Refiling has become a scourge on the telecoms industry, effectively serving as a tax paid by honest telcos to crooks, before it is passed on to consumers through higher charges overall. However, governments and law enforcement agencies pay no attention to this crime because of the mistaken belief that telcos who systematically cheat other telcos can sustainably lower prices paid by consumers. The authorities take no interest in refiling despite it being another version of the CLI spoofing that is now used by scammers to trick consumers. The failure to act in one domain has spilled over into a much worse societal problem because organized crime is indifferent to whether CLI manipulation is used to enable theft from businesses or from ordinary people. It has been left to telcos to counter this lawlessness, but there are techniques and technologies that can be used to detect and prevent refiling. Arnd Baranowski, CEO of Oculeus, joins us to explain the options available to honest telcos.
Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.
Transcript (auto-generated)
Hi, my name is Eric Priezkalns and you're watching The Communications Risk Show. Every Wednesday, we talk live about the risks faced by communications providers and their customers with the help of expert guests from around the world. The programme is streamed live so you can ask questions and contribute your insights too. You can send a message to us at any time during the show by typing into the window immediately beneath the live stream at tv.comsrisk.com. Messages are anonymous, so add your name to the message if you want me to read it out. The show is also streamed live to LinkedIn. We'll keep an eye on any comments left over there. I'll share as many of your questions and comments as time allows. Now, today we'll be discussing refiling fraud, the practice of manipulating CLI data to cheat carriers into charging a lower price for the traffic they carry. It is a crime that has been almost completely ignored by law enforcement agencies worldwide. Though their lack of foresight means criminals have adapted the techniques used to manipulate CLIs, so now also used to scam ordinary people too. So to honest telcos to carry all the burden in fighting these crimes, but where are those tools and techniques that can help them to defeat refiling? We'll be talking about that with our guest today, Arnd Baranowski, CEO of Oculeus. Oculeus are the sponsors of today's episode. But first, let's talk about some recent industry news from our co-presenters, Ed Finegold and Lee Scargall. Ed comes to us from Chicago where he's an industry analyst, widely published author and a strategic advisor to tech and telecoms businesses. Lee comes to us from Bahrain. He's an executive and consultant who's managed risk on behalf of comms providers in the Middle East, Europe, Caribbean and Asia. Hello, Ed. Hello, Lee. Great to have you on the show again. Looking forward as always to our weekly conversation. Now last week, comms risk report figures from a little known transparency report. I say that with a slight mocking tone because no one seems to have seen this report and very few people were able to interpret this report. A little known transparency report published by the US Federal Communications Commission at the end of September. Now this report shows which potentially illegal robocalls had been traced by the Industry Traceback Group, a US business consortium given the monopoly for tracing calls on behalf of federal and state agencies, which calls they traced from the beginning of April to the end of June. Now some fascinating data, if you mine into it, seems about 20%, slightly more than 20% of the calls traced by the consortium were ultimately judged to be legal. So the details of those calls have all been omitted from the report. Of the 844 calls still listed in the report that quarter, 33%, which is about 4%, originated with Deutsche Telekom, the German incumbent operator which used to be still state-owned and is still 13.8% owned by Germany's federal government. That's more calls traced to Deutsche Telekom than to any other major telco, including Twilio, although Twilio came a close second with 32 calls traced to them. And to put it into an international perspective, the next highest major operator outside the US to be identified as the origin of scam calls, just three for Orange. So this transparency report, a bit of a misnomer. However, the limited descriptions given for the calls traced to Deutsche Telekom suggest they were all scam calls. Several use the label which indicate recipients replied messages that wArndd their utilities would be cut off within 30 minutes unless they made an immediate payment. This is a well-known type of scam. Others use labels suggesting the call was designed to impersonate calls from Verizon. Lee, my question for you. Am I jumping to conclusions when I question if Deutsche Telekom has a bigger problem with facilitating illegal robocalls that terminate in the USA, when far more of the traces show calls originating in their network compared to the tiny number of traces that went to other networks outside of the USA? Well, this one's a tricky one, Eric, right? Because I've had a look at that report and I'm not actually sure you can actually deduce anything from it, right? If I'm being honest. You even said yourself it was a bit of a misnomer, right? And even the FCC themselves, they actually caution and they say, you know, these labelled calls that might not even be illegal, right? So what is the actual purpose of this call, right? And also as well, it just represents a sample of the calls. It's not all of the calls. So again, like I say, I would feel very difficult trying to be able to draw any conclusions from that. Spoken like a professional, still in a proper serious job in the telco there, sitting a bit on the fence. Look, the FCC can't have their cake and eat it. It's either a transparency report or not. It's either telling us something or not. Either the industry traceback group is doing a fantastic job tracking down all the criminals and hunting down all the baddies and getting all the worst agents in the world out of the system, or they're not. Or they're not doing that. It can't be the case that on the one hand, we say all the baddies are being tracked down because there's cleverness and the laws and the FCC and the traceback group. And on the other hand, we don't know if they're illegal or not. We can't form any conclusion about anything. We don't know what's going on. Either you're doing the work or you're not. Ed, I'm going to bring you in here too. Come on, Ed. Is it a problem here that the FCC don't have the guts to talk straight to the public about either their own ineptness in enforcing the rules or drawing a straightforward conclusion? Twilio, they got threatened with disconnection. And yet 33 times calls were traced to Twilio. No one's suggesting Deutsche Telekom is going to be disconnected. And yet they're getting more traces back to Deutsche Telekom than to Twilio. There's some inconsistency here, is there not? Well, sorry. When you say Deutsche Telekom, you mean T-Mobile US. Is that correct? No. No, T-Mobile was separately listed. So Deutsche Telekom, as in an international operator, was identified as the source of cause. Yeah. I mean, if what you're talking about is like, once again, like the unevenness, right? The way that all of this is, I don't know, adjudicated, and then the way that penalties are or aren't handed out. I mean, we keep seeing these examples of this inconsistency. And so, you know, I think before the show or in the notes, and maybe you asked it this way, but there's sort of this insinuation that there's an inside baseball, as we call it in the States, relationship between, let's say, the DOJ, the FCC, and or the FCC and Deutsche Telekom, right? And all of this. And I think you were talking to about the fact that their ownership position in T-Mobile, things we've seen T-Mobile do and or get away with, which is why I brought that up. So yeah, there's a lot that's intertwined there. And I want to be careful because I don't know enough, right? I don't have enough facts in front of me. And I don't want to accidentally accuse someone of being part of some criminal conspiracy in other corporations. That's not what I'm out to do here. But I do think that we have a lot of two things. One, what do we know? One, that there's inconsistency in the way these things are applied. And two, that, yeah, like in the case that you showed, that the smaller guy tends to be smacked down more than the big guy that's got a lot of different things on the table, right? That aren't just robocalling fines. There's a lot of other stuff that's going on that