CLI Spoofing in Europe - Fraud Hotspot

  • »
  • »
cli spoofing fraud obr ab handshake
In this article, the second in our "Regional Fraud" series, we explore how attempts to offset revenue losses in the European Union have resulted in a surge in CLI Spoofing in the region.

CLI spoofing is a major threat for telcos, enterprises and even subscribers. In 2019 alone:

  • Revenue losses to telecom fraud as a whole, around the world, amounted to a whopping $28.3 billion
  • Losses to CLI Spoofing, alone, amounted to $1 billion.
It's safe to assume that losses due to scammers spoofing numbers in the EU reach hundreds of millions of dollars each year.

The main questions are, "How did this happen?", and, "What can the EU do about it?".

In short, termination rates in the EU have been notoriously high. This is where the problem began. Attempts to reduce rates initially hurt local service providers. And subsequent attempts to help them recover lost revenues through Origin Based Rating (OBR) lead to an upsurge in CLI Spoofing in the region.

If the EU doesn't implement a way of protecting themselves from CLI Spoofing, they will fail to help local service providers recover lost revenues and will remain stuck in the same place they were before the OBR era, only this time losing revenue to scammers spoofing numbers instead of low termination rates.

To find a solution to this problem, we first need to understand the history of termination rates in the European Union and what changes regulators adopted to help improve the situation (which ultimately backfired, creating a breeding ground for fraud).

History of Origin Based Rating (OBR) in the European Union - Precursor to CLI Spoofing

To understand why EU operators adopted the OBR model, we need to look at the history of termination rates in the EU and trends in voice traffic volumes.

Historically, termination rates in the EU were generally between €0.01 and €0.15. To unify the rates across the EU and allow residents of different EU countries to call each other at equal-to-domestic rates, regulators eventually forced termination rates down to €0.01 in 2015. But, as a result, local service providers started losing major revenue.

Operators reacted. They introduced the so-called Origin Based Rating (OBR) model. This would essentially introduce higher rates for non-EU originating A-numbers:

  • Termination rates for non-EU A-numbers became much higher than for EU A-numbers (up to 50x)
  • The range of termination rates became much larger, differing greatly from one A-number to the next (from one non-EU location to the next)
Over time, further rate disparities emerged not only between different countries but between networks within individual countries, further complicating the rate structure and its disparities. However, in short, calls to the EU from outside of the EU would now cost much more.

Let's look at which countries adopted this new regime.

EU Countries Participating in OBR

Most countries and service providers within the region face this problem. Since 2015, 35 different countries across Europe have adopted OBR:
This amounts to 85 different service providers operating under OBR across the entire region.

To understand how extreme the rate disparity can be from one A-number to the next, let's consider the case of a local service provider in Portugal.

Case Study - OBR in Portugal

Before the OBR era, termination rates in Portugal ranged from around 0.0080 to 0.1500, depending on the terminating network.

Today, termination rates in Portugal for mobile traffic via local service providers can be as high as 0.40868 EUR. The rate difference from one region to the next is enormous, depending on the A-number country code.

For example, let's look at the termination rates from one region to another for mobile traffic in Portugal with a major local service provider under the OBR model:
Here, you can see there's almost a 70x difference between the minimum and maximum rates…just by changing the A-number. Before OBR, the termination rate difference between most regions around the world was about 20x.

For telcos, this amounts to a 50x additional surcharge which, in theory, could have boosted revenues for local service providers and offset their losses. However, they didn't take into account one critical factor - fraud (CLI Spoofing). More specifically, a lack of sufficient fraud protection.

CLI Spoofing Rises in the EU

While OBR was well-intended and well-designed, scammers immediately saw an opportunity to profit off this new regime via CLI Spoofing, a prevalent fraud scheme that's difficult to prevent.

Traditional fraud management systems struggle with CLI Spoofing (also known as Caller ID Spoofing). So, what can service providers in the EU do?

Fortunately, today we have the technology to stop spoof calls. But, to understand how the solution works, we need to first understand the mechanism of CLI Spoofing and why it targets operators in the EU. Here's a quick breakdown.

What is CLI Spoofing (Caller ID Spoofing)?

What is a spoofed number? Here is a definition of CLI Spoofing:
CLI Spoofing is the practice of disguising the identity of a call by indicating to the receiver that the call has originated from a station other than the true originating station.
cli spoofing fraud scheme ab handshake
As you can see in the image above, a corrupt carrier in the call chain hijacks a call and disguises it as local or some other form of low-cost traffic by changing the Call Line Identity (CLI, or commonly known as the Caller ID).

That carrier pays the low rate for the disguised traffic, thereby increasing their profit margins. The person receiving the call sees a number other than the true number that's calling them.
cli spoofing fraud scheme ab handshake
Important note: scammers spoofing phone numbers understand that due to the number substitution, the Answer-Seizure Ratio (ASR), or the number of calls that are answered, drops because people are reluctant to answer a call from an unknown number. But at the end of the day, they still earn enormous profits.

