Provocative paper from Omnisperience questions if UK is pro-customer or pro-criminal; author delves into process overlooked by telecom industry stakeholders, exploited by fraudsters
With fraud costing the British economy £137 billion, this month UK-based analyst house and consultancy Omnisperience issued a new white paper, ‘UK Digital Fraud: There’s a gap in the UK digital infrastructure and it’s letting fraud in.’ iconectiv sat down with the paper’s author Chief Analyst Teresa Cottam to discuss the current fraud issue and why she believes a revamp of how the UK handles number porting is critical for a modern digital economy.
The United Kingdom (UK) initially implemented number portability in the 1990s as a means for consumers and businesses to change service providers – maybe for a better price or a better service – but still keep their same phone number. Why now do you believe it’s time for an overhaul to the current process?
So much has changed in the nearly three decades since number portability was implemented in the UK. In the 1990s and early 2000s, we primarily used our mobile devices for phone calls and SMS. Fast forward to today and the mobile phone is embedded in our daily lives. Whether using our faces to unlock our bank accounts or authorize access or facilitating password changes or transactions using a security code that’s been texted to us, the mobile phone is a key enabler of an entire digital economy and has essentially become our digital identity. Unfortunately, criminals know the value of being able to hijack someone’s identity – by way of their mobile number – as a gateway to a wide variety of other crimes. Because our number porting process in the UK hasn’t kept up with changes in technology or customers’ reliance on their mobile devices, and because it was not designed for the volume, velocity or variety of porting that’s taking place today, there is a fundamental gap that allows fraudsters in. As a result, we must recognize and act to close that gap immediately.
You mentioned the value of being able to hijack someone’s identity. What types of figures are we talking about?
The numbers are staggering. In the UK the Centre for Counter Fraud Studies at the University of Portsmouth estimates that £137 billion is currently lost to fraud, and that 80% of fraud is now cyber enabled. But this is likely just a drop in the ocean because a proportion of fraud goes under the radar. Cybersecurity Ventures, for example, expects global cybercrime costs to grow by 15% per year over the next five years, reaching $10.5 trillion annually by 2025. This makes it far more profitable than other illegal tactics.
Factored into this is the exponential growth of IoT, which is a new target surface for fraudsters. This means we don’t just have to protect digital ID for humans but also machine identity for those devices connected via cellular networks. The last CFCA (Communications Fraud Control Association) report from 2021 found that only 41% of service providers were monitoring for IoT fraud. And IoT was perceived to be the biggest emerging fraud risk.
One of the problems though is that communications service providers (CSPs) focus on the types of fraud that are costing them money. In fact, a report by the UK’s House of Lords in August 2022 found that phone companies were not doing enough to protect customers. As such they view telecoms as acting as enablers of fraud – even if inadvertently.
Let’s talk a little more about the House of Lords report, which is something you specifically call out in your white paper.
The UK’s House of Lords (HoL) produced an in-depth report on fraud in the UK, which found that telecoms were one of three industries not doing enough to protect UK citizens against fraud. Specifically, they (telecoms) were expecting other industries – such as banking – to carry the cost of the fraud and the HoL said this was simply not good enough. The HoL noted that there’s been a massive increase in certain types of fraud, such as SIM Swap fraud, which increased 400% between 2015 and 2020. The HoL also say that unless there are serious consequences, they don’t believe there’s the will to fix the problem. As a result, the HoL propose a new criminal offense of negligently failing to protect customers against fraud (similar to what we currently have with GDPR), as well as outlining civil liability. There is already case law that has established that telcos are liable for customer losses, inconvenience and stress if they don’t follow best practice on identification, for example.
In our own report published this week, ‘UK Digital Fraud: There’s a gap in the UK digital infrastructure and it’s letting fraud in,’ we look at one of the UK’s main vulnerabilities – specifically number portability – and why this is wide open to abuse. We also examine why this vulnerability prevents CSPs from cooperating with banks to close the opportunity to fraud. Fortunately, we believe that there is a viable solution to solving this issue. The key is in getting the UK and industry players on board to make it a reality.
The new Omnisperience white paper, ‘UK Digital Fraud: There’s a gap in the UK digital infrastructure and it’s letting fraud in’ can be downloaded here.
In part two of our interview with Teresa Cottam, we will talk about why she thinks now is the time to act, and how the UK can take a page from the playbooks of other countries offering number portability.