{"id":13899,"date":"2026-01-11T23:15:35","date_gmt":"2026-01-11T23:15:35","guid":{"rendered":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/?p=13899"},"modified":"2026-01-11T23:15:46","modified_gmt":"2026-01-11T23:15:46","slug":"securing-the-digital-frontline","status":"publish","type":"post","link":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/securing-the-digital-frontline\/","title":{"rendered":"Securing the Digital Frontline"},"content":{"rendered":"\n
As malicious actors step up their attacks on mobile channels, James Moran, Head of Security outlines how the GSMA\u2019s Working Groups <\/a>are shoring up the industry\u2019s defences.<\/strong><\/h5>\n\n\n\n

Our growing reliance on smartphones for authentication, identification and payments has not escaped the attention of malicious actors. As mobile channels have become a major target for fraudsters, device-related scams are now rife.<\/p>\n\n\n\n

Generative artificial intelligence (AI) tools, which accelerate the production of content and software code, are exacerbating this trend: So-called scam-as-a-service propositions are becoming increasingly commonplace.<\/p>\n\n\n\n

Through the GSMA, mobile network operators are working on multiple fronts to counter these threats to their customers and to safeguard the integrity and resilience of mobile connectivity. In fact, the GSMA\u2019s Fraud and Security Group<\/a> has 26 active workstreams covering a range of topics and domains. These include identifying more than 700 baseline security controls that we recommend be deployed by operators. Implementing the measures set out in our Baseline Security Controls<\/a> document will go a long way towards protecting both mobile networks and their users from fraud, data breaches, malware and other security and privacy threats. In a sense, it is an industry bible, as it contains everything you need to know about securing a mobile network.<\/p>\n\n\n\n

The output from the GSMA\u2019s various fraud and security workstreams can serve both to protect the mobile industry\u2019s reputation and to address the growing needs of regulators. From a purely commercial perspective, mobile operators that suffer significant data breaches incur significant reputational damage and invariably lose customers, costing them revenues and market share. Meanwhile, regulators are becoming increasingly proactive.  For example, in some judications, administrations are moving to make mobile operators partially liable for fraud that is instigated through their networks.<\/p>\n\n\n\n

New technologies, new security controls<\/strong><\/h5>\n\n\n\n

Unfortunately, security is never a done deal. Given the dynamic nature of mobile technologies and services, it is vital that the industry regularly reviews and updates its security posture. At the GSMA, we regard the Baseline Security Controls as a living document. For example, we have recently added 87 new controls specifically related to the implementation of Open RAN (radio access network) systems, which enable mobile operators to mix and match equipment from different vendors. <\/p>\n\n\n\n

As the Baseline Security Controls expand and become more complex, we are developing a companion document that will advise mobile network operators on how to perform assessments that can verify the deployment or existence of these controls within their networks.  We are also creating a framework that places the hundreds of controls in context and explains the relationships between them and the threats faced by mobile network operators.<\/p>\n\n\n\n

Spotlight on the supply chain<\/strong><\/h5>\n\n\n\n

For the Fraud and Security Group, another key area of focus right now is on supply chain security, as suppliers tend to be targeted as a \u201csoft underbelly\u201d that malicious actors can exploit to cause harm to mobile operators and their customers.  Given the multiple actors involved in any supply chain, this is a complex, but important field.<\/p>\n\n\n\n

The GSMA has developed the Security Assurance Scheme that applies to SIM cards and SIM card production, the eUICC Security Assurance scheme that covers eUICC software security and the Network Equipment Security Assurance Scheme. Furthermore, we are just about to conclude a timely review of the shifting regulatory landscape with respect to software bill of materials (SBOM), which lists all components, libraries and modules in a software product in a machine-readable format that can be used to identify vulnerabilities and mitigate security risks across the supply chain. After we publish that report, we will assess the next steps, which could include the identification of SBOM requirements for our industry and potentially pre-empt further regulation in this field.<\/p>\n\n\n\n

The Fraud and Security group is also helping the industry to enhance the transparency of mobile device security. For example, we have developed a set of enablers to establish a mobile device security certification scheme, which has since been implemented by TrustCB. After assessing a device\u2019s compliance to a set of security requirements defined by the European Telecommunications Standards Institute (ETSI), the scheme certifies the device\u2019s security capabilities and the degree to which a device has been securely tested and certified. Google, in particular, has championed the need for greater transparency to allow security-conscious users to make informed device purchasing decisions and it is keen to see the security certification scheme adopted by devices running its Android operating system.<\/p>\n\n\n\n

Taking a systematic approach<\/strong><\/h5>\n\n\n\n

More broadly, the GSMA maintains the Mobile Cybersecurity Knowledge Base<\/a> (MCKB) \u2013 a comprehensive document library that can help stakeholders across the ecosystem (including mobile operators, equipment vendors, regulators, application developers and service providers) understand the security threats in a systematic and objective fashion. It covers risk mitigation strategies across three key domains \u2013 networks, devices and mobile operators\u2019 partners.<\/p>\n\n\n\n

As the mobile industry is now the digital frontline, the MKCB is a very valuable resource, from both a reputational and commercial perspective. Historically, device makers and mobile operators have not regarded security as a competitive differentiator, but that is now changing. Today, consumers and businesses (as well as regulators) are placing more and more value on security.  If you haven\u2019t already, now is the time to explore the output of the GSMA\u2019s Fraud and Security group.<\/p>\n\n\n\n