Why CLI Spoofing Skyrocketed in the EU

Where there are profits, there is always fraud. Fraudsters quickly realized that the drastic rate differences under the OBR model in the EU offered prime conditions for CLI Spoofing.

Fraudsters didn't need a SIM Box nor to tamper with trunks. They could simply spoof the caller ID of any non-EU call bound for the EU, change the non-EU A-number to an EU A-number, pay local termination rates and walk away with enormous profits.

This is, essentially, stealing large amounts of revenue from local EU service providers.

If EU operators could stop CLI Spoofing, revenues would return to local providers. However, traditional fraud management systems have struggled to accurately trace and block spoofed numbers.

Should EU service providers treat this seemingly unavoidable fraud scheme like a tax, accept it, and continue on?

Fortunately, they don't have to. The telecommunications industry now has the technology to stop spoofed calls, for good. The key to mitigating this fraud scheme lies in the simple but profound concept of cross validating call details before a call connects.

Cross Validation - How to stop spoofed calls

There is good news for EU operators wondering how to stop call spoofing attacks. Cross-validation of call details is a 100% accurate and effective way to block spoofed numbers. How exactly does cross-validation work?

It's easily accomplished by integrating a simple, affordable and effective solution into the current settings of an operator's system. This solution actively monitors all traffic on an operator's network, cross-validating call details from the originating and terminating call registries of each call in real-time, before it connects.

Any inconsistencies it detects between both registries can only mean one thing - fraud. In this case, it instantly reveals that the number on the call was spoofed.

The solution can immediately detect a CLI Spoofing attack in real-time and allow the operator to terminate the fraudulent call before it connects (or allow the call to connect, as is appropriate in some cases - the choice is theirs).

By cross-validating the call details of the originating and terminating call registries, EU operators can stop every Caller Spoofing attempt on their networks with 100% accuracy and zero false positives and completely eliminate this nuisance once and for all.

Moreover, they can free the OBR model from debilitating fraud and allow it to accomplish what it initially set out to do - return lost revenue to local service providers.

Cross-Validation With AB Handshake - How to stop spoofed calls for good

CLI Spoofing has undermined the well-designed approach regulators took to helping businesses thrive in an evolving world. It has undermined the businesses' ability to provide high-quality services to telcos and end-users in the EU. For operators and businesses wondering how to stop phone spoofing for good, AB Handshake offers a solution.

AB Handshake is a game-changing system for completely eliminating CLI Spoofing on any network via cross-validation of all traffic using the handshake. In other words, AB Handshake is an 100% reliable 'spoof blocker'.

Here's how it works:
cli spoofing fraud scheme ab handshake
  1. A call is initiated. Call details are sent to the originating call registry.
  2. The originating registry sends a validation request to the terminating call registry.
  3. The validation request reaches the terminating network before the call.
  4. Cross-validation of the call details from the terminating and originating networks.
  5. Additional cross-validation of call details between the terminating network and the owner of the spoofed CLI (two arrows on the right).
  6. Inconsistencies in the call details, including an absence of such data from the owner of the spoofed CLI, indicate that the original A-number was changed to a different A-number.
  7. Call is flagged as fraud and blocked before it connects.
The beauty of the AB Handshake solution is in its simplicity. It makes it impossible for any current fraud scheme (or any future iteration) to penetrate it. It's a guarantee for the present and the future.

It guarantees 100% protection from fraud with no false positives, no matter which region of the world you are located in. This makes it a game-changer in the industry of fraud protection.

Moreover, it is affordable and can be easily integrated into the default settings of any operator's current network, making it accessible to any operator in any country in the world.

As more and more members join the AB Handshake community, validating their traffic with the AB Handshake solution, the network of cross-validated traffic expands, eventually leaving the fraudsters with nowhere to go.

If adopted across the EU, the AB Handshake solution would completely stop spoofed calls and all other telecom fraud within the region.

Moreover, if adopted on a global scale, AB Handshake will eliminate telecom fraud for good, all around the world.

Join AB Handshake Today

The case of CLI Spoofing in the EU is one of many examples of geographic fraud hotspots around the globe. Different fraud schemes target different regions of the world for different reasons.

It's essential for telcos to understand the environment they operate in, which threats they are up against and how they can stay 100% protected from every threat.

The AB Handshake community currently has 200+ operators at different integration stages, from negotiating their contracts to signing and onboarding.

We are actively onboarding providers from any location around the globe and the system is already validating live traffic to every country in the world.

If you're interested in how to stop number spoofing attacks and want to join the AB Handshake community, or if you have any questions about AB Handshake, feel free to reach us here. One of our specialists will be happy to chat with you or get you started with the simple onboarding process today.