they may be negotiating with the FCC and the DOJ and who pays what fine to the Treasury. So I imagine that there's a fair amount of that going on in the background, which then on this, sorry, on the surface looks as shady as it probably is. I mean, let's just examine the facts here. Germany's biggest operator, Germany, a vital ally to the USA. Germany's biggest operator, formerly completely owned by the state, now still partly owned by the state. A big employer, an important company, lots of lobbying that they should reduce the amount they purchase from Huawei, not always entirely successful lobbying. What is the likelihood that the US regulator for all their big talk about foreign baddies being responsible for scam calls would do a single thing to Deutsche Telekom? They don't even want to mention it. They don't even want to say it out loud that Deutsche Telekom might be the source of scam calls because they know they're powerless to act. So for all the posturing about cutting people off and this, that and the other, they're powerless to act when you have a big, powerful company in a big, powerful country that also, by the way, as you pointed out, Ed, is the majority shareholder of one of the three big mobile network operators in the USA. They're powerless to act. That's the truth of it, isn't it? Well, I'll tell you what, there's actually a funny flip side to that coin because I don't disagree that they're powerless to act, but if they had the power to act, would they? I think part of this, and I've had conversations with a couple of people about this is, gosh, you know, God forbid someone's forced to do their job. I mean, that's not, it's a lot easier to put out that nice press release that says, look, we're doing something. Look at all this data and then, well, the data, the data's data, right? It's a lot easier to do that than to, you know, face down the nest of relationships with Deutsche Telekom and the US government, right? They're not going to do anything no matter how many cars originate on Deutsche Telekom. But here's the rub, here's the rub, the news, since we even prepared the notes for this week's show, the remarkable news, which, which nobody will have picked up on apart from a freak like me who reads these things carefully, is that big press release from the FCC, 20 companies been wArndd that they're going to be kicked off the robocall mitigation database. And if you're kicked off the robocall mitigation database, people aren't allowed to connect with you anymore. So big, big warning, big stick being waved around. And nobody seems to have noticed that one of these companies that's going to get kicked off is the second mobile operator in Saudi Arabia. So on the one hand, you've got all these cars being traced back to Deutsche Telekom and nothing's done about it. And yet somebody in Saudi Arabia hasn't filed the right paperwork and they're supposedly going to be disconnected. Although what does that even mean, Lee? How can you disconnect a mobile network operator in the Middle East, which presumably has no interconnection with the USA anyway? I mean, is this just paperwork gone insane? Well, yeah, I mean, just thinking about this, what you've just mentioned there is, I mean, there's quite a lot of US servicemen who are based in Saudi, right? There's quite a few based in Bahrain as well. So I really don't think this is a smart idea, chopping off the second largest operator in Saudi. But to go back to just to follow on from what you were just saying there about the FCC and Deutsche Telekom, do the FCC, do the US government really care? Because you know, as far as I'm concerned, the NSA, they used to hack Angela Merkel anyway, whether Deutsche Telekom knew about it or not, right? Well, I mean, I think there's a difference, isn't there? The American regulators and American politicians care very, very, very, very, very, very, very, very, very, very much indeed about things that hurt American voters. And the rest of the world can, you know, shove off because they're not American voters. And so the irony here is that it's a lot of big talk about foreign telcos, like Mobiley, the number two operator in Saudi Arabia, partly owned by Etisla, an enormous telecoms group, is being threatened with something which is in all reality just theoretical paperwork because there's no actual thing to be disconnected. They probably don't have it. I mean, I might be wrong. Maybe Etisla has some interests or something. I don't know. But I don't really understand what they're being disconnected from here. And yet that threat goes out seemingly because no one can work out what's going on. And yet Deutsche Telekom, it's topping the charts for actual tracing of scam calls. And you don't hear a peep about any enforcement action relating to German-originated scam calls terminating the USA. Why would that not even be a news story? Why wouldn't that be the first international regulator? You go knocking the door and you say to the German regulator, hello, we need to have a conversation here because we're tracing scam calls back to your country, whether you blame Deutsche Telekom or not. Obviously, the call originated in Germany, or at the very least passed through Germany, and it's been incorrectly attributed to a German operator. We've got a complete double standard here, have we not, Ed? Ed, I'm going to pick on you. There's a terrible double standard, is there not? Or am I again in the wrong? You're pretty fired up about this issue. I'll give you that. Yeah, no, I mean, of course there is. And I'm just thinking about the bigger issue of two things. One, obviously, the illegal scam calls. Two, you mentioned when you started that there was a whole aspect of the report the FCC put out that had something to do with the legal nuisance calls, more or less. So we're still kind of stuck in that lane of sorting those two things out. That's where we started this discussion from. So now let's get back in the lane of the things that we know are illegal scam calls. And we're tying them back to one source, and we know what that source is, and we don't take action to cut off that source. But we do make a lot of noise to scare people into thinking that there's millions of actors all the time out there that are coming after you, right? That's what we see. So I don't really know what the end goal of that narrative or that just misinforming narrative is. But I do know that what we tried to do on this show and others in this community have been trying to do is say, hey, this is a small number of actors we ought to stop. And we still are just not seeing any action at all like that. And so I'm going to put this, I'm not trying to neutralize this by putting this in that bucket. I'm trying to use this as a really big example of that, where it's, yes, in fact, there isn't enforcement. And so I don't know if there's been a discussion that happened very diplomatically somewhere, and someone then came out and said, yeah, we talked to them about it. And maybe that's where it gets brushed under the rug, that sort of thing. Oh, sure, we talk about it in our quarterly meeting. It's on the agenda. It might be there, and that's the cover-up. But the point is action hasn't been taken. And to your point, for all the sort of arm-flapping about, hey, we're going to cut you off, like, well, there's been, like you said, not even a threat here of cutting off as part of the scale-up of, like, let's have a discussion of first we start with a reduction. There has to be action. There needs to be some kind of public statement about this. And then we get to where we cut you off. And those are the stages you go through. And that's not laid out either, right? So there's a lot of really weird, incongruous things about all of this that amounts to the same thing you're talking about, which is that the major offender has a lot of stake in whatever is going on in the US and isn't punished for it. And that's what we know. That's what we know, right? Yeah. So, yeah. I'm going to read out a comment here from somebody who's watching the show today, but has previously been on the show. Sarah Delphi chips in to say, important to note, many tracebacks are performed on groups of example calls associated with the same calling campaign at once, where you see multiple calls for the same date with similar details. It's not necessarily fair to count those as multiple separate fraud schemes. Great point. Great point, Sarah. Though, I would say, go look at the transparency report, because actually what's interesting about the Dota Telecom one is, say, in contrast to Twilio, who were threatened with being disconnected, there's actually quite a few different reason codes put against the various calls, all traced back to Dota