How can the latest technology detect and stop fraudulent network activities before telcos and their customers lose any money? Arnd Baranowski, CEO of Oculeus, shares his insights and answer questions from the live audience.
Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.
Transcript (auto-generated)
Hello, I'm Eric Priezkalns, and this is episode eight of the Communications Risk Show, the live streaming discussion show produced by Comms Risk in collaboration with the Risk and Assurance Group RAG. Every Wednesday, we talk to risk experts from around the world of electronic communications, and we broadcast live, so you can also join the conversation, submitting questions and observations as we go along. Submitting your question is really simple. Just type it into the message window immediately beneath the streaming window on our website at tv.commsrisk.com. We don't collect personal dates about who watches our shows, so include your name in the message if you want me to read it out. The show is also streamed live to viewers on LinkedIn, so you can also leave a comment there. Just type away and one of our production team will forward them to you. We've been talking a fair bit about fraud during this season of the Communications Risk Show, but it's always good to have more fraud prevention tools and techniques at our disposal. That's why today we'll be talking about new technologies that can be deployed to prevent fraud with Arnd Baranowski, CEO of Oculeus, innovative developers of anti-fraud systems and other software for Comms providers. Oculeus are the sponsors of today's show. But before we bring Arnd on, let's make some time for topical chats with my fellow co-presenters, Ed Finegold and Lee Scargall. Ed Finegold comes to us from Chicago, where he's a market analyst and strategic advisor to tech and telecoms businesses. And Lee is dialing in from Bahrain. He's worked extensively with Comms providers in the Middle East, Asia, Caribbean, Europe, where he's been both a senior risk manager and also a consultant. Hello, Lee. Hello, Ed. Topical subjects straight away. I'm going to ask you about this one first, Ed. I'm keen to get your point of view on this, but then I'll ask you as well, Lee. AI, a lot of fuss about that these days. AI, though, being used to clone the voice of somebody and then being used to commit crime. A few weeks ago, Good Morning America ran an interview with a lady called Jennifer DeStefano and her 15-year-old daughter, Brianna. Jennifer recounted how she was walking down the street when she received a call from a strange phone number. Brianna was away from home on a skiing trip, so Jennifer picked up in case it was about her daughter. What she next heard was her daughter crying, then telling her, Mom, these bad men have me. Help me. Help me. A man replaced Brianna on the line, claiming he had kidnapped Brianna and demanding a ransom. But fortunately, Jennifer stayed calm enough to double-check Brianna's whereabouts before agreeing to the supposed kidnappers' demands. It turns out Brianna was safe all along. The voice on the line was believed to be an AI clone of Brianna's voice. So, Ed, Lee, you're both parents. I'm sure you can imagine what it's like to be in a situation where you're given a shock like that and a phone call like that. Somebody who sounds just like your own children. We talked a lot about identifying the people who call us as well on this show. There's the advent of this kind of technology where we're cloning voices, able to simulate people, able to take the persona of anybody. Does that mean it's now game over for protecting our identities on the phone, Ed? So, you know, interesting. You're qualifying that as on the phone. And what I was thinking was in more general terms, I think the answer to on the phone is yes, but in more general terms, don't forget deepfake video because that can be pretty convincing as well. So then getting into sort of a more comprehensive impersonation, if phone actually also could include this medium we're using right now. Right. So all of that. Yeah. I mean, I think that's pretty alarming. I think, though, in terms of is it game over, I really want to hear what the biometrics folks have to say about this and what are the best practices there as the generative AI curve keeps accelerating, I guess, or getting steeper, whatever you want to call it. The trying to catch up to that gets harder. Right. So I'm really interested to hear what those folks have to say. But you and I have talked for a while now about like a concern that I raised with you man, it's got to be a year and a half ago or so that we first chatted about the idea that you're that you have a physical identity that does an awful lot of things and is gaining even more autonomy now. And the idea that if you think about where all these impersonation schemes are going, you know, can you extend that line out to where you will be separated, your physical self will be separated from your digital self. And then what means if any, do we have to prove the connection between those two things? That becomes real tricky, especially in the types of scenarios that you're talking about, where the the fake can become so complete, right? So like three dimensional. I'll leave it there for the moment. That's that's the piece. Yeah, nightmarish, if you ask me absolutely nightmarish scenarios. And I think the fear for me is that when it comes to the way businesses, organisations, governments, the market, for want of a better way response to these things is we rush ahead with the new technology because you want the new technology because the benefits new technology, and the investment on curbing the downsides of technology, all it comes when there's a clear profit margin, or clear need or incentive to do something about it. The rate of change, and the size of that market, and the amount of that gap, we can see a lot of harm being done before we start having the technology applied to solve this problem. Let's pivot the conversation your way. You're aware that frauds like this, technologies like this, I should say also use things like CEO fraud. And it could be used for spear phishing attacks, where the goal is to socially engineer a member of staff, a big problem for telecoms companies, of course, you're aware of telcos doing things in terms of like trying to reduce SIM swaps and things like that. But are you aware of telcos taking steps to protect themselves, specifically from this kind of impersonation, a voice on the phone that sounds like a co worker? Or are telcos now increasingly at risk of being hacked because of the danger of voice cloning? So yeah, it's a real risk, Eric this. So if you're using voice ID for authentication, then you really need to replace it immediately with something more a bit more secure, right? Because there's technology out there right now that can be used to bypass voice security. I think it's probably less secure now than OTPs over SMS. Okay, back in February of this year, there was actually a journalist in the UK, he works for motherboard, he actually recorded himself reading out a page of text, he then