The telephone number has become an essential identifier, not only for communications purposes but for all manner of trusted digital processes. David Wilson, a vice president at iconectiv, tells George Malim, the managing editor of VanillaPlus, that modern approaches to managing number portability through a centralised database help to protect numbers from fraudsters and provide smooth transitions for users.
George Malim: Why is number portability so important to fraud prevention?
David Wilson: The telephone number in today’s digital-first world is used as a mechanism to register your identity so people and businesses can set up communication with you. Everybody uses their telephone number every day in all aspects of their business and personal lives. Because of this, the telephone number has consequently become a gateway for criminals to assume a person’s identity. Evolving technology has opened a whole new world of possibilities for fraudsters to anonymously defraud people and businesses of information and money that crosses city, state and country lines. The phone number has become one of the most critical digital identity data points because, once a fraudster has control of a person’s phone number, they can take over their identity in a matter of minutes – accessing bank details, making purchases and using stolen identities to commit further crimes. The scale and breadth of this fraud goes far beyond stealing grandma’s lifesavings; it funds drug cartels, human trafficking, illegal gun sales, terrorist activities and wars.
These high stakes have put an increasingly important emphasis on protecting the phone number and ensuring the door remains locked to those trying to defraud, steal, scam and divert the f low of money from its intended recipients. Criminals know that if they can hijack a mobile account, they can take over the account holder’s identity; so maintaining the integrity of phone numbers is essential to improving resilience to cybercrime and cyberattacks. Hijacking phone numbers is a stepping stone to account takeover of bank and ecommerce accounts, impersonation to open new accounts or lines of credit, fraudulent claiming of benefits, holding of individuals and companies for ransom as well as theft of intellectual property and commercially sensitive information.
GM: What is being done to prevent number related frauds and why has so much reliance on the phone number happened?
DW: The mobile phone number has become the key enabler of the entire digital economy because it facilitates the vital trusted digital identity that provides a foundation for interactions. In the mobile-first world, the phone is the gateway for everything users do, and mobile numbers have become an extremely useful and unique method of identification. Of course, that makes it valuable and sought after by fraudsters, so it’s essential to protect and securely manage mobile numbers, even as users move from service provider to service provider.
For these reasons, a secure porting process has become paramount to enabling users to keep the same number for life while denying criminals the opportunity to hijack the number porting process. To achieve this, many countries across the globe have created centralised databases that provide details regarding which service provider owns or operates the number, the person or business the number is assigned to and when the number was ported. These data elements can help raise red flags and reveal when a number has been stolen, stopping fraudsters and their criminal activities in their tracks.
GM: What flaws in number porting need to be addressed?
DW: The biggest flaw that needs to be addressed is that not all countries have a centralised database of numbers. Without this, the security vulnerabilities are ratcheted up since there is no true, reliable intel about every individual phone number.
Fortunately, different countries have taken similar approaches, setting out similar requirements for service providers to comply with a centralised number portability system and using the call routing method of ‘all-call-query.’ Unfortunately, some countries, including the UK, have a number porting process rather than a secure centralised system. The process hasn’t kept up with technology changes or customers’ reliance on mobile devices to perform various functions beyond standard voice and text communications.
These differences create opportunities for fraudsters to exploit porting processes that were not designed for the volume, velocity and security that is now needed in today’s mobile-first world. As a result, countries using these archaic processes face security weaknesses and gaps, which must be closed immediately to prevent identity theft and other fraud.
GM: How does iconectiv help?
DW: We’ve been providing a secure number porting centralised database system to countries around the world that supports the call routing method of ‘all-call-query.’ For example, we’re the number porting provider in the United States (US) and India. In both cases, there is a centralised system based on the latest security standards. This protects the integrity of the number while giving flexibility to users and providing them with a fundamental choice of service provider while keeping their number.
There are variations in how porting is established and managed in different markets. For instance, there’s a normalised standard around a centralised database but the process of how the number is ported can differ widely. In the US, for example, porting is required to happen within two hours, while in other markets 24 hours is mandated. In some countries, only mobile number portability is required while others require both fixed and mobile portability; so, there are differences to accommodate the requirements of national regulators.
In general, we see best practices from countries such as Chile and the US that rely on a centralised database and have efficient policies regarding how their porting data is shared with organisations, such as financial institutions, to mitigate fraudulent activity. However, there are issues that need to be addressed to not only ensure secure porting but also smooth re-allocation of numbers.
Commonly, a range of numbers are allocated to a service provider. These number ranges are known by each service provider network routing systems to be the number ranges for a specific service provider and, therefore, calls and messages are routed to the correct service provider who owns that number range. The situation is complicated when a customer moves service providers, and this needs to be resolved to prevent inefficient routing.
For example, if Vodafone has a range of numbers and a customer switches to O2, the number continues to look like a Vodafone number. So, an ‘all-call-query’ process is needed to ensure the call is routed correctly to the service provider responsible for the number, in this case O2. This eliminates the need of call forwarding from the original network to the new network. Countries that do not use a centralised system and ‘all-call-query’ rely on call-forwarding processes that increase routing costs, create delays and impact customer satisfaction.
Other flaws of not using a centralised number portability system include the potential to lose your number if you port it to a service provider that goes out of business. This is because without the centralised system, there is no sharing of ported numbers among the service providers.
GM: The UK was among the first markets to introduce number portability. Is that process still f it for purpose?
DW: In the UK, the current process has been in place since the late 1990s and relies on the user going to their current service provider to get a Porting Authorisation Code, or PAC code, to take to the service provider they wish to port their number to. This is called a donor-led porting process. In most of the counties, the user goes to the service provider they wish to port their number to start the porting process.
Although the UK was one of the first markets to enable number portability, the immense changes in the mobile and digital world that have occurred in the intervening quarter century have left a well-intentioned but inefficient number portability regime. Consider that in 1998, there were no iPhones and no VoIP options, yet the UK process has not evolved to reflect these vast changes and innovations in the market.
GM: What approaches have other markets taken?
DW: We’ve been supporting number portability in India for nearly 15 years. When it first launched, the process was donor-led and porting volumes were very low because the donor would take the information that a user was preparing to leave and incentivise them to stay. That showed that the best way to manage the process is to have the recipient – the new service provider – handle the porting process.
India and the US have very large volumes of porting today, so their respective systems need to be able to handle that. One million ports per day is typical, so effective porting comes down to how the system is architected. Conversely, in the UAE, where there are 22 million subscribers, volumes are smaller so the system can be architected differently. Either way, it should be a secure system, managed by a neutral administrator, that drives the choice, convenience and innovation that number portability ultimately provides.
GM: How has the importance of secure number portability increased in recent years?
DW: A phone number is no longer just an identifier for communication like it was in 1998. It has become an enabler of trusted digital identity that people carry with them throughout their lives. Technology has moved on and old number portability processes are not set up to enable trust in a way that is needed for today’s digital world. Fraudsters don’t stand still, so protection in porting processes needs to continuously evolve.
The reality is that mitigating this type of communication fraud can only be achieved by addressing the heart of this issue – the active protection and tracking of the entire life of a phone number. That comprehensive approach ensures the gaps that fraudsters exploit are minimised.
Comment on this article via X: @IoTNow_ and visit our homepage IoT Now