Telecom, suggesting that there's multiple scams have been originating with Dota Telecom and terminating the USA. So, I would argue that's even more reason to be getting heads up about Dota Telecom. It's not one big campaign. It's several campaigns that's been traced back to Dota Telecom, apparently. But enough of me being mean to Dota Telecom. I'm more mean to the FCC, because I'm sure Dota Telecom is doing a good job. Everyone says they're doing a good job. And invariably, I'm just curious to see what happens with these calls that are traced back to them. Enough of me mocking everybody in the industry. Let's take a nice, calm, reflective ad break with our interesting fact of the week, provided by our series sponsors, Symmetry Solutions and their fraud intelligence team. Now, there is a major update of the PRISM database every fortnight. The most recent update to the PRISM database added 202,793 new telephone numbers associated with fraud. This compares to the 119,112 numbers that were added two weeks earlier. PRISM is being continuously updated with new numbers being added and old numbers being removed. That means you need to constantly update your watch lists to keep pace with the numbers being exploited by criminals. Learn more by contacting Symmetry Solutions. You will find their website at symmetrysolutions.co.uk. Now, back to the topical affairs. And if you thought that I threw in a hand grenade in our first segment talking about Dota Telecom and scam calls, I can't stop myself, guys. Shout me down if you need to shout me down. I was reading a light reading article this week, and it beautifully, but unintentionally, juxtaposed the twin reasons why the GSMA may not be acting in the best interests of Western countries. So, the GSM Association, we all know them. We've all been involved in them at some level. I always get quoted, I always like a very sincere and perhaps slightly pompous organization. Certainly big, there's no argument about that. On the one side, the GSMA Director General, Matt Skinner, fronted yet another Huawei event, this time speaking alongside Huawei Rotating Chairman, Hu Hukun, at Huawei's Global Mobile Broadband Forum. I say they were alongside each other, it's mostly a virtual event, they're normally held in Dubai. You can go see the video still online if you're interested. From the DECO event, It's very obvious that Grignard was speaking from GSMA's head office in London. It's not unusual for the GSMA to be heavily involved in the promotion of Huawei. In fact, Grignard spoke alongside Hu Hekan a few years ago at the opening of Huawei's Global Cyber Security and Privacy Protection Transparency Center in Dongguan, China, in 2021. And decide for yourself whether you're going to take that title seriously or not. And that was, of course, a time when China was lobbying very hard to make sure their 5G network technology wasn't being banned from Western countries, not with great success. Now, it seems to me, and chip in here, guys, if you disagree with me, it seems to me incredibly incongruous that the GSMA, based in London, UK, that's where the headquarters are, is so closely linked to Huawei, a company that we know has got close ties to the Chinese government. And yet, at the same time, Britain's Intelligence and Security Committee of the UK Parliament has openly wArndd that China has, in their words, penetrated every sector of the British economy. The UK government responded to the Parliamentary Committee last month, stating it recognises that China recruitment schemes have tried to headhunt British and allied nationals in key positions and with sensitive knowledge and experience, including from government, military, industry and wider society. So the GSMA, I would say, is pushing our luck by associating ourselves with a contentious Chinese supplier that used to be able to sell to UK networks. It's now fallen out of favour after damning Huawei Cyber Security Evaluation Centre report a few years ago, though there's been no reports issued since, none made public since. And yet, at the same time, the GSMA is pushing, buy Huawei, buy Huawei, buy Huawei. They're openly lobbying for what they call fair share, which you as an American, Ed, should get very upset about. Fair share basically means dilute net neutrality in Europe to demand big subsidies from US internet platforms. So put the two together, the GSMA wants big subsidies from US companies so that European companies can spend it on buying from Chinese companies. Ed, am I balmy for pointing out the absurdity of proposals that Americans should feed money into Chinese pockets via European telcos? Or am I wrong? Is the GSMA right that this is actually the best way to do business all round? Oh, maybe neither, I want to say. Are you barmy? Sure. Yeah, I'll agree with that. So I think sort of a simpler way to sum this up, we actually discussed before the show and it helped me get my thoughts in order on this a little bit. So one is that the landscape changed, right? We talked about this, that the business relationships, which are deeply intertwined here, were formed before the current set of geopolitical issues in the world had kind of shifted to where they are. So that I think the issues, the national security, I mean, the national security issues with Huawei have been on the radar for quite a while now, probably close to 10 years, I want to say, really like since the beginning of the whole 5G discussion. But this goes back prior to that. This probably goes back more like 20 years or more of these business relationships. And at least in my experience, when I started seeing Huawei get a lot more serious, let's say, and a lot more present at industry events and what have you, like from a marketing point of view. So I think some of those business relationships which grow over time and become kind of like how some organizations like GSMA will grow, they transcend that shift in the geopolitical landscape. But at the same time, right, what's happening here that you're observing is, yeah, the money is being followed. And without a doubt, Huawei has spent, and you can see this publicly, they've spent an enormous amount on marketing in the industry, on white papers, research reports from every analyst shop that I've seen, obviously having a huge presence at things like World Congress and other events like that, right? They've made huge, huge investments all over the place. So I think to an extent, the ecosystem is kind of dependent on them right now. So it creates this precarious position that you're talking about, right? And so, yes, I can see how from your point of view, right, you're insisting, and probably rightly, that the national security aspects of this need to be taken into consideration a lot more, especially in an organization like GSMA, and kind of say, hey, what are you guys going to do about that? I think that's a legitimate question to ask them, right? Absolutely legitimate question, like given the landscape's change. But it doesn't surprise me that we've ended up here. And I don't think that, obviously, Huawei's aggressive marketing is not an accident. They're marketing their brand very aggressively. Why they're doing that is probably a separate show. But that's what's happening, right? Thank you. I think that's great insight there. Thank you for that. Lee, let's bring you in here. I know you like to sit on the fence whilst I'm the provocateur, so I'll give you an easier question, okay? Whether you agree or disagree in this case about there being a problem, nevertheless, there is the emergence of a Cold War, China on one side, Russia perhaps on the same side too, the Western countries, the US, and to some extent Europe, although there's some divisions within Europe too, on the other side. There is the emergence of a Cold War. There is the emergence of a conflict in terms of national security priorities. Is the GSMA capable of reforming itself in order to cope with the conflicts that that creates? Difficult one, Eric. I mean, do you want me to agree with you or do you want me to disagree with you? It's a yes-no question, so yes or no. Can they or can't they reform themselves to cope with – we're not living the internationalist dream where everybody gets along and free markets open up and we go into the future together in peaceful coexistence and then explore space. That's not what's happening in the world. I don't know if you noticed, Lee, there's plenty of wars going on. We're not living the internationalist peaceful dream. So communications networks, national security, it's crucial. Can the GSMA cope with the national security paradox here? But why can't China have a piece of the GSMA? Why can't they? I mean, it has the world's largest population of 1.4 billion