Corporate report

Fraud sector charter: telecommunications (accessible version)

Updated 21 November 2022

This was published under the 2019 to 2022 Johnson Conservative government

Opening statement

Telecommunications providers recognise the significant risk of fraud and scams against UK customers and providers. This is giving rise to substantial consumer harm and is affecting businesses. Faced by an increasing threat of industrial-scale fraud, telecommunications providers and Government will work in a coordinated manner with other industries and stakeholders to reduce its impact.

Actions under this Sector Charter, including solutions implemented by telecommunications providers to reduce fraud and scams, will accord with providers’ legal and regulatory obligations, including in relation to data protection

Specific fraud risks in the telecommunications sector

Fraud risks directly affecting telecommunications customers

Scam Calls: Criminals call to obtain personal information, socially engineer and/or defraud the victim. Scam calls are made more realistic by number “spoofing”, which makes the call appear to be from a trusted number.

Smishing: Criminals use SMS/text messages to obtain personal information, socially engineer and/or defraud the victim.

Fraud risks resulting in wider customer financial fraud

Identity Theft / Subscription Fraud: Criminals use personal data, which may be illegally obtained, to apply for mobile devices and other credit services in the victim’s name. Customers suffer identity theft and telecommunications providers subscription fraud.

SIM Swap/ Network Divert Fraud: Criminals take over a customer’s account by applying for a new SIM or network divert in their name. Criminals use personal data, which may be illegally obtained, and other credentials to pass security checks to access the victim’s accounts.

Mobile Number Porting Frau: Similar to SIM Swap, a criminal transfers a victim’s number to another network to intercept communications intended for the victim to access the victim’s accounts.

Actions to tackle fraud risks directly affecting telecommunications customers

Action (1) – Work to identify and prevent scam calls


Objective: Reduce the impact of scam calls on customers.

Action: Telecommunications providers will work to identify and implement techniques to block scam calls. This action will be supported by Ofcom through the Strategic Industry Working Group. Data on sources of scam calls will be shared within the industry. Data sharing to combat fraud and scams, will be supported by specific case studies which will be provided to the Information Commissioner’s Office (ICO) for potential inclusion in its data sharing hub. Providers will extend data sharing to law enforcement and banking.

Outcome: Enhance call blocking solutions to protect customers and reduce fraud.

Agree approach 3-6 months. Implement 1-2 years.

Actions to tackle fraud risks directly affecting telecommunications customers continued

Action (2) – A co-ordinated approach to tackle smishing


Objective: A coordinated attack on smishing from telecommunications, law enforcement, NCSC and banking.

Action: Telecommunications providers will work to identify and implement additional techniques to block smishing.

This action will be supported by Ofcom and Mobile UK through the Mobile Scams Group. A co-ordinated effort to review the use of the 7726 spam reporting service will be initiated, involving telecommunications providers, law enforcement and banking to explore how the 7726 database can be used more effectively against smishing.

Providers will consider messaging provided to customers using 7726 to encourage adoption.

Providers will share reported URLs and phone numbers suspected to be linked with smishing with the National Cyber Security Centre (NCSC) and National Fraud Intelligence Bureau (NFIB). Providers will seek to restrict access to URLs confirmed by the NCSC as used for smishing in accordance with legal and regulatory obligations.

Outcome: Improve knowledge, and reduce volume and impact, of smishing.

Agree approach 3-6 months. Implement 1-2 years.

Actions to tackle fraud risks resulting in wider customer financial fraud

Action (3) – Use of Dynamic Direct Debit to tackle identity theft affecting customers and subscription fraud affecting providers


Objective: Introduce a banking authorisation step into the Direct Debit initiation for new telecommunications contracts.

Action: The telecommunications industry will be supported by the banking industry in developing a pilot Dynamic Direct Debit system to facilitate three-way authentication and authorisation at the point of sale between a customer, their bank and the telecommunications provider.

The pilot will consider usage by different customer demographics. The telecommunications industry will consider Open Banking to achieve this.

Outcome: Reduce risk of identity theft/subscription fraud.

Pilot approach 3-6 months. Implement 1-2 years.

Action (4) – Use of real-time checking to tackle SIM swap and Mobile Number Porting fraud


Objective: Enable fraud to be reduced by a co-ordinated telecommunications /banking industry effort.