uploaded that to 11 Labs, which is a synthetic voice platform, he then used that app to bypass the security on his Lloyds bank account, and that's over in the UK. All he simply did, he just typed in the text box on the platform, then converted it to say, my voice is my password, without even actually saying that, and he managed to get into his bank account. And then you've got the likes of, you know, David, get to who actually did quite a cool thing last month, what he did, he used chat GPT to generate a wrap in the style of Eminem, and then he fed that into a synthetic voice platform, and it actually said the wrap, as Eminem would actually say it. So there's actually some real cool commercial activities you could use for this, but obviously, you can use it for the fraud as well. But this is the problem. Excuse me, this is the problem. We get fixated on the cool stuff, and I can give you another example of cool stuff. A businessman a few months ago, I noticed a story on social media, he was promoting how he now obviously, we can't validate he really did this, but how he had claimed to have connected a voice synthesizer, a clone of his voice, to chat GPT, with the result that he used this entirely automated system to discuss his phone bill with his phone provider, and to basically argue successfully for a credit on his phone bill. So on the one hand, everyone's going, oh, great, I don't need to spend half an hour on the phone, wasting my time arguing with somebody in a call center, I'll let the machine do it. Hold on, hold on. You've just created a machine to impersonate you successfully as a customer and influence the service and the bills you get, and a real person in a real call center, if this is a genuine example, was fooled. They thought they were speaking to the customer, and they did change the customer service, and they did change the customer's bill as a result. So we get excited with the positive example. Oh, goody, I don't need to do this. Hold on, hold on. This is exactly the problem. We're not seeing the downsides to this. This is potentially devastating. I don't want somebody calling up my phone provider, reusing my voice, and starting to negotiate what my phone service should be. This is the problem. I don't think telcos are even waking up to this problem. Yeah, so I mean, if you're a public speaker, right, or if there's any audio of you out there on the internet, right, then you're at risk of this type of attack, right? I personally think voice identification, it's completely dead now. So, Eric, I hope you're not using voice identification on your banking app. No, but you can't expect people not to use the internet to spread their voice. There's this thing called TikTok-ly. It's quite common with, you know, you're a cool kid. You know David Greta. You may have heard of TikTok. It's also cool with the kids-ly, you know? We're not going to be able to roll back to a point in time where people are not going to be hearing according to voice. The advice that's given, oh, well, don't share data on the internet. Are you serious? Yeah, not only is it people like us talking on the internet, what if somebody just called you and you spoke to them and they picked up the phone? They've got your voice. They're recording your voice straight away. You're on a Zoom call with 10 other people who work in your business. Somebody can record on that Zoom call without your knowledge. It's not just about social media. Our voices can be recorded by any sort of device these days. Yeah, I completely agree on that, Eric. I think there probably needs to be a lot more regulation over these synthetic drinks. Regulation? Come on, Lee. That can't be the answer. We need regulation, Eric. I'd say laws evenly, right? If you bought a Sawzall, think about this. Go buy a Sawzall. You can go buy one at a tool shop, at least you can in the US, right? What are you allowed to use it for? There's things it's completely illegal to use a Sawzall for. There's things it's completely fine to use it for. If we're building tools like these AI tools, well, what's it illegal to use them for? We don't even have that figured out yet. It shows you what I'm messing with, though. I think it's stricter than regulation in that sense, right? No, come on. It shows you what I'm messing with, though, that you're now looking for law and regulation to sort you out. We can't even sort out plain old-fashioned telephony. The laws of the regulations are so far behind. Isn't that what we'd be discussing every single week is how far behind the laws and the regulation are, how unrealistic are, how ineffective they are. I'm not saying I have a solution here, but we are falling further and further behind. That's what I'm saying. Businesses, at least they could protect themselves. If you're waiting for the government to protect the man in the street, so game over. I say it's game over. Government's never going to go around to it. Maybe a business can protect itself because at least it's got the incentive to not be compromised. Anyway, lots of comments coming in. Forgive me. I'm ranting. I'm in a ranty mode today. You're going to get both powers. I'm sorry, guys. Lots of comments coming in. Todd Dunphy says, great stuff, guys. Thank you, Todd. This issue is becoming massively huge on dating apps. It is very dangerous. I have tons of chats every week testing all these theories you guys are discussing. The issue we have is that the physical world is how human relationships were designed. So many comments coming in. I can't keep pace with reading it out as they're flowing. So that is what humans seek and desire, but tech allows a hybrid that's really bad with fake AI humans. I totally agree, Todd. Lorenzo Francisco, high risk indeed. We advise customers to use voice calls to confirm payment requests from their top managers to prevent business email compromise fraud by having this kind of voice fraud confirmation. We're no longer safe. Yes. I mean, good point because we still haven't dealt with emails. We haven't fixed that problem. So we use voice. We're going to go from one factor to two factors, three factors. We're just going to have 15 factors of authentication. I just kind of add them on and on and on and on and try to solve our problems that way. George Woodworth says, I believe there's an AI generated video of Michael Jackson rapping as well. Not quite as cool as Lee there, George, because Lee named David Guetta, whereas Michael Jackson is no longer so cool, George. But you are right, George. That is a good point. And yeah, we're not seeing the downsizing. Thanks for the comments, guys. Really love the comments from the audience. Keep firing them in. But now, a moment of calm as I read out our advert from our season sponsors, Lucha. There's so much that can be achieved by implementing test techniques that include test calls and other test events over your networks. Do you want to understand how your network services are perceived by customers and perform tests to reflect the actions of real people? Are you worried about bad actors bypassing information feeds, termination fees with SIM boxes, refiling