people. It's the second largest economy of $17 trillion. It's got Huawei. It's the largest telecoms equipment manufacturer in the world. Also the second largest handset sales after Samsung. Three of the top five mobile operators, the world's largest, are in China. So you've got China Mobile, you've got China Telecom, China Unicom. You look at Huawei, they have the highest number of patents in 5G, and they're leading research in quantum and 6G, and they operate in 170 worlds. So why can't China have a bit of the GSMA? I think that's a robust response, but it's not a response to the question that I asked. I mean, I think it's a great response, Lee, but it's not a question I asked. Can the GSMA reform itself to cope with the contradictions here? That's my question. The contradictions between they're going to deliver security to the level that everybody expects when different expectations are to be had in different parts of the world, and the security expectations are actually in conflict. The question is, do they need to reform? Yes, they do. Yes, clearly they do. That was implied by the question. But you can argue against it if you think it's all fine. If you think it's fine to have somebody with a plummy English accent at the start of every GSMA meeting saying, I am a plummy English guy, and you would never know, apart from the fact that I'm telling you I represent Huawei, who are a lovely, lovely Chinese company who really care about your security here in England. And I can tell you that because they're paying me a lot of money to say it. I mean, I can't be the only one who's noticing that this is like a good tactic if you want to pull the wool over his... Go on, Ed. Eric, do we need to put national security labels on technology? You have the warning labels for explicit lyrics on music. Do you have to do the same thing here? It's like, hey, yes, I'm up here and I'm selling you this lovely technology, but there's a label on it that says, warning, national security risk. Is that where this is heading? I think misinformation. I'm happy to sell you cigarettes, but they're going to have a picture of a dead baby. It's kind of like a lot of times those weird scenarios get solved. Misinformation. I'm going to keep selling you this, but yeah, I'll put a label on it. Let's not call it a national security label. Let's call it a misinformation label. Or let's put a vested interest label on it. Okay, when the guy with the plummy English accent turns up and he starts saying, I'm from Huawei, okay, straight away, it's not hard for me to work out I should be suspicious here. But at the same time, how much is the actual quality of the input from these people being vetted to determine whether it's objective insight, objective information, they're pursuing a common goal, and how much are they manipulating standards in order to secure the right outcome for their paymasters? It's difficult as now. I don't know. And I would call myself an industry insider. So how can a member of the public possibly know? And I don't think many politicians probably understand. So we do need more of the so-called transparency we have in this industry. But unfortunately, associations like GSMA are not going to deliver that transparency because they will dance to the tune of the companies who pay the most to the piper. So we need somebody who's somewhat- I was going to say, I think some of that problem actually is going to solve itself. Not that the actions shouldn't be taken that you're talking about. I think some of the problems are going to solve itself because if the telecom industry and various organizations continue to be that insular and not looking at embracing the reality of what's happening from the network as a platform, as a series of networks you have that make a platform, it's not a bunch of silos, all of those kinds of things that are leaning in that cloud direction, leaning in the hyperscale direction. We've been hollering about this for years. If you're not going to get on board with that and you want to continue manipulating in another way that's counter to that, it will catch up with you. The technology evolution is going that way. So there is the opportunity here where you're seeing people spend billions and billions of dollars to create standards that may not work and to sell the heck out of it and end up with a lot of stuff like with ATM, warehouses full of boxes that don't go anywhere. That is a possible outcome here. But this is the irony, isn't it? This is the irony. We've got the GSMA openly saying, let's go get money from Amazon, let's go get money from Google, let's get money from those American companies and give it to our good, decent European telcos. They're picking sides in the fight. They're not completely neutral by any stretch of the imagination. And then they want to give the money to these companies and at the same time they're saying, go buy Chinese tech. If I was an American taxpayer, I might be saying to the American government, why is the American government neutral to the GSMA? Instead of flying over to GSMA events, maybe the GSMA is hostile to American interests now because they want money from American businesses. They want to take it out of American pockets. And they're at the same time advocating spending in China, which is clearly contrary to American policy right now. And that's the thing we can't just sit on the fence. This is what I'm saying, Lee. You can't sit on the fence this anymore. This is an issue where you have to pick a side. Look, it'll get resolved at the national level. It'll be a government decision at the end of the day, like we've seen in the UK, we've seen in Germany. That specific thing about national security will be resolved at the national level. I think you're dead wrong. If you ever look at the history of what's happened at national level, there's plenty of things still going on in the world today about national security mistakes made 60, 70 years ago. We're still rumbling on with the consequences now. But let's have another ad break. As much as I enjoy this conversation, it's time for another ad break. And this is a sponsored feature from our friends at OneRoute, the experts in co-authentication, fraud prevention, and geolocation. Each week we're taken on a journey via the phones in our pockets. So here's Alyssa Giles at OneRoute, and she's going to take us on a trip to Argentina. Roll VT. Hi, everybody. From OneRoute, I'm Alyssa Giles, and this is The World in Your Phone. Let's talk about Argentina. Argentina is the second largest country in South America, and it's famous for the sport football, its quality wine, love for tango, delicious food, and world-renowned landmarks. Did you know that in May 2023, Argentina's national communications agency authorized Project Kuiper, the low-Earth-orbit satellite broadband venture that's being developed by the U.S. web giant Amazon. Project Kuiper hopes to launch its first satellites in the first half of 2024 and will commence testing shortly after. A few other fun facts I found about Argentina are that the government officials banned parents from naming their children Messi in the football star Lionel Messi's hometown. Argentina actually produced the world's first animated feature film in 1917. Argentina is also home to the world's highest and lowest points of the Southern Hemisphere. Many restaurants in Argentina take a break in service from 4 p.m. to 9 p.m. before reopening for dinner time. Argentina actually had the world's first female president serving from 1974 to 1976. Be sure to subscribe to OneRoute on YouTube where you can catch up on the world on your phone and watch OneRoute Roundup, the show that spotlights individuals and companies making a positive difference in the telecom industry. I'll leave you with one last fun fact I found about Argentina. When the national football team plays in important games, classes are canceled in schools and universities so that students don't miss out on the matches. Now, Eric, back to you in more of your awesome communications risk show. Now let's welcome today's expert contributor. Live from Germany, we're joined by Arnd Baranowski. Arnd is the CEO of Oculus, a supplier to telcos all around the world with a particular specialism in using cutting edge technology to stop fraud before it even begins. Oculus are also the sponsors of today's show. Hello, Arnd. It's great to have you back on the show. I hope you've been enjoying the chat so far. And you know that we're always keen to have you back on the show sharing your insights. So let's get straight into this topic, refiling. For those people who are watching the show who are not so knowledgeable about refiling fraud, can you give a brief summary, a brief overview? What is