AI Journal: Why Telecom Regulators Must Embrace Technical Defenses

Scams targeting citizens, businesses, and governments are now a national security issue. Regulators must evolve beyond consumer education and punitive fines, building real-time fraud protection platforms that unite operators, enterprises, and AI-driven technologies under one secure framework. 

Scams and fraud perpetrated through calls and SMS affect national security and election integrity, expose sensitive data, violate privacy laws, and disrupt essential services. Yet currently, the role of most regulating bodies is limited to consumer education and complicated legislation that holds operators liable. Is this enough? 

Smishing, vishing, and other fraud types are on the rise. The STIR/SHAKEN framework, once heralded as a fix, has largely failed. Operators’ individual efforts to block scams at the network level remain insufficient, particularly against advanced spoofing and cross-channel fraud. The responsibility now falls to national regulators, who must recognize that technical frameworks, not education campaigns or legislative stick-waving, are the only scalable path forward. 

A Problem for Every Nation 

Fraud is rising at an unprecedented level. Voice and SMS fraud plague consumers across nearly every country, causing devastating financial losses not to mention the nuisance of an endless barrage of spam and fraudulent calls and messages. According to the CFCA 2023 Global Fraud Loss Survey, telecom fraud now costs operators and consumers over $38 billion annually worldwide. As criminals impersonate trusted companies, consumers are learning to distrust legitimate communications, ultimately disengaging from these once-vital channels altogether. 

This problem extends well beyond consumer inconvenience. Election misinformation, once thought of as primarily a social media issue, increasingly spreads via SMS and robocalls. Telecom fraud also undermines healthcare communications, compromises financial services, and even disrupts logistics networks. During the COVID-19 pandemic, for example, SMS scams impersonating health authorities spread globally, demonstrating how fraud can quickly escalate into a public health risk.

These are not isolated crimes, but systemic threats to national resilience. The stakes could not be higher, and the responsibility of fraud prevention cannot be left to individuals or businesses alone. 

Consumer Education is Not Enough 

From banking apps to government websites, warnings abound: “never click on suspicious links” and “we will never ask for your password.” Yet education efforts fail to keep pace with increasingly sophisticated scams. Public service announcements rarely reach all demographics, and even when they do, fraudsters evolve faster than official messaging can adapt. The most vulnerable citizens, particularly older adults, remain highly exposed.

Even tech-savvy users can be fooled when fraud originates from “trusted” numbers that appear genuine. Most people do not understand how easily numbers can be compromised by attackers, and when combined with other channels (email, SMS, fake websites, and calls), fraud scenarios become quite convincing. There is little or no evidence that raising public awareness has a meaningful, comprehensive, and lasting impact on behavior. Education alone cannot overcome the structural weaknesses of telecom infrastructure. 

Spoofing Is Easy to Do, and Hard to Detect 

The majority of international scams rely on “spoofing,” where caller or sender IDs are manipulated to impersonate trusted numbers. Victims may see calls from what looks like their local bank branch or SMS messages that appear in the same thread as a family member. Spoofing doesn’t always target institutions directly; even local numbers or familiar area codes are enough to lure victims into answering. In reality, these interactions often originate outside the country, exploiting the weak security of global telecom protocols.

With the rise of IP-based traffic such as VoIP and VoLTE, spoofing has become even simpler, requiring little technical expertise or access to specialized telecom infrastructure. Reports suggest billions of spoofed calls occur annually. Despite attempts to strengthen telecom security, distinguishing spoofed traffic from genuine traffic is inherently difficult for any one service provider, leaving operators and regulators with few options to target the root of most scam traffic. 

Telecom Providers Need National Solutions 

Telecom protocols were never designed with robust authentication in mind. Verifying the legitimacy of calls and messages requires cross-operator cooperation, yet competitors in the same market often lack incentives to share information. The result is fragmented defense, leaving the door wide open for spoofing and scams. 

The only viable approach is national-level infrastructure, where all operators are compelled to integrate with centralized verification platforms. Today, regulators often take an adversarial stance, threatening fines to enforce compliance. But a more constructive role is possible: building shared security frameworks that align compliance with the financial incentives and benefits of fraud prevention. This shift requires regulators to act less as enforcers and more as architects of national security infrastructure. 

Technology over Legislation 

Complex legal frameworks and after-the-fact enforcement are an incomplete answer to telecom fraud. Instead, regulators must work with multiple service providers and other stakeholders to adopt technical solutions that work in real time. National-level inter-operator fraud protection platforms can authenticate traffic, block spoofing attempts, and enforce national databases. 

Centralized platforms are able to support Do Not Originate (DNO) lists, “Do Not Call” (DNC) registries, and other services that strengthen consumer protection. Crucially, they reduce the need for resource-intensive investigations and court battles. The next phase of telecom regulation will not be about drafting more rules—it will be about deploying the right technical infrastructure to ensure compliance and protect consumers at scale. 

Why Not STIR/SHAKEN? 

The STIR/SHAKEN protocol, introduced in the United States, aimed to restore trust in caller ID by authenticating caller identity. While it initially appeared promising, results have been underwhelming. Its scope is limited to IP-based voice traffic, excluding TDM networks and SMS entirely. 

Beyond technical limitations, STIR/SHAKEN is difficult to enforce internationally, where most scams originate. Although the protocol has shown some results, it is far from a panacea and does very little to reduce the burden of regulators. These structural flaws explain why it has not been widely adopted outside the US. Other nations need more scalable and adaptable frameworks that can protect all forms of telecom traffic across borders. 

The Time for AI and Validation 

Emerging solutions hold greater promise than legacy frameworks. Technologies under evaluation include end-to-end verification such as out-of-band validation and blockchain-based authentication across both IP and non-IP networks. These approaches provide coverage from TDM to 5G and beyond, ensuring protection regardless of network technology. The most exciting development is the use of AI in fraud detection. 

Predictive AI, trained on billions of data points, is already demonstrating high accuracy in detecting fraudulent voice and SMS traffic. Unlike legacy frameworks, AI adapts in real time to emerging scam patterns, offering regulators a future-proof tool to keep ahead of fraudsters. While AI can be criticized as a “black box,” telecom fraud detection is uniquely suited to transparent outputs that are explainable, measurable, and controllable. When deployed effectively, AI can provide real-time fraud mitigation that scales and adapts to emerging fraud types. 

Cooperation is Key 

All stakeholders have incentives to stop fraud, and national regulators are uniquely positioned to foster this collaboration. Operators lose revenue to fraudulent traffic, enterprises suffer brand damage when impersonated, and consumers lose trust in vital communication channels. Yet cooperation between these groups remains rare, hampered by competition, regulatory silos, and a lack of shared infrastructure. 

By creating frameworks for data sharing, fraud detection, and traffic validation, regulators can protect consumers, privacy, competition, and national security. Industry groups have proven that shared intelligence reduces fraud, but scaling these efforts nationally will require regulatory leadership. Collaboration is the cornerstone in the new fraud prevention paradigm. 

A New Role For Regulators 

Regulators now hold the keys to ending spoofing, scams, and telecom-enabled misinformation. Beyond their traditional role in consumer protection, they are being called upon to secure the integrity of national communications infrastructure itself. Telecom fraud is not merely a financial issue—it is an information security threat and a matter of national defense. 

As the cost of fraud grows, regulators’ responsibilities will expand significantly. They must coordinate technical platforms, mandate operator cooperation, and embrace new technologies such as predictive AI. Consumer education and punitive legislation will still have their place, but the core mission will be technological enforcement. The regulator of the future will be less a watchdog and more a designer of national telecom resilience.