or OTT bypass, originate calls on other networks, cover an expansive range of international routes, then check how those calls are terminated on your network. Do you want to verify that your outbound Roamers are able to connect to services whilst away from home and the test program and the locations they travel to? Do you want to verify the network services provided by roaming partners, then you can perform full roaming audits in key locations using test devices that really test their networks. Problem is investing in the infrastructure and resources to create all sorts of network events from lots of different locations in the world would not be cheap. That's why the smart approach is to ask Blue Gem to do it using their Test Anywhere crowd and their automated equipment with the latest Android test devices deployed worldwide. Blue Gem test network services on behalf of telcos, governments and software companies. They use real phone devices that can make a call, send a message, transfer data, stream music and video, basically all the things that people do with phones, creating real customer journeys. Blue Gem also support the latest technologies such as eSIM so they can validate multiple eSIM profiles at home and abroad. The proliferation of wipe services these days means it's never been more important for telcos to ensure traffic is routed correctly and termination fees are correctly levered. Blue Gem can execute a risk-based testing program on your behalf, focusing on the routes and countries where there's the greatest risk that your telco will be exploited. And automated testing means your staff are not required to perform laborious manual tests. Automated alerting your test results also means you get advice about fraud as soon as tests identify where it's happening. But whilst you'll become newly aware of frauds, the fraudsters won't know those tests have identified them until you decide what action you want to take. So with your focus, is the customer's network experience, roaming costs or the assurance of interconnect routing, then you should call upon the experts at Blue Gem. Their URL? blugem.com. Blue Gem. So, Lee, continuing the themes we were discussing earlier, I'd like to talk now, I'd like to hear your thoughts on whether home working, remote working, the fallout from the pandemic, in short, means telcos are now more at risk than they ever were before, and whether there's a failure to respond to this risk. Why am I suggesting they're more at risk? Well, because although, Lee, you picked upon automation to identify your voice, there's something else that people do. They start a job, they're sat at home, somebody else calls and says they're from the IT help desk in your own company, and you're trusting the voice. You don't know the voice, you maybe don't know the person, or maybe it's a cloned voice, but whether you know the person or not, we're not having the face-to-face interaction at work that we used to do. We're more and more likely to have a message, a call from a coworker, maybe in a different part of the country, maybe in a different country altogether, and we don't know if that person is genuine or not. Should telcos be taking more action just to verify that the calls received by their own staff originated with other members, other employees of the company, Lee? Yeah, I think, you know, can companies do more? Well, the answer is always yes. Yeah, you can never rest on your laurels when it comes to fraud awareness programmes for your employees. I think you should be training all new staff who join the company, and you also need to make sure there's like mechanisms and processes in place. So if anybody actually suspects some suspicious activity, they can actually report that into somebody. There's actually a lot of impersonation or business email compromise fraud, right? So that's emails appearing to come from a superior, and it's usually asking for somebody to make a payment or make a SIM swap or kind of give away customer information. So if you're in doubt, my advice would be if you've received a call or an email, you should report it, you should maybe contact that person who you've received that email from just to double check first, right? It's very easy to spoof somebody's email these days. Are telcos doing more, though? Have you noticed signs of increased training of staff to deal with these risks or are telcos waiting till the problem occurs and only then responding when it's, you know, basically the horse has bolted? The ones that I know, Eric, they are being quite proactive in this. So in particular, some of the telco companies I've worked with, there are awareness programmes in place and there are mechanisms to report this in. But like I say, I'm not too sure if every telco is doing that and is active on it. I'm sure there's some which aren't and I'm sure there's some which are on top of it. I actually like your idea you were saying earlier is that surely if you receive a phone call from your employee who kind of reports that they're from the IT department, surely that we should be the ones able to check that. So I think that's quite a good idea there, Eric. I mean, forgive me. I think some of the things I say are so simple, I don't understand why we don't do it more generally. Why are we fussing and getting all excited about validating every call everywhere when a phone company can't even validate calls between their own employees? Surely that would be a more logical starting point for solving the problem. If you can solve it for your own employees, then maybe you can generalise it to everyone else. If you're not bothering to solve it for your own employees, why would a big bang approach to the whole country make sense? Surely that doesn't make sense. And this is Ed, I want to come back to the point you brought up earlier and we were discussing earlier before the ad break there. If you're waiting for government to do things, if you're waiting for government to solve problem, it's going to be a very bad problem before the government is going to have a point of view on how to deal with it. Because you don't elect politicians to positions of power, because they're specialists in every rinky-dink little problem that the world faces. They're not experts in network technology or voice coding or anything like that. Other people have to give them answers, as well as bring them problems. Is there anything that we can do in terms of changing the rate of progress at which industries like the telecoms industry percolate up the problems so they are being acknowledged and recognized at senior levels within our society, that we're currently missing a trick at the moment because we just tend to ignore the problems and hope they'll go away? Is there somewhere we can not just get public awareness, but get the awareness of the decision makers in our society to deal with these problems sooner? What's it going to take? I mean, is the question, right? And if you look at the litany of things that have already occurred, like the physical example is the 737 Max. That's the ultimate physical example of what you're talking about, of this