refiling? Yes. Thanks very much, Eric, first of all, for the show so far. It was very entertaining here and all this. And yes, with regard to refiling, we're talking here about a problem which is persistent in the industry since its beginning and since the beginning of fraud. And it's especially a case or especially a problem since numbers are, let's say, the origination is shown to the one receiving the call. Since then, manipulating the origination is of interest for the ones which want to commit fraud, which want to commit scams here in this case. So when we're talking about refiling, then we're talking about changing of the CLI. And this, of course, can have very different impacts. It can have commercial impacts on the telcos, but it can also have a personal impact on people being scammed, being called and being persuaded into criminal activities here or just simply being fraud. So that's what actually refiling is about when we're talking about refiling. Okay. And you've got customers that you help with in terms of refiling. Does the evidence from your customers suggest the problem is getting worse or better over time? Yes, we have customers where we're supporting, where we're helping them. And over time, the problem got bigger, of course, and it got of bigger significance. And mainly because over time, of course, the telephony behavior is changing, what we all experience here in this case. Number one, the refiling resulted in lots of scams, a lot of fraud attacks, where then customers start to mistrust calls where they don't know the number, where they see a specific number, or where they even are getting sort of moved into wrong activities based on the number which they think they identify. When you get a call and you identify off the number, okay, that might be from police or that might be from an official, of an official service. This just simply implies on the one who was picking up the call that there is someone serious talking here in this case. And what we also seen with regard to refiling, especially here with the EU, non-EU problem, when the European politicians decided to introduce special phone rates on the EU, actually what then happened is that suddenly calls from outside the EU were meant to be rated at a different level, at a different price. And as A numbers can be manipulated very easily, especially since the move towards SIP, then we understood that actually of 90% of inbound international calls, 10% are actually being manipulated, even if you don't properly understand it. And the damage was really significant, which we observed there. And it was depending on the size of operators and this damage could easily end up in the profit an operator does actually in a month. And we know, for example, also for inter-European operators, we have some samples where they have like a community living somewhere and working in a non-EU territory and they do call home. And this is most likely every month, something like 3 million minutes. And if they suddenly disappear, then suddenly this revenue is gone because suddenly it looks like these calls are coming from somewhere else in Europe. And this is one thing which operators really, where they're getting on the fence now and which they try to prevent here in this case. And beyond that, of course, also regulators are getting more and more serious about it because of the scam calls which are happening and because the ability to refile, to change numbers. and to change the origination is just simply a thing which is part of really complex scams, complex frauds and strategies here in this case. And so it is really a question about how to prevent all that stuff. Well, there you go. You asked my next question, Arnd. You asked the question beautifully. What are we supposed to do about it? What are Telco supposed to do about this problem? The number one thing, of course, with the current architecture, the current architecture which we have with the current networks. We have tons of networks around the world which are interconnected. Every operator has its own network and all these networks are interconnected. And these operators have customers. And somewhere then traffic is being injected. And of course, through the line, then this traffic maybe gets manipulated or even already when they're beginning, things are getting manipulated here in this case. The only thing you can do about it is on the, you have to understand actually on the receiving side, what traffic you're normally getting. If you're talking about international calling, of course, it's like you have a, let's say, you have to first get the understanding. Okay, what is the international incoming traffic which we're getting? Once you have that, you can look actually what's actually happening when suddenly this disappears and suddenly it does move away. Normally, international calling runs according to certain patterns similar to like on SIM boxing. You know, you only have international calling, let's say, within families where one party is abroad here in this case, or when they're on holidays coming back, calling back home. Or when we're talking about international business, then also you have only a limited amount of calling here in this case. Of course, call centers are breaking these rules and plenty of call centers are also involved in fraud here in this case, but that's a slightly different story. But you have an understanding about what's normal, what's regular calling. And for example, one thing which we example, which we experienced when we were investigating on three operators, how is this international calling happening? We understood something which we named then disposable numbers. There we understood, okay, there is something you can only understand when you have the complete oversight inside on the traffic. And we understood that of the 10 person of these fraudulent calls, 90% of them were done by numbers which were used only one time. So the spoof number was only used one time, and then this number was thrown away like can here in this case. And this was repetitive and we could tell, and 90% of the damage was done by this. And this is something which you cannot understand easily via behavior analytics. In order to understand that, you have to have actually the traffic of such an operator, receiving operator, you have to have their traffic of the last three to six months. You have to have this. You have to have this live in memory and you have to then actually to see if such a number is showing up only one time and you have to compare with the regular pattern of the one who's receiving the call. So you understand it's actually, it's quite some activity required here in order to really understand whether these numbers have been spoofed or not in this case. And then you have the evidence, but when you have this evidence, then the question is, what do you do then in this case? And because you always have to prove that such a call has been spoofed when you want to make a case, you know. Will the anti-spoofing technologies like Steer, Shake and Def will help in a situation like this to reduce refiling? Steer, Shake and Def has a major shortcoming here in this case. Steer, Shake and Def is something which requires to get to collect a certificate, which is then being handed over via these networks. And the point here is it can only be transported via SIP in this case. And networks, TDM networks remain in place. Why should they disappear? They still serve for the telephony. And then in this case, in this moment, you lose the information, the certificates here in this case. And it's a major shortcoming here in this case. And also something like Steer, Shake and, I mean, it's not very fancy. At the time being, it looked like a good idea, but even at the time being, it was actually known that to go with the latest technology and to not cover the problem of what's happening once it jumps through a TDM network. I mean, that is a problem since its inception, since the beginning, and it has not been resolved so far. So it is similar to like, you look, when you have a Christmas tree, you have 30 lights. And when you turn off 29 lights, you will still see the Christmas tree. And this is a similar effect, which we have here then on the C-Shake and stuff. Still, it leaves space in order to commit fraud. Yeah, in order to commit refiling here. Absolutely. Ed, let's bring you in here. What's your thoughts here in terms of like the use of data analysis here? Yeah, Arend, I find this fascinating. And one of the things I see in my regular beat when I'm covering things like BSS and customer experience, I'm often talking more and more with folks who are involved in data governance side of CSPs and other large enterprises, where that's becoming more