UK 070 Number Range Consultation

 

Update: 19 August 2018

Following their consultation, Ofcom has issued a draft statement on their review of the 070 personal number range. Though this acknowledged the key observations made by RAG’s joint submission with Biaas, the regulator has chosen to ignore our advice and will focus solely on the use of wholesale price controls to counter the fraud and bill shock prompted by the confusion of 070 ‘personal’ numbers with mobile numbers beginning 07. In particular:

  • Ofcom rejected our call for enforcement activity targeted at the small number of 070 providers responsible for fraud.

  • Dismissed concerns that hospital inpatients reliant on bedside phones using 070 numbers might be negatively impacted.

  • Concluded that the costs involved in rearranging the national number plan so personal numbers are no longer grouped alongside mobile numbers beginning 07 would not be justified relative to the benefits delivered.

RAG believes Ofcom is mistaken on all three points.

  • Enforcement action is always necessary to deter fraud; Ofcom’s statement has effectively signalled to fraudsters that they need not fear punishment because the regulator considers enforcement to be ineffective even in cases where most fraud is perpetrated by a very small number of unscrupulous businesses.

  • For hospital patients, Ofcom is confusing the total extent of exploitation with the severity of exploitation for those who are most vulnerable. Whilst Ofcom may be right to hope that economic and technical factors will lead to lower prices and greater use of mobile phones within hospitals, some patients will continue to be dependent on the effective monopoly of their bedside phone and the associated entertainment and communications services provided to them. The prices these individuals will be expected to pay following Ofcom’s proposed changes has not been subjected to any meaningful analysis.

  • Widespread confusion between 070 personal number and 07 mobile numbers has been apparent since the regulator decided in 1997 to group personal numbers alongside mobile numbers. Over 20 years of fraud and bill shock has followed as a consequence. The cost of revising the number range occurs only once, whilst the costs of refusing to correct the original mistake are ongoing. Furthermore, criminals are able to exploit the 070 range because so few people regularly use it. To argue that it is not worth eradicating this problem is to tacitly admit that it is cheaper to continue to allow members of the public to be preyed upon by fraudsters than to make the regulatory, technical and commercial changes necessary to end this kind of abuse. The distress caused to phone subscribers by crime should not be measured as a simple cost-benefit analysis, as the people paying the cost for crime are not the organisations avoiding the cost of reform.

RAG is hence disappointed with Ofcom’s statement, but we will continue to draw attention to the need for change.

Continue reading for more about the issues with the UK’s 070 personal number range, Ofcom’s consultation and the submission made by RAG in cooperation with Guy Howie of Biaas.

Overview

The UK has a serious problem with telecoms fraud, partly caused by the way its dialling plan has been designed. This has long been known by serious fraud professionals, even if most of the British public remain unaware of it. However, RAG is acting on an unusual opportunity to address one of the key causes of fraudulent calls that terminate in the UK. UK regulator Ofcom has proposed changes that will affect service providers interested in a portion of the UK number plan that is associated with fraud. RAG has collaborated with respected number plan expert Guy Howie to respond to Ofcom’s public consultation, highlighting where we disagree with Ofcom’s proposed changes and why. We believe our proposals point to a better way to reduce inbound fraudulent traffic terminating in the UK.

The scale of the UK’s fraud problem was recently confirmed again by the Communications Fraud Control Association (CFCA) through their 2017 global fraud survey. This concluded that the UK was in the top 10 countries for the termination of fraud, receiving 4 percent of all fraudulent calls made worldwide. Sadly, this was not news to fraud professionals, as the UK has consistently ranked amongst the worst for inbound fraud. The UK is the only G20 country in the fraud termination top 10, and is one of only two OECD countries in that list, along with Latvia. The UK’s problem with inbound fraud places it on a par with countries like Cuba, Tunisia, Jamaica and Somalia.

Instead of addressing weaknesses that foment crime worldwide, the UK has long resigned itself to being amongst the worst. We have an opportunity to change that now. Many fraudulent calls are being terminated on the UK’s 070 number range. Ofcom has proposed changes to the management of that portion of the UK dialling plan. Now that attention has been directed towards an admitted long-standing problem our industry has an opportunity to take positive steps that will reduce international crime. If you are a fraud professional, or even if you are just an interested lay person, please take a few minutes to make yourself aware of the issues, and how you can support change, by continuing to read about the issues and how RAG has responded to Ofcom’s consultation.

In subsequent sections we detail:

The Problem

To Ofcom’s credit, they provide a thorough explanation of the reasons why telephone numbers that begin 070 have become a magnet to fraudsters in their consultation document. When mobile telephony was still new, the UK regulator decided to group ‘personal’ or ‘follow me’ numbers that begin 070 alongside the numbers beginning 07 and which are associated with mobile phones. However, these uses are very different, and the confusion between them leads to exploitation of telecoms customers not just in the UK but also worldwide. The cost for dialling an 070 number is typically higher than that for calling a mobile phone, and part of that fee may be paid to the recipient of the call. This creates an incentive for criminals to exploit the confusion between 070 numbers and ordinary mobile phone numbers.