completely backward, unintended evil of technology crashing planes full of people into the ground. But then things like that happen, and I think in cyberspace, in the digital world, every single day. And we talk about those things on this show, obviously, all the time. All those unintended evils and ways that things are misused and where the gaps are that are taking advantage of. So I think, what can be done about it? We spoke to a gentleman about this the other day, and I don't want to steal his words because I'm going to let him speak his thing when he gets his chance. But there was a point discussed that said that it's a risk equation that says if the business can afford the risk and it can be factored in and it can be spread out enough, then we move on. And it's not going to change the way we do anything if we can swallow the cost of that risk. It was something to that effect. And I think there's something to that, where the cost of that risk needs to be higher, maybe, than it is. And I've had arguments with executives about this who will point to things like British Petroleum and the trouble that they got into in the Gulf of Mexico and the penalties and everything else. But it's hard for me to imagine that in the end of the day, and I'm not calling out BP here, but do those penalties at the end of the day really make major changes occur? I don't know that they do. Again, I hate to not answer your question because it's hard to imagine, but it certainly feels like we have this obsessive need to keep pushing the limit of tech. Obviously, there's a lot of economic growth and a lot of speculation that pressures that kind of thing. And I don't know, I guess to be really dark about it, Eric, if I come back to the lessons of my childhood, it's that when external forces forced you to get technology up in the air faster than you want to, you end up with a challenger explosion. It's those kinds of things. And so it feels like that's where we're headed. Yeah. Here's why I think this problem is different to those other problems. Those are the incidents, those are the failings that we've seen. You have an oil rig blow out. Some number of people die on the oil rig. Sorry about that. And there's a pollution in the Gulf of Mexico. That's bad. Okay. You have a plane crash. The number of people on the plane crash. Okay. All of the example, and the challenger, try this amount of work being done in oil rigs, in planes, and by NASA to make sure that the space shuttle works correctly. But still mistakes happen despite that enormous amount of work. And yet for all of the terrible outcomes that we have in the end, it's only the people on the challenger that are affected. The difference with tech, the difference with communications networks is if we get it wrong, everybody's affected. There's no limit here. If you can clone someone's voice, if you can impersonate someone, if you can steal their identity, if you can harass somebody using networks, the whole world is at risk. It's unbounded. And that's why I feel as though we are massively under investing in protecting ourselves from the risks because we do, society does spend a lot of time and effort and a lot of money gets put into validating the design of a plane and checking them and maintaining them. And they don't get to take off and they all have licenses and stuff like this. Whereas in tech, it's like, boom, here's a new unicorn. We're going to make a lot of money from this technology. Let's throw it out there as quickly as possible. We're not even at the point where we're even reviewing the possible repercussions until it's out there in the wild affecting potentially millions, if not billions of people. I don't know the answer. Just to go back to your question, Eric. We actually use a corporate messaging application. I'm not going to say which one it is, but we are encouraged to use that all the time to contact people within the organization. So, we've actually adopted that since the pandemic. So, I think that would be good practice as well to use that and make sure your company has something like that. Yeah. I mean, and this is a valid point about how you start devising society-wide strategies with dealing with problems like this. Maybe our strategy will one way or another end up being, we don't have global networks. Because if a global network like telephony gets so infested with crime and abuse, people aren't going to want to pick up the phone. People aren't going to be dialing. People dial me. I see a phone number. I don't recognize it. I don't answer the call. I wait to see what the voicemail is going to be. So, whether by design or by accident, we won't have global networks. But if somebody say like you, like you, Lee, like you, Ed, if you send me a WhatsApp message, of course I'm going to respond to your WhatsApp message. Because now this is, although it's a global tech, it's actually not a global network in terms of who I'm communicating with. We're now breaking things down. Maybe this is the future, is that we're going to have fewer global forms of communication. Anyway, apologies. I've got to just read out one quick comment here before we go into the next ad break. Roberto Pareto asks, and this is a completely pertinent question. I absolutely understand why you asked this question, Roberto. How do we know that I'm not an artificial intelligence? Well, I agree, Roberto. In fact, the last 30 years of my life, I have been trying to behave in an eccentric, erratic fashion, unlike other human beings, just so technology will not be able to simulate me so effectively in future. It's all you normals out there who are in trouble, because the more normal you are, the easier you are to simulate. Whereas weirdos like me, we're going to be relatively immune from the effects of artificial intelligence, at least in the first way. And Sridhar Rao says, nutrition labels may not work all the time, but having them on all tech products is a first step. Quite right. We need to have people at least informed and aware of what's happening in terms of the risks they're taking and what can go wrong. Okay. Here's another. Comments keep flying in. I don't have time to read them all out. Sorry, guys. Now, here's another of our recurring features, the symmetry prism fact of the week. Now, each week, we share an interesting fact from the Prism Intelligence gathering team at Symmetry Solutions. It comes as no surprise that fraudsters are amongst the worst people in the world, and they do not hesitate to make a quick buck by exploiting other people's suffering. The invasion of Ukraine and the refugee crisis that followed prompted many telecoms operators to offer free or reduced cost to Ukraine and free roaming for Ukrainians leaving the country. Fraudsters responded by cynically exploiting new opportunities for fraud that that created. That's why the Prism team continues to give away, free of charge, intelligence about the Ukrainian number ranges being advertised by dodgy websites for use by fraudsters. At present, there are over 64,000 Ukrainian phone numbers advertised for use by fraudsters. That total is higher than it's been in