of an entity of its own. Sometimes it even has a seat at like the C-level table, right, how data is dealt with and seeing more like data management and data governance practices. And so from an analyst point of view, you want to believe that you're seeing service providers maybe cleaning up the data house a little bit and making it so that applications like what you're doing and others, let's say, that can use behavioral analytics really to the service provider's benefit, right? That can be something that's done more readily, right? As opposed to having to be sort of this data safari first, finding the right piece of data, putting them in the right place, the right kind of architecture to make them accessible and then analyzing them. And so you've been, we've talked before, you've been talking about these analytics concepts a long time. You really know yourself and your domain. I'm wondering if CSPs are starting to catch up a little bit organizationally to be able to feed the kind of process you're talking about more readily than maybe they were able to a year ago, two years ago, five years ago. Yeah, but the point here is why things only happen when things hurt, you know? It only happens when it hurts and when it hurts commercially. Suddenly something is getting up on the priority. As long as it's not hurting commercially and as long as nobody's complaining, virtually nothing is happening. Even if you tell the people and even if they understand, you know, there had been in the past, there had been trends on fraud where we talked, you know, we were talking about something upcoming, a trend of fraud and it took actually 18 months before action activity was taken by the ones being hit, you know, and it's similar here. And like we have this, how long did it take to get steel shaking in place after these first major financial scams in the U.S. with these $300 million damage here on the where actually where someone pretended to be of the U.S. finance account service, I mean, for not having paid taxes and so on. It took really some time when something came in and even then it wasn't the best solution. And even now we have here regulators asking for solutions in order to fight scams here, in order to fight the manipulation of calls, in order to fight refiling and it simply takes time. It's like these companies we're talking about, they are like big ships, you know, it's like when they steer, they swim and to get them to change, it just simply takes time. And as long as it doesn't hurt, as long as they're not getting torpedoed, you know, they just simply continue quite often. And even so, even if the data were already sitting there, it's hard to get an engagement on this, you're saying. Hard to get attention, hard to get understanding and engagement on these kinds of issues. We're talking, I mean, we're talking to a lot of companies, you know, and in order to have this, you need someone who is knowledgeable, who has an understanding for it and who has been in place for it for some time. And the fluctuation, even in the industry, even at these places, I mean, it's pretty high here in this case. And of course, the industry commercially is under pressure. But on the other hand, if we're talking about these problems here, about these refining problems, it's also damaging the reputation of regular telephony and massively damaging. And what we can see, there is a change upcoming and there is a requirement on things. And we have to see where this is going to move to. Lee, I want to bring you in here on this, because I think this comes back to what we were talking about before and joined us for the conversation here. We have a fundamental conflict here with networks only being policed by businesses because the state law enforcement, police agencies, they're just not involved. They're just not engaged with problems like this. They're allowing this to become lawless territory, okay? And as a consequence, as Arnd points out, it's natural, it's normal for a for-profit business to get involved when their profits are being affected, but there's greater consequences later on because it's not just businesses that get affected, it's all of us who get affected by these problems in society as a result of criminality, corruption, getting a hold and organized crime, generating good profits. Now, I'm reminded that last year we had a survey with RAG, the Risk and Assurance Group and the iFreeForum collaborating, and only 4% of international wholesale carriers believe fraud is being prevented or reduced by the work done by law enforcement agencies. Overwhelming majority thought that they were adding no benefit whatsoever in this arena. Does this not come back, Lee, to the problem that we don't have the politicians, the governments, the law enforcement agencies, the police engaged with network crime, especially when they perceive it to be business-to-business network crime, and it's only much later on when it's already too late and it started to affect consumers that they start to take a small interest, it's already too late, they're all set. Yeah, I mean, you've taken the words out of my mouth there, Eric, to be honest with you. I mean, there's no worldwide police force to kind of oversee this and police it. It's just, you know, who's gonna look into it, right? You've got to disagree with me. What are you doing? You were disagreeing with me before. You've got to disagree with me again. We've got the lovely GSMA. We've got the Chinese to keep an eye on these things. China's probably better at policing this than any Western country is, you know? Why are you agreeing with me now? I don't understand, Lee. So the problem you have here, and from my experience, I always find that it's actually group companies. They're the ones who are worst at doing this. So I'm not gonna actually name names here as to who are the worst at doing it. But what you'll find is they will have a direct link between, say, two operating companies. And what they'll normally do is, instead of routing an international call, as they should through an international carrier coming in through an international gateway, what they tend to do is they will strip out that CLI, they'll bang it down their direct connect, which they have between these two operating companies. And then what they'll do is they'll just deliver it through the local interconnect gateway as a local call, right? Now, these are, say, sister-to-sister company, part of a large group company, is they would see that as something like optimal routing, right, or just to reduce their costs. They don't really see that as a crime, right? And I think that that's where the issue starts. Well, I mean, I think it all comes down to pricing. I'm gonna read out a comment here from one of our viewers. Henk van Astra, always a pleasure to have you commenting. Henk, thanks again for watching the show. He's responsible for fraud management, voice fraud management at KPN. I'll summarize your comment, Henk, because it's very detailed, but I think it's an excellent point. The day the EU decided to bill on CLIs, it was a bad mistake to do that. All that's happened is that when you try to trace where is the origin for these messed up, manipulated CLIs, there'll be one or two telcos who will actually help you out. Everybody else is hiding behind the veil of classified information. So we're not able to do any useful investigation work. And as a result, we cannot get rid of this problem anymore. In fact, as Henk says, and I'll quote you directly on this one, billing on CLI is the most stupid thing to do, but hey, you already knew that, but that is what happens when EU politicians want more votes for themselves. And it also comes back to the point about subsidies. Where do you get money from? You're bringing in more money from other countries outside of Europe than inside of Europe, which then feeds into the problem of encouraging a kind of crime, a kind of corruption, which exploits it. But Arnd, there must be other ways we can tackle this problem. Yeah, well, the one way described is looking at the behavior, doing the behavior analytics and building up some systems around it. This is possible. But there's also another way how you can tackle the problem. It's like you have to think about introducing just simply and changing the architecture, which we have in place, because the architecture which we're using was built for billing based on A numbers, for routing based on A numbers here in this case. And actually for routing based on B numbers and not for, and the origination number was just simply for informational use. But we have to think about an architecture, which will just simply, which will just simply erade this ability to manipulate these numbers, these originating