Join Us!
We will contact you shortly

Fraud Hotspot - CLI Spoofing in Europe

  • »
  • »
cli spoofing fraud obr ab handshake
Where there are profits, there is fraud. In the second text of our "Regional Fraud" series, we now explore how attempts to offset revenue losses in the European Union have resulted in a surge in CLI Spoofing in the region.

And this fraud scheme is a major threat for telcos, enterprises and even subscribers. In 2019 alone:

  • Revenue losses to telecom fraud as a whole, around the world, amounted to a whopping $28.3 billion
  • Losses to CLI Spoofing, alone, amounted to $1 billion.
It's safe to assume that losses due to CLI Spoofing in the EU reach hundreds of millions of dollars each year.

The main questions are, "How did this happen?", and, "What can the EU do about it?".

In short, termination rates in the EU have been notoriously high. This is where the problem began. Attempts to reduce rates initially hurt local service providers. And subsequent attempts to help them recover lost revenues through Origin Based Rating (OBR) lead to an upsurge in CLI Spoofing in the region.

If the EU doesn't implement a way of protecting themselves from CLI spoofing, they will fail to help local service providers recover lost revenues and will remain stuck in the same place they were before the OBR era, only this time losing revenue to fraud instead of low termination rates.

To find a solution to this problem, we first need to understand the history of termination rates in the European Union and what changes regulators adopted to help improve the situation (which ultimately backfired, creating a breeding ground for fraud).

History of Origin Based Rating (OBR) in the European Union

To understand why EU operators adopted the OBR model, we need to look at the history of termination rates in the EU and trends in voice traffic volumes.

Historically, termination rates in the EU were generally between €0.01 and €0.15. To unify the rates across the EU and allow residents of different EU countries to call each other at equal-to-domestic rates, regulators eventually forced termination rates down to €0.01 in 2015. But, as a result, local service providers started losing major revenue.

Operators reacted. They introduced the so-called Origin Based Rating (OBR) model. This would essentially introduce higher rates for non-EU originating A-numbers:

  • Termination rates for non-EU A-numbers became much higher than for EU A-numbers (up to 50x)
  • The range of termination rates became much larger, differing greatly from one A-number to the next (from one non-EU location to the next)
Over time, further rate disparities emerged not only between different countries but between networks within individual countries, further complicating the rate structure and its disparities. However, in short, calls to the EU from outside of the EU would now cost much more.

Let's look at which countries adopted this new regime.

EU Countries Participating in OBR

Most countries and service providers within the region face this problem. Since 2015, 35 different countries across Europe have adopted OBR:
This amounts to 85 different service providers operating under OBR across the entire region.

To understand how extreme the rate disparity can be from one A-number to the next, let's consider the case of a local service provider in Portugal.

Case Study - OBR in Portugal

Before the OBR era, termination rates in Portugal ranged from around 0.0080 to 0.1500, depending on the terminating network.

Today, termination rates in Portugal for mobile traffic via local service providers can be as high as 0.40868 EUR. The rate difference from one region to the next is enormous, depending on the A-number country code.

For example, let's look at the termination rates from one region to another for mobile traffic in Portugal with a major local service provider under the OBR model:
Here, you can see there's almost a 70x difference between the minimum and maximum rates…just by changing the A-number. Before OBR, the termination rate difference between most regions around the world was about 20x.

For telcos, this amounts to a 50x additional surcharge which, in theory, could have boosted revenues for local service providers and offset their losses. However, they didn't take into account one critical factor - fraud. More specifically, a lack of sufficient fraud protection.

CLI Spoofing Rises in the EU

While OBR was well-intended and well-designed, fraudsters immediately saw an opportunity to profit off this new regime via CLI Spoofing, a prevalent fraud scheme that's difficult to prevent.

Traditional fraud management systems struggle with CLI Spoofing. So, what can service providers in the EU do?

Fortunately, today we have the technology to stop it. But, to understand how the solution works, we need to first understand how CLI Spoofing operates and why it targets the EU. Here's a quick breakdown.

What is CLI Spoofing?

Here is a definition of CLI Spoofing:
Caller ID spoofing (CLI Spoofing) is the practice of disguising the identity of a call by indicating to the receiver that the call has originated from a station other than the true originating station.
cli spoofing fraud scheme ab handshake
As you can see in the image above, a corrupt carrier in the call chain hijacks a call and disguises it as local or some other form of low-cost traffic by changing the Call Line Identity (Caller ID).