Ofcom’s consultation document accepts that the 070 range has encouraged fraud.

High 070 termination rates caused by 070 TCP’s SMP have the potential to lead to many cases of fraudulent use of the number range. According to a 2013 National Fraud Intelligence Bureau (NFIB) report to Ofcom, there were 4,596 offences reported to ‘Action Fraud’ in the period 1 January 2011 to 31 July 2013 that related to Personal Numbering Services (PNS). 070 numbers accounted for 96.1% of these and 98.4% of the total victim-reported loss of over £17.1m.85 Not all fraud is likely to be reported and we estimate up to 60% of 070 traffic is potentially fraud-related.

They describe one of the key motivations for fraudulent traffic terminating on the 070 range.

One type of fraud arises because service providers using 070 numbers earn a profit from termination rates for calls to these numbers through a revenue share arrangement with the end-user. Fraudulent users posing as service providers convince callers to ring under false pretences (e.g. a text message saying they have been mis-sold payment protection insurance (PPI)) in order to benefit from their share of the very high termination rates. For example, 94 of the 070 complaints received by Ofcom between January 2013 and May 2017 related to consumers feeling they had been tricked into calling a 070 number. Most of these complaints related to consumers applying for a job online and receiving a response asking them to call a 070 number to discuss the job or set up an interview, while some related to the use of dating websites or missed calls from a 070 number asking for an urgent call back.

Ofcom also identifies the wholesale abuse of the 070 range by unscrupulous firms.

Data from our research shows that, between January 2016 and August 2017, there were approximately 30% more calls generated to personal numbers from abroad when compared to the relative distribution for both geographic and mobile destination numbers, and that this figure even exceeded 50% in several months.

This is indicative of the generation of calls to take advantage of the failure in some international telecoms providers to distinguish in their charging between low cost calls to UK mobiles and higher charged 070 calls. Thus, fraudsters are able to generate traffic to their own numbers at a lower cost than the revenue received.

We support Ofcom’s desire to implement reforms to address these serious issues that have seriously damaged the reputation of the UK within the international telecommunications community. However, we do not agree with Ofcom’s proposed changes.

Good and Bad Reform

Put simply, Ofcom wishes to remove the incentive for fraud by implementing a termination price cap on calls made to the 070 range.

We have considered options for determining the cap and have provisionally concluded that the most appropriate approach is to align the cap with that for mobile numbers, set by Ofcom, currently circa 0.5ppm.

We anticipate that, by aligning the 070 termination charge to that of mobile numbers, this will remove the incentive for domestic and international fraud. It should also clear the way for retail telecoms providers to price 070 and mobile calls similarly, which should, in turn, reduce the potential for consumer harm through ‘bill shock’. Further, providers may start including 070 numbers in inclusive call packages, together with mobile calls.

RAG believes that this is a fundamental mistake. Fixing termination rates so that calls to 070 numbers cost a similar amount to calls to other numbers beginning 07 will reduce the incentive to criminals, but it does not address the root cause of the original problem: that customers believe that dialling an 070 number will call somebody’s mobile phone. As a consequence, the public will continue to be at risk of being deceived.

Furthermore, there are legitimate uses of the 070 number range, and genuine business models that rely on the income generated by a relatively high call cost. The strongest example is the extent to which NHS hospitals receive an income from calls made to telephones placed alongside a patient’s bed. Simply reducing the price of calls made to 070 numbers used in hospitals risks eliminating the revenues that currently subsidize hospitals. It also undermines the business case for providing these telephones, which are used on a sporadic basis. As a consequence, hospital patients that rely upon a fixed-line phone by their bed – who are most likely to be elderly – may lose an important source of communication with their family and friends.

Price caps impact every provider, but the industry knows that only a few providers are responsible for encouraging most of the fraud that is taking place. This is backed by independent research. In “The Role of Phone Numbers in Understanding Cyber-Crime Schemes”, Andrei Costin and fellow academics reached this conclusion:

We observe that, in our dataset, the top 4 operators (out of 88) provide more than 90% of fraud-related UK PRS numbers. In one case, fraud-related numbers represent almost 5% of an operator allocated numbers range.

Rather than introducing price caps, we believe the best solution is for Ofcom to end confusion in the minds of customers by changing its dialling plan so that the so-called ‘personal’ 070 numbers begin with a different series of digits, so they bear no similarity to the 07 numbers that everyone associates with mobile phones. This will undermine the business model of those few providers who deliberately profit from that confusion.

The RAG Response in Detail

The author of RAG’s response to the 070 consultation is Guy Howie, a widely recognised expert in number range management. Guy founded his business, Biaas, a decade ago, and his firm is commonly agreed to be a leading provider of expert advice in number plan management for pricing, assurance, and fraud management. Biaas customers include BT, Vodafone, MTN, Virgin Media and Lebara. Prior to forming Biaas, Guy worked as an assurance manager in Cable & Wireless and Telewest, and he is a chartered accountant and qualified CISA auditor. Put simply, there are very few individuals who can rival Guy’s experience of managing dialling plans on behalf of telcos.

