Number Resource Misuse and Fraud

Background

Many countries have serious concerns about number-resource misuse, a practice whereby calls never reach the destination indicated by the international country code. Instead they are terminated prematurely, through carrier and/or content provider collusion, to revenue-generating content services without the knowledge of the ITU-T assigned number-range holder.

This abuse puts such calls outside any national regulatory controls on premium-rate and revenue-share call arrangements, and is a key contributing factor to International Revenue Share Fraud (IRSF) perpetrated against telephone networks and their customers. Perpetrators of IRSF are motivated to generate incoming traffic to their own services with no intention of paying the originating network for the calls. They then receive payment quickly, long before other parties within the settlement process.

Misuse also affects legitimate telephony traffic, as high-risk number ranges can be blocked as a side-effect.

Debate

How can regulators, number-range holders and other industry players collaborate to address this type of misuse and the resulting fraud?

Resources

ITU-T Misuse of an E.164 International Numbering Resource website

Facts and Figures

Top 10 Countries Whose Numbering Resources Are Being Abused

CP_Number_Res_Misuse_Fraud_img


Industry Position

Number-resource misuse has a significant economic impact for many countries, so multi-stakeholder collaboration is key.

The telecommunications fraud carried out as a consequence of number-resource misuse is one of the topics being addressed by the GSMA Fraud and Security Group, a global conduit for best practice with respect to fraud and security management for mobile network operators. The Fraud and Security Group’s main focus is to drive industry management of mobile fraud and security matters to protect operators and consumers, and safeguard the mobile industry’s trusted reputation.

The Fraud and Security Group supports European Union guidelines under which national regulators can instruct communications providers to withhold payment to downstream traffic partners in cases of suspected fraud and misuse.

The group believes that national regulators can help communications providers reduce the risk of number-resource misuse by enforcing stricter management of national numbering resources. Specifically, regulators can:

  • Ensure national numbering plans are easily available, accurate and comprehensive.
  • Implement stricter controls over the assignment of national number ranges to applicants and ensure the ranges are used for the purpose for which they have been assigned.
  • Implement stricter controls over leasing of number ranges by number-range assignees to third parties.

The Fraud and Security Group shares abused number ranges among its members and with other fraud-management industry bodies. It also works with leading international transit carriers to reduce the risk of fraud that arises as a result of number-resource misuse, and with law enforcement agencies to support criminal investigations in this area.

Best Practice

Recommended Operator Controls to Reduce Exposure to Fraud from Number-Resource Misuse

  • Implement controls at the point of subscriber acquisition and controls to prevent account takeover.
  • Remove the conference or multi-call facility from a mobile connection unless specifically requested, as fraudsters can use this feature to establish up to six simultaneous calls.
  • Remove the ability to call forward to international destinations, particularly to countries whose numbering plans are commonly misused.

  • Utilise the GSMA high-risk ranges list, so that unusual call patterns to known fraudulent destinations can raise alarms or be blocked.
  • Ensure roaming usage reports received from other networks are monitored 24×7, preferably through an automated system.
  • Ensure that up-to-date tariffs, particularly for premium numbers, are applied within roaming agreements.
  • Implement the Barring of International Calls Except to Home Country (BOIEXH) function for new or high-risk subscriptions.