recent months, despite the conflict being well over a year old now. And that's why Symmetry recommends telcos remain vigilant about communications traffic directed towards Ukrainian numbers. But on the other hand, please don't overblock. We don't want to see anybody suffering as a result of being too cautious in response to fraud. So, if you work in telecoms fraud management, and you want to receive Symmetry's free updates about Ukrainian numbers so you can pinpoint what to do about tackling fraud, then contact their fraud intelligence team via their website. That's symmetrysolutions.co.uk. I have to say, I think that's a thoroughly admirable initiative that they have there. Oh, I just got to take a quick breath here, but I'm about to start ranting again any moment on a new topic. Seems to me that we talk a lot in this industry about collaboration to solve these big problems, big, big, big problems affecting billions of people. But we'd have a lot of people who talk about collaboration, and they're talking to one or two other people about collaboration. There's no real broad collaboration at all. I know people are going to get angry at me, but I'm going to say what I'm about to say anyway. So, feel free to send in your comments if you don't agree. Last Thursday, I noticed on social media a post from the CFCA, the Communications Fraud Control Association. Yes, I'm calling them out by name. I'm not afraid. Now, their post promoted a new YouTube video of one of their recent online discussion panels. Not that different to what we do here, okay? That video, in the course of three days, had amassed 11 views. 11. One and another one. So, they broke double figures, okay? But not that many people. When you consider that there were six people on the panel reaching 11 people worldwide, well, probably six of the viewers was the people who were on the panel watching the video back again. So, that is, and I'm not bragging here, it is a smaller audience than this show reaches, okay? I went to Twitch the same day, straight afterwards, straight after seeing these figures on YouTube, took a screen grab of the episode we had aired the previous day. It had already garnered 374 views at that point in time. So, 374 views for just one channel we use in a single day versus CFCA struggling to get into double figures over three days. In fact, now, as far as last week's episode is concerned, the total view count is now over 2,600, with 1,800 of those coming through our website and through Twitch, and over 800 watching via LinkedIn, either live or watching the replay later on. So, it's not about bragging. Here's my point, and it's a serious point. I'm keen to have your views, Lee, and your views out on this as well, because maybe I'm in the wrong here, all right? There's a lot of people who talk about industry collaboration to fight fraud in some vague, eye-faluting fashion. But if you're not reaching anybody, if you're not actually connecting to anybody, you're not doing it. And the stats speak for themselves, and they've been consistently repeating. This is not a one-off. This is the repeated story. Nobody's watching. Nobody's listening to associations like the CFCA in actual practice. They're sucking at resources because some companies understandably want to sell to telcos like Verizon and AT&T. They're sucking at resources, but they're saying and doing the same things for 20 years in a row. We have not got the time to waste in dealing with these new risks that we face in the communications industry to still be talking about the same old nonsense for the decade after decade. And because they're always talking about the same thing, it's boring. It's unproductive. That's why they've got no audience. The only thing that comes out of associations like that is phony baloney statistics about how big fraud is. Guess why? So you can go and buy such and such system. Well, if that's your philosophy, then you're always going to have a lot of fraud because that's always your logic for why you should buy more and more systems, never reducing the problem. These are the kinds of people who think stir-shaking is a great use of money and didn't say boo to a goose in terms of whether there'd be any flaws or problems with its implementation. And then infuriatingly, vendors around the world cite the CFCA statistics like this as evidence that we're succeeding in the fight against fraud. My conclusion is short. We are not ever going to deal with these worldwide problems unless we sometimes tell the big US telcos to shut up, step to one side and start getting some real collaboration, some real information, some real advice and leadership from big telcos in China, big telcos in India, the big telecoms groups headquartered in Europe, the innovative work being done in Latin America, the innovative work being done in the Middle East. I was reading a UK consultation that's bragging about how good stir-shaking is the other day. Nothing was said about what had been done in the Middle East to deal with CLI spoofing, not a single lie. That can't be right because the Middle East has been lots of good work done. And yet the people who are giving the advice to people like Ofcom, the UK regulator, they don't even know about it. And heaven forbid anybody should ever meet a black African giving his a lecture about mobile money. It's as if some parts of the telecoms industry are even aware that Africa exists. So Lee, let's pick on you first because I've been very controversial here. And I've given you a few seconds to sum up, get yourself ready for the onslaught of hate that we're going to have as a result of my diatribe. Lee, am I wrong to talk about industry collaboration really descending into this pit of empty preening that accomplishes nothing? It's kind of difficult to follow this, Eric. What you've just said there. Look, I can't talk about the CFCA because I haven't actually been to one of their meetings, right? So it would be unfair of me to comment. That's a cop-out and a half. That is a cop-out and a half. You've heard of their statistics. You know that they're going on. I just told you they had 11 views on the video. You could have watched the YouTube video yourself, couldn't you? I'm trying to keep it professional, right? But look, as an industry, as a whole, do we need to be more collaborative? Then the answer is yes, we do, right? A lot of this fraud, it's committed across international borders. So we have to have collaboration. I think there is some good work. I think RAG's doing some great work. I also think the GSMA, FASG, also do a good job as well. Evan, a diplomat. I'm turning to you, Ed. Are you going to be a diplomat too? No. No, I think the telecom industry stinks at collaboration on a few different levels. So two different things, I'd say. So one, starting with the CFCA, I just want to comment on that. So what I can say from someone that does primary research, right? And sometimes obviously you're doing desk research and looking at other people's data and what have you. But I think it's important looking at other people's data and what have you. You always have to consider who your