Back in the day, when we began researching VoIP Fraud, we found the data told its own story. We began collecting data but it left breadcrumbs which, when followed, lead to pretty blatant and clumsy behaviour. Our research was sought after by the largest carriers in the world and our controls were shaped by it.
As we get further into taking a far more aggressive stance on nuisance calls, I’m getting very nostalgic vibes. If our data can lead to us having the best nuisance call controls in the industry (not a high bar and we’re likely already there!) or inform the Regulator who the real enablers of this traffic are, to cut the head off the snake as it were, that’ll be a great result for consumers.
It is early days but we have blocked a LOT of calls, in all directions. Our customers, across the board, have been shielded from tens of thousands of calls per day although that will increase by an order of magnitude next week when we resume blocking un-dialable numbers. We’ve also blocked a large number of outgoing calls from our customers. Overall we’re blocking about 1% of the traffic on the network so far, but the tolerances are pretty loose so far. As we crank things up, that will increase. However, even if we blocked just one call and never achieved more, I like to think that is one relative of yours or mine who is not being defrauded of money or harassed with borderline-legal sales tactics. If that was all we achieved, it’d be a massive win, so I’m really pleased that it isn’t just one, it is hundreds of thousands and will increase more.
If you use Simwood numbers, or we host your number ranges, or if you route traffic over us using BYoC, we’d be fascinated to hear whether your customers have noticed a difference. To a large extent one never knows what hasn’t happened in the moment, but some while later might realise how much things have improved. For those who have ported to us and seen a sudden change, the difference might be more stark, or indeed for those who have ported away where we have to disable filters in order to deliver all traffic to the gaining operator. I think there’s a real point of differentiation here for you and your customers and it is one you might want to make some mileage out of because nobody else is complying with Ofcom’s rules as far as we can tell, let alone going further to protect customers. By working with us, you are, and your customers deserve to know you care.
The data shows some really interesting early signs. We all know, and reasonably expect, that the supply chains for this traffic are quite deep. Our KYC and internal controls make me very confident that we do not have a direct relationship with a, heck lets say it, criminal entity. But we do know and have cautioned our customers repeatedly that those guys are desperate to find a home for traffic. It may be approaching a good customer with a view to blending in some questionable traffic – their established account and reputation with us or another carrier being an asset that enables this. It might simply be that they sign up to your retail service directly, or possibly repeatedly, and those of you out there who do not restrict the CLI a retail user can set are directly encouraging this. However, I hadn’t appreciated the extent to which this was all of the above, simultaneously. It isn’t as if nuisance calls are absent and then appear as a deluge on a single account. No, they are both continuous and to some degree omnipresent. Let me explain.
If we take a given blocked call from number A to number B, that isn’t an isolated event. We’ll see that call attempt come in several times (as it is blocked) from the originating carrier (some more than others as we’ll get to), as it presumably falls through numerous of their customers or direct accounts. We’ll also see the same call on numerous of our customer’s accounts as well. This illustrates a remarkable level of preparation and breadth of supply. During nearly 30 years of saying ‘no’ to prospective customers who felt dodgy, I’d always assumed they were looking for a single or couple of relationships, perhaps because one of their previous relationships had been terminated. This was naive and the data tells me that they are farming, in order to get as many route options in place as possible, recognising that any of them could fail at any time, be it a single blocked call or account termination. Our customers should remain vigilant as to not be part of this mix.
Beyond KYC and gut feel, this isn’t always obvious in the traffic either. We’ve identified soon-to-be former accounts where they send a very low level of traffic, and it looks like we’re their backup to another carrier because of the high proportion of failed calls. However, now we’re identifying and blocking the nuisance traffic it is more obvious – we are secondary to another carrier but we’re now blocking far more traffic than ever completes. Whether they are the source and have accounts with several other carriers, and indeed customers of ours, or whether they are simply a link in the chain isn’t obvious. It is likely all of the above – they have multiple routes for redundancy as does every level above them. It just seems people are prepared to invest in far more redundancy for these nuisance calls than we typically see for what should be day-to-day legitimate calls.
I’ve also developed a new love for Sankey charts! Being able to visualise, as we do now in our reporting, problem CLIs blocked spanning dozens of customer accounts, or indeed multiple of our accounts blocked trying to present the same CLI is really really insightful.
And what of the carriers? Well that is where it gets more interesting and, rather like our previous testing of who was doing the bare minimum, we really hope our Regulator will be sufficiently interested to demand that we share data with them. We’d willingly give it but running to teacher feels a bit odd and our lawyers are twitchy at the prospect. So what is in there? Well, firstly, we need to caveat we haven’t been doing this long so don’t have years of smoking guns, and the picture may change, but there are early signs. For the purpose of this analysis we’re stripping out ported numbers as it’d be wrong to blame someone as a source of traffic, when they’re actually the destination and just forwarding on; we’re considering calls over direct Simwood interconnects to our ranges and those hosted for our customers.
For years, I have privately suspected that the main sewer outlet for this stuff is a certain incumbent’s global unit, their on-shore IP service being a close second. That appears to be borne out but only to the level of their market share. It shows they could do a lot more (read: something) to combat the problem but are not the king-pin in this particular story. No doubt, if we could see traffic by their underlying customers there’d be some outliers but overall it follows market share. Others, with large market share, show a low level of problem traffic over their direct interconnects with us. Is this because they’re fully compliant and going above and beyond to protect consumers? I doubt it. Is it because they major in large enterprises and your typical smaller operator couldn’t get an account in the first place? More likely. Then there’s our more comparable/accessible peers. Mostly they follow market share, suggesting they could do a lot more (still read: something) with one notable exception. They manage to send an absolute volume of blocked calls 21% in excess of the incumbent at the time of writing! We know they’d run to teacher if the roles were reversed, and if history repeats they’ll respond to our recent posts with a newsletter virtue signalling how much they care about nuisance calls and are doing all they “are able to” to block them. This duplicity irritates me to no end, but that’s for another day.
This leads me down an interesting thought path though (and Pete wants me to point out this is just a thought path, not policy – reasons he says he’ll explain in a follow up blog at some point)… When STIR/SHAKEN first came in in the USA, I suggested it could be used for reputation scoring. If a given operator originates loads of rubbish traffic, demonstrating lax KYC or malintent, might their A-attestation have lower credibility than a C-attestation from someone more diligent? We need more data but early signs are there is something in this here. If traffic overall coming from a given operator, or for a particular Range Holder, is 130x more likely to be nuisance/criminal on a normalised basis, should we assume that a given call from them has a higher probability of being rogue, regardless of other indicators? I think so and one of the beauties of capitalism is that doing so, or even publishing a league table, would force them to up their game because otherwise who sensible would place legitimate termination with an operator more likely to be blocked, and who would host number ranges on an operator with a dirty reputation? Conversely, should those networks who have demonstrated excellent KYC be given more benefit of the doubt? Probably. We see this in the ISP world with weekly bulletins of which networks have been detected up to no good, be it due to fat fingers or not caring, and it keeps people on their toes. Similarly, Ofcom publishes retail complaints data which informs consumers who more deserves their trust. This use case isn’t nearly as objective as those examples, because it starts with us defining a call as good or bad and we’re going to do that differently to other networks, if and when they ever get to trying. Nevertheless, as the only people with this data right now, even if someone makes an effort just to disprove us, that’s a win for consumers.
I genuinely hope your customers are noticing an improvement. If you’re not on Simwood yet, do speak to us about hosting your ranges, porting numbers in, or even leaving them where they are and making use of our BYoC service to get filtering on your calls.