Action: The telecommunications industry will continue to support the banking industry by supplying a consistent real time check of whether or not a mobile phone has recently been subject to a SIM-swap or MNP using GSMA’s Mobile Connect Account Takeover Protection standard supported by all providers.

Telecommunications providers will work with UK Finance to ensure the banking sector is fully aware of the SIM-Swap/MNP data available and to explore other information/services which providers may be able to supply to further reduce this fraud.

Outcome: Reduce risk of SIM-swap and MNP fraud.

Implement 3 months – 1 year.

Action (5) – Sector information sharing


Objective: Improve industry cohesion in detecting and responding to fraud.

Action: Telecommunications providers will share information within the industry to detect and reduce fraud against customers and providers.

This action will be supported by a specific case study which will be provided to the ICO for potential inclusion in its data sharing hub.

Providers will extend data sharing to law enforcement and banking.

Outcome: Rapid & regular sharing of information on sources and nature of fraud attacks.

Agree approach 6 months. Implement 6-18 months.

Action (6) – Systematic sector analysis of shared fraud information and other intelligence


Objective: Analysis of information to identify participants in significant/ repeated fraud against customers and providers.

Action: Telecommunications providers will analyse shared information (and information from other sources) to identify sources and participants in significant/repeated fraud against customers and providers to an agreed threshold.

This action will be supported by a specific case study which will be provided to the ICO for potential inclusion in its data sharing hub.

Information will be developed into actionable evidence to be shared with law enforcement.

Outcome: Identification of participants in significant/ repeated fraud against customers and providers made available to law enforcement.

Agree approach 3 months. Implement 3 months – 1 year.

Actions to tackle fraud risks resulting in wider customer financial fraud continued

Action (7) – Engagement by law enforcement to investigate significant / repeated fraud against customers and providers


Objective: Create a more effective reporting route for significant / repeated telecommunications fraud.

Action: Telecommunications fraud reports will be submitted to Action Fraud by industry for recording on the national crime database.

City of London Police (CoLP), National Economic Crime Centre (NECC), and NCSC will each appoint a telecommunications fraud point of contact for the providers to discuss significant/repeated telecommunication fraud.

Providers will join the NECC Threat Group, through which they will share information where significant/repeated fraud has been identified that is impacting customers or companies. Where information is presented at the NECC Threat Group, the NECC will consider the optimum approach which may include creation of a pop-up fusion cell to tackle the issue, subject to internal prioritisation.

Outcome: Enhance collaboration to enable a more agile approach to tackling fraud.

Enable action in cases of significant/ repeated fraud.

Agree approach 3 months. Implement 3 months – 1 year.

Action to support victims of telecommunications fraud

Action (8) – Improve support given to victims of telecommunications fraud


Objective: Improve fraud victim experience.

Action: Telecommunications providers will work with groups providing support to fraud victims to understand current concerns with telecommunications fraud victim handling and to identify best practice that could be adopted by industry.

Telecommunications providers will work with these groups to respond to reports of poor victim handling.

These groups will support providers with consistent signposting to victims on the support available should they require it.

Outcome: Improve treatment of fraud victims by industry.

Improve current processes for support of victims.

Increase customer awareness of courses of action following fraud.

Initial meeting with victim support groups within 3 months. Agree approach 6 months.

Implement 6-18 months.

Action to increase awareness of telecommunications fraud

Action (9) – Increase fraud awareness


Objective: Implement fraud awareness measures to reduce customer vulnerability.

Action: Telecommunications providers will support law enforcement and government by delivering communications sector fraud awareness messages.

Providers will participate in a public and private sector strategic communication steering group, which will review the effectiveness of existing awareness measures and consider using more consistent cross-sector messaging to the public.

Outcome: Increased fraud awareness; changed customer behaviour and reduced fraud risk.

Agree approach 6 months. Implement 6-18 months.

Telecommunications providers will report to HMG and other stakeholders on their activities in support of this charter after 6 months, 1 year and 2 years.

Signatories

This voluntary charter is supported by:

  • BT
  • EE
  • Sky
  • TalkTalk
  • Three
  • Tesco Mobile
  • Virgin Media & O2
  • Vodafone