numbers, or even at least let's say understand and let us understand and know whether the call which we just received as a receiving operator is legitimate or not. And then this information, irrespective of whether this came in via C7, via SIP or via whatever here in this case, this information then is sufficient with the incoming call to really draw hard conclusions and solve some of the problems. So moving in this direction actually is the only way I can see to overcome this problem. How do you do that technically? Is it some kind of callback procedure? Yeah, I mean, there's different ways. We look through to history, even down at ISDN times, there was a second channel, for example, and there is some stuff where on the second channel, some information was transported here in this case to provide the information, okay, this is from where the call comes and this is about the information here in order to verify and secure. The problem with ISDN was only that this second channel was also open to the clients here in this case. So this could be manipulated as well. So we should look for something which just simply is not available for clients, which is not available here for anybody to manipulate. Maybe a fully independent instance, which allows just simply to understand before calls are happening, what a legitimate call is and what not here in this case, something like that. This should be the direction where things should go. Absolutely brilliant. I'm gonna read out another comment here from the reviewer, Bartok says, cheap international VoIP works exactly like this, local inbound call plus international leg on own or rented VoIP plus local outbound call. Forgive me, I am reading out word for word and it's not a crime as long as it shows the correct originating number. It becomes a crime when it displays a different number, for example, a premium number when it becomes Wangari fraud. I think absolutely right there. Bartok can't argue with that one. Ed, you've got a suggestion for how we might tackle this in a different kind of way. I'm just wondering, because we've spoken so many times about, not just this issue, but other issues where you kind of have this lack of enforcement or lack of reason to track down maybe the handful of crooks that are doing things. And I was reading an article about the guy who did the Silk Road crypto theft, one of the really crypto thefts. And there was this big mystery, right? And it was several billion dollars worth of crypto. And he finally was caught by the US IRS's CI team. And so the article was talking about this, he's really a kid who was living in Athens, Georgia and throwing parties at the University of Georgia and wanted friends. And he was a guy who had worked and done some of the original code on Bitcoin that had done the theft. And so they talked about how they hunted him down and how they tracked him down using really like blockchain forensic tools. And he had made a mistake where he put some money into a wallet that had KYC and had his name on it. And that was ultimately how they found him. But they did the work and they went and they found him. And then the article talked about how the money, look, this kid basically stole all this money from a bunch of crooks who were using Silk Road. So who did he harm? There wasn't really like anyone was standing that he stole it from. And at the end of the day, the IRS, the US government kept an auctioned off that they sold off the Bitcoin and kept the money. And there was a note in there about how they had given some of it to the local police in Athens too. So everybody kind of got a piece of the bounty. So that's my suggestion is like, well, if everybody's after cash and that's what it is, why isn't there a bounty system around this? There's probably more discussion, but I think, I don't know if the economics of it work, but it seems to me that the only way that people get motivated to go shut these things down is if they're gonna get paid for it. And it's a little, I started thinking about this because of what Arnd was saying about the only time people get upset and wanna do anything is because it's hitting their profit, right? And so it's connecting those two dots right at the end of the day. You know, and when you put this in the context of all the ransomware stuff that we see now, right? And how much a ransomware attack costs you versus if you paid a bounty to shut them down, right? Like it almost feels like there's this weird economy forming in this space because there isn't law enforcement. So that's where my mind has been wandering off to in discussing these things, but there's connections between all the stuff we've been discussing. Yeah, maybe here I agree with you that maybe something like this, like introduction of these bounties could help in order to target this. I mean, when we look at police, when we look at police enforcement and when we look at the regulations, of course, telcos are regulated nationally. Regulators are there and they also I mean, they look then at the things which are happening. And if we're talking about fraud, then we're also talking about subsequent fraud. The scam call is not necessarily a fraud here in this case, but then what is going to happen actually then to the ones which are scammed then, which can generate massive damage because we're then talking about old people which where a lot of money has been just simply stolen because of these scams, because of people were being misleaded. And there I see simply a certain responsibility. I also see a responsibility for the industry themselves because this refund is damaging simply their reputation here in this case. And it's something which the industry has to get under control. And if not, it's just simply further damaging the business here and everybody is going to realize it. And like the point here with regard to the commercial damage, I mean, if it's only one call, maybe for someone who is losing a euro or two or something like that, this is not an issue. But it's just simply a matter of the amount. And that's also which may be aggregated over a month, which also then is a point here where the problem is. But the question here is also with regard, I mean, I remember also, Eric, with regard to police enforcement, since I know we're talking about this police enforcement and so on, but I don't see this is going to happen. It is just simply one thing which the industry themselves has to find a way in order to overcome the problems which we have. And if this requires new technology, if this requires some new approaches, then this has to be followed and this has to go forward. Because the other side of the business, the ones which commit the fraud is an industry like our industry here in this case. And very often, or let's say in 99 percent of the cases, this other industry has strong ties into the existing industries. And you cannot tell if someone is telling you, OK, we are not doing it. You don't know whether you can trust them or not. I think this is exactly hitting the nail on the head. There isn't two sides to this. It's impossible to distinguish between the good and the bad actors because they are the same. When one carrier wins, another carrier loses. And we're talking about companies that may have been formerly state-owned, governments still have an interest in them, powerful people connected to them, people with influence. So just expecting a bunch of good people to come along and fix the problem, there won't be a bunch of good people because nobody's on the same side as anybody else. They'll look out for their own interest, their own national interest. And yet, if you can exploit, legally exploit other countries, one would argue that origin-based rating is a way for the European Union countries to legally exploit other countries. And I know that some of the viewers of this show got very upset, the ones in North America, about the way it's been introduced and exploiting and argue it wasn't done in a legal fashion. And yet, you can do things legally and you may do things not so legally. But if no one's enforcing the law, what does it matter what the actual law says? So, Arnd, again, technology. We're kind of like hoping that technology solves the problem. But will it? Can it? Is it sufficient to solve the problem? What is it? What new technology is there that might help telcos to make a step forward? Because we've been talking about technology as a solution and it hasn't been coming as quickly as people would hope. There have been approaches like in the past, which turned out not to be working properly. And one of these approaches is still shaken. And I think when we're talking about these problems, about these approaches, then there was also AB Handshake. But