That carrier pays the low rate for the disguised traffic, thereby increasing their profit margins. The person receiving the call sees a number other than the true number that's calling them.
cli spoofing fraud scheme ab handshake
Important note: fraudsters understand that due to the number substitution, the Answer-Seizure Ratio (ASR), or the number of calls that are answered, drops because a called party is reluctant to answer a call from an unknown number. But at the end of the day, they still earn enormous profits.

Why CLI Spoofing Skyrocketed in the EU

Where there are profits, there is always fraud.

Fraudsters quickly realized that the drastic rate differences under the OBR model in the EU offered prime conditions for CLI Spoofing.

Fraudsters didn't need a SIM Box nor to tamper with trunks. They could simply spoof the caller ID (CLI Spoofing) of any non-EU call bound for the EU, change the non-EU A-number to an EU A-number, pay local termination rates and walk away with enormous profits.

This is, essentially, stealing large amounts of revenue from the local service providers in the EU.

If EU operators could stop CLI Spoofing, revenues would return to local providers.

However, traditional fraud management systems aren't capable of completely preventing CLI Spoofing.

Should EU service providers treat this seemingly unavoidable fraud scheme like a tax, accept it, and continue on?

Fortunately, they don't have to. The telecommunications industry now has the technology to stop CLI Spoofing, for good. It's an exciting time to be a part of this industry.

The solution lies in the simple but profound concept of cross-validating call details before a call connects.

Cross Validation - A remedy for CLI Spoofing

How exactly does cross-validation work?

It's easily accomplished by integrating a simple, affordable and effective solution into the current settings of an operator's system. This solution actively monitors all traffic on the operator's network, cross-validating call details from the originating and terminating call registries of each call in real-time, before it connects.

Any inconsistencies it detects between both registries can only mean one thing - fraud.

The solution can immediately detect a CLI Spoofing attack in real-time and allow the operator to terminate the fraudulent call before it connects (or allow the call to connect, as is appropriate in some cases - the choice is theirs).

By cross-validating the call details of the originating and terminating call registries, EU operators can stop every CLI Spoofing attempt on their networks, with 100% accuracy and zero false positives and completely eliminate this nuisance once and for all.

Moreover, they can free the OBR model from debilitating fraud and allow it to accomplish what it initially set out to do - return lost revenue to local service providers.

Cross Validation With AB Handshake

CLI Spoofing has undermined the well-designed approach regulators took to helping businesses thrive in an evolving world and continue providing high-quality services to telcos and end-users in the EU.

AB Handshake is a game-changing solution for completely eliminating CLI Spoofing on any network via cross-validation of all traffic using the handshake.

Here's how it works:
cli spoofing fraud scheme ab handshake
  1. A call is initiated. Call details are sent to the originating call registry.
  2. The originating registry sends a validation request to the terminating call registry.
  3. The validation request reaches the terminating network before the call.
  4. Cross-validation of the call details from the terminating and originating networks.
  5. Additional cross-validation of call details between the terminating network and the owner of the spoofed CLI (two arrows on the right).
  6. Inconsistencies in the call details, including an absence of such data from the owner of the spoofed CLI, indicate that the original A-number was changed to a different A-number.
  7. Call is flagged as fraud and blocked before it connects.
The beauty of the AB Handshake solution is in its simplicity. It makes it impossible for any current fraud scheme (or any future iteration) to penetrate it. It's a guarantee for the present and the future.

It guarantees 100% protection from fraud with no false positives, no matter which region of the world you are located in. This makes it a game-changer in the industry of fraud protection.

Moreover, it is affordable and can be easily integrated into the default settings of any operator's current network, making it accessible to any operator in any country in the world.

As more and more members join the AB Handshake community, validating their traffic with the AB Handshake solution, the network of cross-validated traffic expands, eventually leaving the fraudsters with nowhere to go.

If adopted across the EU, the AB Handshake solution would completely eliminate CLI Spoofing and all other telecom fraud within the region.

Moreover, if adopted on a global scale, AB Handshake will eliminate telecom fraud for good, all around the world.

Join AB Handshake Today

The case of CLI Spoofing in the EU is one of many examples of geographic fraud hotspots around the globe. Different fraud schemes target different regions of the world for different reasons.

It's essential for telcos to understand the environment they operate in, which threats they are up against and how they can stay 100% protected from every threat.

The AB Handshake community currently has 200+ operators at different integration stages, from negotiating their contracts to signing and onboarding.

We are actively onboarding providers from any location around the globe and the system is already validating live traffic to every country in the world.

If you have any questions about AB Handshake, feel free to contact us here. One of our specialists will be happy to chat with you and will respond to your inquiries today.

If you're interested in becoming the next member to join the AB Handshake community, reach us here. One of our specialists will likewise be in contact to get you started with the simple onboarding process today.