Guy focused his response on two of the questions posed by Ofcom’s consultation. Guy’s answers are reproduced below.

Do you agree that our proposal to implement a charge control on 070 TCPs in the form of a benchmark rate is appropriate? If not, please explain why.

No, we do not agree with Ofcom’s proposal to implement controls over charges.

Probably the most important legitimate use of 070 destinations today is to allow friends and family to speak with their loved ones who are restricted to hospital beds across the NHS. The provision of these services, whilst not universally popular, is still a vital link for patients and their families. This is also true because many NHS wards do not allow the use of mobile phones, not everybody wants a mobile phone, and many friends and relatives do not have the time to make visits.

Telecommunications service providers have invested millions in providing and maintaining these vital services to hospital patients and we do not believe it is the role of Ofcom to impose such draconian price changes which risk disrupting such a vital service when the market for such services is obviously in decline. Such a move might make great headlines for Ofcom, but would inevitably lead to higher prices in other areas.

Ofcom should also please consider publishing the exact proportion of 070 traffic minutes which are legitimate calls terminating to such hospital based services, as we believe this overall proportion in the current day to be much higher than Ofcom thinks. We would also like to see what proportion of legitimate voice calls (by minutes) Ofcom believes to be terminating on the other uses for these numbers such as redirection services, classified adverts, and machine contacts, as we believe legitimate usage (as opposed to fraud) to be minimal.

We would encourage Ofcom, if it has not yet had the opportunity, to fully consider the findings of an academic paper entitled ‘The Role of Phone Numbers in Understanding Cyber-Crime Schemes’ by Andrei Costin et al of Eurecom, a communications research centre. This document can currently be found at the following web link.

http://s3.eurecom.fr/docs/pst13_phones.pdf

There is an entire section in the document devoted to UK Personal Numbers (070/075/076 – not just 070) which concluded that “just 4 operators (out of 88) provide more than 90% of fraud-related UK PRS numbers.” We therefore believe it is unfair and blunt to enforce pricing controls when only a small number of known operators are the ones responsible for the bulk of problems. Perhaps Ofcom could consider directing efforts at tackling these 4 minor operators instead.

Do you have any further comment on our proposals for regulating 070 termination rates? Please provide reasons and evidence in support of your views.

We would urge Ofcom to please consider that the problems it has outlined which are associated with the 070 number range, such as excessive prices, bill shock, service provider fraud, international artificial traffic inflation, and identify related fraud, have very little to do with companies providing services to patients and their loved ones, and more to do with management of retail telecommunications number plans and pricing, and also management of telecommunications wholesale operations. We do not believe that the valid service providers should be impacted by these problems as they do not contribute towards them. We believe Ofcom could do more at a strategic level to help guide the industry in best practice for both making pricing more obvious and in the management of wholesale operations to eradicate fraud.

Rather than imposing price changes which are restricted to 070, Ofcom may also wish to consider kicking off the wider strategic initiative of reviewing and improving the UK telephone numbering plan. This could be done in such a way as to create a real separation between ‘normal 07 mobile’ and ‘all other expensive 07 type destinations’ We observe that there are many other 07 destinations which cause issues such as 07305 – fw10, 074180 – fw12, 074521 – fm11, 077978 – f. These types of other destinations have also been seen to occasionally result in bill shock, service provider fraud or international artificial traffic inflation. They are also, like 070, generally omitted from free bundled mobile minutes for UK consumers. For example, all expensive 07 destinations could in theory be assigned to the 04 or 06 numbering bands. Assignment to existing 08 and 09 bands may not be an ideal solution as the pricing structures required may not be in place and such an assignment may result in issues such as national call barring or inability to dial numbers form overseas. Much longer term, such an initiative could also pave the way for simplification of any possible future portability between UK fixed line and UK mobile telephone numbers.

Guy focused on these two questions whilst ignoring the distraction posed by a number of Ofcom’s other questions that have no bearing on these answers. You can see Guy’s answers in the content of all Ofcom’s questions by looking reviewing the draft consultation response given below.

If You Agree With Our Response

RAG canvassed the opinions of its network of contacts prior to approving Guy’s consultation response. The feedback received was all supportive, and came from a mixture of UK and overseas professionals, showing the extent to which this problem encourages both domestic and international fraud.

Whilst our submission has already been submitted to Ofcom, we encourage all professionals to continue to lobby Ofcom to implement effective change that will target the root causes of fraud. Many professionals privately express the belief that a small minority of corrupt businesses are to blame for the high levels of fraud that tarnish the UK’s reputation. However, the UK authorities seem unwilling to target these firms, and instead prefer broad brush measures like controls over prices, even though these will hurt many legitimate businesses too. An unwillingness to address the fundamental issue – that some businesses have built their revenue models around the opportunity to mislead the unwary – leads both the regulator and other telcos to turn a blind eye to root causes. The best way forward is to eliminate the potential for deception, and to aggressively punish those few businesses that profit from deception. If you agree with us, please join us in arguing for a fundamental change in the way the UK regulator understands and responds to serious and ongoing fraud.

© Risk & Assurance Group