source is and if they have an agenda or not. And so any organization, whether it's the CFCA or any other industry-funded organization like that, that obviously represents some kind of an agenda, whether it's political or business or regulatory or whatever it is, you have to take that into account when you're weighing the data. So for somebody like CFCA, it's automatically something that I think you can kind of look at and say, okay, if I'm going to look at a variety of data points and see how they compare to each other, I'll probably have it in the mix. But I don't know that from any organization of that sort, right, you want to hang your hat completely on the data point unless you are also doing some PR to drive a similar agenda, which is a lot of what happens with data points these days, right? It's sort of like a parallel story to what you're talking about, that a lot of the data that gets produced, it's not only is it not to drive action, not only are people that can drive action not paying attention, it's mostly used for infographics and press releases and generated for that purpose to open eyes, right, and click chasing and all that sort of thing, right? There's that whole side of it. There's also like a golden calf effect too, though, that happens in that process, right, where you'll see data, some big data point gets cited by some semi-reputable or semi-reputable publication. And then there's a daisy change of other sites to that source. And you'll see a lot of people doing that kind of sort of desk research and piecing things together. And on more than one occasion when I've tried to follow back to the original source, I found nothing. So there's that effect is happening to your point all the time. And so my point though on telecoms being bad at collaboration where I started was, and I've written about this a lot, I've sat in enough sessions at different meetings like Mobile World Congress that are specifically like, hey, this is the session where we're getting the multiple industries together to talk about what 5G solutions are going to look like in five or six years. And this is five or six years ago, right? And everyone in the room is from a telecom or one of their major suppliers. And there is nobody in there from any other industry. And now here we are bringing 5G to market and everyone's saying, we don't really have any practical use cases to run with. I'm uncertain about this. Well, why do you think that happened? Because we stink at collaboration. And six years ago when you had sessions at Mobile World Congress, talk about those things. There was nobody that could do anything about it in the room and no one listening to your point. So yeah, I think it's an ongoing problem. It's pervasive. I think we so underestimate the significance of it. Let me give you a recent example. Tom Walker, you mentioned his name the other day in our previous show. I'm having a bit of a row with Tom Walker these days on the social media because, and I've been pointing a lot of fingers and I'm not afraid to point fingers at people in the US industry. And whenever I point a finger at somebody, they always say the same thing. Nobody has ever said, stir-shaken will be used to block coals. Okay. That's funny because it keeps being reported that stir-shaken is used to block coals. It's so reported that stir-shaken is used to block coals that the UK now has a consultation and the word blocking is on the front of it. And the whole thing is about the promise that it's going to be used to block coals. So this is not just appearing from nowhere, this belief, okay? Somebody's making promises here. And when I turn the finger back and go, who actually made this promise? Suddenly you can't find who's making the promise anymore. It wasn't me, it was them over there. So I would say, oh, yeah, look that way. How can we be running an industry like this? This is like expensive decisions about protecting people from even more expensive harm. And yet we're all acting as though the information just somehow fell into our lap from the sky. We trusted it. We weren't sure where it came from. We'll probably do the right thing somehow or other. Absolutely insane. It's driving me up the wall. This is why I'm going crazy, guys. Sorry. I thought of you the other day, and I think Lee wants to jump in and I want to let him, but I just have to say quickly, I thought of you the other day because I walked into my bank and saw a large sign advertising on the wall, right? That is a hand holding up a phone with a caller ID, a smartphone with a caller ID popping up. And the caption says, be careful of caller ID. Be careful of caller ID, right? Deliberately telling you this is not something you should trust. It's going to scam you, which is, I think, sort of validating your point about strategy. Thank you. Thank you. Did you want to jump in, Lee? No, I was just going to say that I was agreeing with Ed on most of everything you said there. But not agreeing with me. Okay. That'd be typical. Right. We need to keep moving on because we're now way behind schedule. So, I apologize to everybody who's been waiting for our interviewee. We're going to take a brief break from my horribleness with a soothing feature from one of the nicest, kindest, most decent professionals working in the industry. God bless him. I'm so glad that he's working in this industry because so many other people drive me up the wall. Jeffrey Ross, a call authentication, fraud prevention, and geolocation specialist. One root. Now, he's both a Texan and a cosmopolitan. And each week, he takes us on a tour of the world, highlighting the diversity found all around this planet, whilst reminding us of the common challenges faced by common providers. We call this feature the world in your phone. And this week, Jeffrey is taking us to Thailand. Producer James, roll VT. Hey, everyone from One Route. I'm Jeffrey Ross, and this is the world in your phone. Let's talk about Thailand. Now, if you've ever had the pleasure of visiting Thailand, then you likely know it is home to some of the world's most beautiful beaches, friendliest people, and tastiest food. Located in Southeast Asia, Thailand is officially known as the Kingdom of Thailand. But did you know that at the end of 2022, the Thai police raided multiple locations, finding and cutting more than 10,000 internet lines that were going across to neighboring Cambodia, believed to serve the call scam gangs that had defrauded many of Thai people. Also earlier that year, the Thai police seized more than 200,000 SIM cards all used for call scams. That's taken the fight right back to the fraudster. Did you also know that the capital city of Bangkok's real name in Thai is Krung Thep, but even that's a shortened version of the name. So without me completely trying to butcher this with my Texas twang and not being able to pronounce it, go out there and Google, figure out how long that capital city's name really is. Thailand also is the world's largest exporter of orchids. So world's largest exporter of rice by value. And there are more than 40,000 temples in Thailand. Another fun fact, the