Report: Number portability fraud risk
April 12, 2023
By Colin Mann
With UK comms regulator Ofcom proposing an enforcement programme, following delays in implementing a broadband provider switching scheme, a report from analyst firm Omnisperience suggests that a revamp of the UK’s number porting process, which allows customers to change service provider without having to change their number, is critical to curbing both fraud and cyber crime.
With fraud costing the UK economy more than £137 billion (€156bn) each year, it’s imperative that the telecoms industry plays its part in reducing the opportunity for fraud, according to Omnisperience. The report analyses how the UK telecoms industry is inadvertently fuelling fraud as a result of its use of an outdated, inefficient and vulnerable number porting process.
The Omnisperience report, UK Digital Fraud: There’s a gap in the UK digital infrastructure and it’s letting fraud in, comes on the heels of the Fighting Fraud: Breaking the Chain report, published by The House of Lords in November 2022.
This revealed that fraud is the most commonly experienced crime in the UK, accounting for 41 per cent of crimes against the individual, with an alarming 25 per cent increase in fraud since the Covid-19 pandemic. One of the main reasons for this is increased digitalisation, with 80 per cent of frauds now cyber-enabled according to the UK’s national reporting centre for fraud and cyber-crime, Action Fraud.
Since mobile phones have become the de facto digital ID – used to access and pay for an ever-increasing range of services – and a critical component of online security, it’s not surprising that criminals are targeting mobile devices. While banks, retailers and telecoms firms are doing everything they can to minimise fraud, Omnisperience’s report points to a major security gap that has been overlooked and is ‘letting the fraud into the UK’s digital infrastructure’.
“While the UK telecoms industry has worked hard at securing SIM cards, applications, handsets and data, hidden in plain sight is a risk that’s largely been overlooked – the security of the phone number itself,” says the report’s author Teresa Cottam, Chief Analyst, Omnisperience.
According to Cottam, number porting is essential for a healthy competitive market because it allows customers to change service provider without having to change their number. “Unfortunately, the UK’s existing number portability process is antiquated and vulnerable because it was built for a very different era – long before cybercrime existed at this scale,” she notes.
The UK’s number porting process, which was implemented in 1997, was designed to allow customers to shift service provider as easily as possible. But what’s easy for customers is also easy for fraudsters to target and exploit. “Criminals probe for vulnerabilities and the UK’s number porting process is a huge and overlooked vulnerability – exactly what criminals like to exploit,” says Cottam. “And yet it is something that could quickly and easily be addressed.”
The report, available on Omnisperience’s website, found most other countries have already updated their number portability process to one based on a central database of ported numbers. This increases efficiency, helps make the process more secure, and enables telcos and banks to work together to shut down fraud before it impacts customers.
“The UK is well behind its competitors,” states Cottam. “It’s been delaying replacing this process for over 15 years and it has run out of time. The current process is no longer fit for purpose and is impeding the growth of the digital economy, undermining customers’ digital confidence, and exposing everyone – customers, telecoms service providers, financial institutions and the wider economy – to a huge range of risks.”
According to Omnisperience, collaboration is key to ensuring a replacement solution meets the needs of all stakeholders, warning that either the industry acts immediately, or UK political leaders need to mandate a deadline for action and that delays will continue to cost the economy untold millions in fraud for absolutely no good reason and undermine confidence in the UK’s digital economy.