also AB Handshake has massive deficiencies on the technology side because we're talking about a large scale problem. We're talking about a worldwide problem. And when we're talking about that, then we're looking at some technology which has to cover a lot of different points, aspects. The number one thing is, of course, to prevent the refining. The other point is to maintain the privacy. Also, it must be something which is not hackable, which must run in a style that nobody can manipulate it. And this is one thing which you should look at, which has to be addressed. And it's not only that you describe a solution. You also have to have then a full plan about it in order to deploy and so on. And so that's one thing we're working on. And we'll see. I mean, we have it running in a few tests now. And we'll see somewhere in something like that, I think we will be able to provide. So you're keeping your cards close to your chest there, Ard. You're working on something but not ready to share it with us? No, at the current stage, I'm not able to go further here. And to disclose it, it's just simply at a point where you don't talk about too much about things. It's just simply about here. In the near future, something will come and you'll see and you'll realize what it will be. Okay, can you hint at least how soon we'll be able to see this? I think first quarter next year. Okay, well, we look forward to seeing that in the first quarter next year. And to elaborate on this point, we're waiting for you to show us the work of these field studies. Is it really up to people like you to solve the problem? Because nobody else is out there solving the problem? Or is there anybody else that you find is making some headway in terms of solutions that might be practical in real life? It's always a race. It's a race of the prodcers. And it's a race of the ones which fight it here in this case. Throughout my time in the industry, we've been at the forefront. And pretty often, we've been copied. And whenever we talked about something, we saw something which then came up. But right now, I would say, I don't. And I'm also someone who's not necessarily looking into what the others do. So actually, I cannot properly answer your question with yes or no. I simply don't know at the current stage whether there's something else and what we do around. Ed, did you want to jump in again? No, I was just reacting to what Arnd was saying. I'm sorry. I was just I was chuckling. Well, you're allowed to trickle out loud. You're allowed to trickle out loud. I'll read a couple of comments here from the viewers. Anonymous viewer says with regard to stir shaken, and you're correct to say that stir shaken doesn't work as expected. But a lot of the problem is it's not designed for frauds like refiling. It's only about the origin and the destination of the call, not about the carriers in between. And I think that's a really important point here. We've had people look at certain aspects of interconnected problems, but we've not seen somebody come up with a whole comprehensive solution that suits all the parties, have we Arnd? No, we have not. Are you going to be the first one to come up with a solution that solves all the parties? I'll let you make your comment on when you see it. All right, Lee, do you want to jump in here to the conversation? Because I'm curious on your perspective here, because we could see this a little bit as a European focus, this debate with things like origin based rating. Do you agree with Hank's comment that the Europeans have brought this on themselves a little bit? Yeah, I mean, the EU, they love where things are based from. I mean, just look at all the sticky labels that some of the UK have to put on sending stuff to Ireland, right? I mean, they've created an issue here, right? And yeah, I mean, now they've got to solve it, right? Well, if we solve it, go on, go ahead. Yeah, I'd like to step in. It's not necessarily only EU problem. There's groups of countries out there in the world, which want to accommodate and which actually want to work together. And they use also here the telephony here to have lower rates. You simply, the EU, non-EU model, you have on lower scale with several groups in the world, several operators. There's in the Middle East, we have them in Africa, and Africa, for example, themselves, they actually want to, if you remember, right, there were of the events where they were talking about that they want to bring in the Africa, non-Africa model, like the EU, non-EU model. And so, I mean, there's a tendency about this. And having like in the EU, non-EU, having international calling in the EU brings everybody in the EU closer, except of the Brits, which moved out. I mean, but you have the feeling that, okay, this is much more like one country. That's just simply the way the direction goes. And so, we have to cope with this. Well, are we just going to, I mean, you brought this up now, and it's a great point, you know, economic groups like EcoWise in Africa, for example, wanting to do pricing different within the group and not, and then different prices to actually go. Are we not just going around and around in a circle here? You could put basically tariff barriers between countries, you can do it between continents, you could just get rid of all of them. And then you start bringing them back again. And we're just going around and around the loop about where we put the barriers. Of course, we go around circles. I mean, because nobody, of course, we go around because nobody so far was able to solve the problem. And it is a problem which requires to be resolved. And that's just simply, it's taken so long that now it's like now it hurts people. Now their fingers are burning. I mean, and so they're looking for solutions on that. So, let's talk about solutions. Who should be the customer for these solutions? Is it the wholesale carrier? No. Is it? Okay, who's the right person to buy the solution? No, the one to implement the solution? The ones which, the ones for such solutions are the number owners, okay? The ones which, let's say, emit calls and the ones which receive calls. These ones, these are the ones which actually are the ones which need a solution here in this case. Because also on the wholesale operators, actually, they don't care whether numbers are manipulated or not. As long as they get the tariff they route, I mean, they don't care. And they sometimes get bitten by the fact that they don't know that they've just sent fraudulent traffic and someone tells them, no, we don't pay you because it was fraudulent. And they like, ooh. But when we're talking about refiling, then the ones which own numbers are the ones which have to look, have to sort of look for and how to ensure that the numbers are not getting spoofed. Okay, fantastic. We're nearly out of time. Aren't any final thoughts or final recommendation for the viewers who are impatient and don't want to wait until you've got to offer Q1 next year in terms of what they should be doing right now to deal with refiling? Watch out for Q1. All right. Okay. That's the advice. Thank you so much for joining us on the show, Arnd. It's been an absolute pleasure having you here. Thank you for joining us today. And I've really learned a lot from our conversation. Thanks, Mike. So we've reached the end of another episode of the Communications Risk Show. Next week, our expert contributor will be Mike Willett. Mike is a partner at EY based in Auckland and working in the Asia-Pacific data analytics and information management practice. Mike will be talking about the use of analytics to boost telco profits. So watch the show on Wednesday, the 25th of October from 11 a.m. US East, 4 p.m. UK, 8.30 p.m. India time. Visit tv.com and find a link to automatically save the show in your diary using the right time zone for you or subscribe to our broadcast schedule and have every episode added to your diary automatically. Thanks again to today's guests, Arnd Baranowski, CEO of Oculeus, and to Oculeus for sponsoring today's show. Thanks to my co-presenters, Ed Finegold and Lee Scargall, and to the producer of today's show, James Greenley. This show would not be possible without all his hard work. You've been watching episode 9 of the second season of the Communications Risk Show, and I've been your host, Eric Priezkalns. Visit our dedicated website tv.commsrisk.com to catch up with all the past episodes of the show. Visit our main site commsrisk.com, stay up to date with news and opinions about the risks faced by commerce providers and their customers, and be sure to use the great free resources of the Risk and Assurance Group at riskandassurancegroup.org. Thanks for watching today's show, we'll see you next Wednesday.