For more on the MCKB and other GSMA initiatives to counter fraud, cyber threats and scams, please see our recent LinkedIn Live event<\/a>. Speakers from the GSMA, Orange and Google explored the evolving landscape of mobile device and network threats, examining how mobile technologies are used to deliver scam messages and calls to target devices to steal credentials and drain financial accounts, while also outlining the resources the GSMA has available to mitigate the risks.<\/p>\n\n\n\n

\"A<\/figure>\n\n\n\n
\n
Watch on-demand<\/a><\/div>\n<\/div>\n\n\n\n
Get involved<\/h5>\n\n\n\n

If you\u2019re a GSMA Member and interested in collaborating on this topic, please join the Fraud and Security Group (FASG)<\/a> on Member Gateway.<\/p>\n\n\n\n

The GSMA\u2019s Open Gateway<\/a> initiative, which is coordinating the adoption of standardised application programming interfaces (APIs), is seeing particularly strong demand for APIs that can help banks and other financial services players reduce the opportunities for fraud.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\n
\n
\n
\n

Become a GSMA member<\/h2>\n\n\n\n

Join a global community of like-minded professionals and organisations who share a common goal of advancing the mobile ecosystem.<\/p>\n\n\n\n

<\/div>\n\n\n\n
Apply for membership<\/a><\/div>\n<\/div>\n<\/div>\n<\/div><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

As malicious actors step up their attacks on mobile channels, James Moran, Head of Security outlines how the GSMA\u2019s Working Groups are shoring up the industry\u2019s defences. Our growing reliance on smartphones for authentication, identification and payments has not escaped the attention of malicious actors. As mobile channels have become a major target for fraudsters, […]<\/p>\n","protected":false},"author":55,"featured_media":13900,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","footnotes":""},"categories":[1505],"tags":[],"algolia_discover_type":[],"class_list":["post-13899","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest-news"],"yoast_head":"\nSecuring the Digital Frontline - Security<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/securing-the-digital-frontline\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing the Digital Frontline - Security\" \/>\n<meta property=\"og:description\" content=\"As malicious actors step up their attacks on mobile channels, James Moran, Head of Security outlines how the GSMA\u2019s Working Groups are shoring up the industry\u2019s defences. Our growing reliance on smartphones for authentication, identification and payments has not escaped the attention of malicious actors. As mobile channels have become a major target for fraudsters, […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/securing-the-digital-frontline\/\" \/>\n<meta property=\"og:site_name\" content=\"Security\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-11T23:15:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-11T23:15:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/11\/Fraud-Scam-LIL.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"823\" \/>\n\t<meta property=\"og:image:height\" content=\"471\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"phau@gsma.com\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"phau@gsma.com\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Securing the Digital Frontline - Security","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/securing-the-digital-frontline\/","og_locale":"en_GB","og_type":"article","og_title":"Securing the Digital Frontline - Security","og_description":"As malicious actors step up their attacks on mobile channels, James Moran, Head of Security outlines how the GSMA\u2019s Working Groups are shoring up the industry\u2019s defences. Our growing reliance on smartphones for authentication, identification and payments has not escaped the attention of malicious actors. As mobile channels have become a major target for fraudsters, […]","og_url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/securing-the-digital-frontline\/","og_site_name":"Security","article_published_time":"2026-01-11T23:15:35+00:00","article_modified_time":"2026-01-11T23:15:46+00:00","og_image":[{"width":823,"height":471,"url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/11\/Fraud-Scam-LIL.jpg","type":"image\/jpeg"}],"author":"phau@gsma.com","twitter_card":"summary_large_image","twitter_misc":{"Written by":"phau@gsma.com","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/securing-the-digital-frontline\/","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/securing-the-digital-frontline\/","name":"Securing the Digital Frontline - Security","isPartOf":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/securing-the-digital-frontline\/#primaryimage"},"image":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/securing-the-digital-frontline\/#primaryimage"},"thumbnailUrl":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/11\/Fraud-Scam-LIL.jpg","datePublished":"2026-01-11T23:15:35+00:00","dateModified":"2026-01-11T23:15:46+00:00","author":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#\/schema\/person\/d5f2edfe4e539b3d59776c30df030bbe"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/securing-the-digital-frontline\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/securing-the-digital-frontline\/#primaryimage","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/11\/Fraud-Scam-LIL.jpg","contentUrl":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/11\/Fraud-Scam-LIL.jpg","width":823,"height":471,"caption":"A screenshot of a virtual meeting with four participants in individual frames: Jason Smith (top left), Erin Willis (top right), Eric Gauthier (bottom left), and Eugene Liderman (bottom right). Each name and job title is shown in a red label."},{"@type":"WebSite","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#website","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/","name":"Security","description":"GSMA Security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#\/schema\/person\/d5f2edfe4e539b3d59776c30df030bbe","name":"phau@gsma.com","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5ecee0da5df233cb3e8fbbe640a36de3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5ecee0da5df233cb3e8fbbe640a36de3?s=96&d=mm&r=g","caption":"phau@gsma.com"}}]}},"featured_image_url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2025\/11\/Fraud-Scam-LIL.jpg","_links":{"self":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts\/13899","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/comments?post=13899"}],"version-history":[{"count":2,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts\/13899\/revisions"}],"predecessor-version":[{"id":13902,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts\/13899\/revisions\/13902"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/media\/13900"}],"wp:attachment":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/media?parent=13899"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/categories?post=13899"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/tags?post=13899"},{"taxonomy":"algolia_discover_type","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/algolia_discover_type?post=13899"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}