about GT leasing, or the GSMA’s activities in this space, contact GSMA Security or visit our website for more information