smallest mammal in the world, the bumblebee bat is located in Thailand. Be sure to subscribe to the one route roundup in the world in your phone on our YouTube channel. And follow us like do all that fun stuff where we put a spotlight on individuals and companies making a positive difference in the telecom industry. Eric, back to you for some more great communications risk show. Thanks, Jeffrey. I never know what to expect from Jeffrey's videos, but I always learn something. That said, I won't be attempting to pronounce the full and proper name for Bangkok. Now, let's say hello to today's guest. Arnd Baranowski is the CEO of Oculeus. Hello, Arnd. Now, they are suppliers to telcos all around the world with a particular specialism in using cutting edge technology to stop fraud before it even begins. It's a pleasure to have you on the show, Arnd. I want to get straight into the meat of our conversation here. What is the next big step forward in technology for fraud prevention? Or has it already been taken? First of all, thanks. And thanks for the really great discussion. I was able to follow before. And it's great to be on this show with regard to your question. I think it's about time that we really rethink the architecture of communication. It's about time to harden the communication and not to run behind the fraudsters to try to prevent them from doing things because the technology is advancing. As you described in the first half of the show, the technology is advancing in the style that actually what we have in place is just simply not sufficient. We have to look at everything from the start of call to the end of the call. Where is it transiting? Through what networks? And there is, in my personal opinion, there is a biggest weakness because we're talking here about an architecture which is really ancient compared to what's possible today and what's been utilized by fraudsters and scammers here in this case. So the next big thing will be to really change some stuff. And I think these changes will also change, let's say, the landscape of communication. Communication will, certain types of communication will lose importance, others will be done differently, and maybe certain communication will be just simply much more protected, much more secured, and this way it'll be just simply much more difficult to step in and to commit fraud. Will you be more specific, Alan? Can you give us some examples of how things are changing? Because you're saying it's not just about the technology, it's about the technology. Because you're saying some big changes, but you're not using any buzzwords. Normally, when I say, what about new technology? They just start throwing out machine learning and words like this. Look, if we're talking about AI and machine learning, this actually, for us, for me, this is an old hat. This is nothing new. This is just simply there since the middle of last century. It's there. And what people mostly don't understand, AI can only be, and the results of AI, can only be as good as the models, and it can only be as good as the experts' input. When we're talking about artificial AI, how many of us are not sufficiently intelligent and you don't want to mirror them? And this is what's happening all the time, because simply the models and the inputs are not good enough. And what amazes me most about AI, or not about AI, but about specialists, about the ones in our industry, what amazes me most is that we're still here talking with people which then start to come up with ideas, crude ideas about what you need for AI and so on, not having an understanding that they are just simply 10 years old, what they think about. And so this has gone by. And even what we see today, I mean, this is just simply the peaks, the peaks of what is possible. And actually, this should be the science that we really also think about the communication here in this case. And yes, we're working on stuff. We're working on stuff which has the ability to really harden communication here in this case. And it's just simply about to take the full steps necessary in this case, because it's not time to continue to run after the last cent or the last or the newest commercial thing here in this case. It's now about time to secure what is there and just simply to change architectures in order to ensure that the problems we have don't overwhelm us. Well, I love the fact that you're so honest. I have to say it's refreshing, Arnd, because as I say, I think 90% of vendors would have come on. And the first thing they would say is we've got artificial intelligence, and they would have made that into their sales point when you talk about new technology. I hear what you're saying about AI perhaps being talked about too much, being hyped up by not being delivering. But what is at the cutting edge then, Arnd? Let's be positive. What's at the front? Can you give me specific examples or put a name onto it? Yeah, I can give you some ideas here. Number one, we're using AI in different styles, for example, in our solutions. But this does mean that we didn't abandon what's in there. We just made it into a full model, which is, let's say, we've integrated into a system which is able, let's say, to run self-maintain and which only needs the input in order then to run properly and is able to cope with a lot of fraud which is actually ongoing. But the thing here is we are at a stage where we are within the industry like these attempts with steer-shaking. I mean, okay, it's understood there is a problem. This problem is an architectural problem because we have only single line communications here via different networks in this case. And this problem has to be solved somehow. But the conclusion here, what's been adopted and what's been introduced, technology, doesn't match the problem. It's just simply halfway gone, or you could say here in this case. But as technology advances, I mean, there are possibilities. I mean, we're always talking about two-factor authentication. Why not about a two-factor network? In this case, it would mean just something like we have the regular voice communication and we just simply add a security layer which just simply communicates the call credentials in parallel to the regular call, just simply straight from the one who starts the call to the one who's receiving the call. And you can think about how many problems this might solve here in this case already. And this runs in lightspeed without affecting the regular call in parallel and is going to really solve plenty of the ongoing current issues here in this case. Who would lead that? Which country would lead that? Would it be Germany? No, it's not something which we're talking about a country here, about introduction in this case. It's just a matter of the industry which we're talking about here. This is just one example. But who goes first, Art? Who goes first? There's always got to be leaders so there can be followers. So I always ask the question, who is ahead? Because I want to know. Who should we be following? I don't know. We are in talks on things like that. I don't know yet and it's just simply something which might be upcoming soon. So maybe in the near future we have some more discussions on these points. I look forward to hearing that. Yes. Another point, besides the fact that we are developing solutions for the industry here in this case, we also develop systems, let's say, for global use within companies here in this case. And of course, because of all the implications which we have, we are moving everything into these solutions so that everything runs secure in these solutions. Also, we are adopting technologies, cutting-edge technologies, like hardening the web appearance, hardening what's on in the cloud, in the style, which is to government security level. I mean, this is difficult stuff, of course, and this is really hot nuts. We know major companies which are not able to do so and so they just simply trust in someone like Google, they trust in someone like Microsoft because they pay a hundred people which have the knowledge and they pay the price that they think that these guys are hard on them. But the more you have involved here, the more you have a problem because you're never sure because the weakest part of every organization is us. It's us because we are the weak ones and as long as the more are involved, the more it can be a problem in this case. And so it's like looking at architectures, looking at changes which harden the whole communication we know right now, maintain the communication we know and this is going to be the next thing which everybody has to focus on. And this is one thing which should be talked about and this is one thing where actually the industry should go along with and this really requires cooperation and it requires input from all sides which are interested in maintaining this. I've got a question from the audience here for you, Arne, sorry to interrupt, and I think it's a good one so I'm going to share it with you now. Somebody anonymous has asked, AI has been around forever but it is super hot right now with the gigantic general models like ChatGPT and so on. Is it that you don't see a real change of the type that's being hyped about or is it just that they don't have specific applications in telecoms? Look, ChatGPT, we looked into that. I mean, this is fancy stuff. I mean, this is pretty cool. There is a massive database there in the background which is emigrated and it's just simply cleverly made. And, of course, here when we're talking about AI, then it is just simply really a good engine has been set up in order to get good output of that. But this is amazing to a certain point, to a certain extent. And, again, here it's as good as what is fed into it. We looked into this. I mean, it's from the surface when it is impressive because we've not seen anything like that so far because everybody failed. But then if you go to the second or the third level, then you quickly come to the points where it again fails here in this case. So, there is still a long way to go before this gets perfect or before we get really at a point where we say, okay, this is now really cracking. And it's really actually a special use case because it's nothing else. And it's just simply Google 2.0. I mean, everybody uses Google in order to look for some information. Now we have ChatGPT. We just simply ask them and they then just simply, they've done the Google search before and they provide us back the info here about it. And that's what it's about and nothing more and nothing less. So, if I was to sum up your point of view, is it really that when we talk about artificial intelligence, we're delivering average intelligence, the average that a human being could deliver, and that it's not delivering us what you might call special intelligence, better results, improved results, especially when dealing with complex problems? Is that the point? It is a matter of the model and it's a matter of what you need something for here in this case. And there can be specialist models, which can be tiny, but these specialist models just simply cover certain areas. And it's about just simply that a lot of aspects will be looked at and then the system is able to take a decision. The system learned it and in learning what it can decide, actually, it's been sort of even like hard, like the system has been hard. It's like as if we learn, I mean, if we play the same song a hundred times on a piano, then surely we're able to repeat this song. And that's the same stuff which you actually do here with AI. Rather than us programming on how to play the song, what we provide with AI, we provide a meme which is able to record what's been played. And then out of that, this is possible to play simply the song. And it's very similar to how we learn at school, how we learn things, and it's just simply repetition of stuff here. And it's very much about the input which is provided, not necessarily the technology below, under it, but it's very much the input which makes the difference here. You make a strong case. I'm very grateful for your insights as somebody who's really doing the work with these topics. But here's a point I want to make that sometimes we don't discuss enough, I don't think. Sometimes people use these phrases. I hate these phrases like whack-a-mole, this implication that you always need to catch up with the criminal because it implies that we're falling behind because they move ahead so fast. I don't see us moving forward that fast. I see us actually always dealing with some old problem and always acting like we're surprised that a new thing comes across. We always have a new problem. Oh, wow. We didn't expect. We didn't anticipate the new problem. Technologies like AI, as you mentioned earlier in the show, they can be used by fraudsters as well. The criminals can use technology and we should not be surprised when criminals use technology. We should be anticipating it. Bearing in mind what we've been talking about in this show, do you believe, I'm not talking specifically your customers here, but do you believe that telecoms companies in general are keeping pace with the rate of change in technology just to stay in relation to where the criminals are or are they now falling further and further behind the criminal use of technology? Actually, it's a difficult question to answer. Of course, everybody stays in line with the advancements of the technology here in this case and it's just simply a matter of time when you do what here in this case. Number one, you have to do business. Number two, you have to secure your business. Number three, you have to look at aspects which actually damage your business here in this case and I think the industry is moving and the industry is moving and it is moving and it's understanding and the awareness is there and because of that, I think in general, the industry will take the action necessary here in order to overcome situations. But like I said, fraudsters are opportunistic. They are like an industry. The industry on the bad side of life, while we try to prevent them, they also simply look for new sections and if you can recall about the past, from the past until now, you've met so many different scenarios, types of fraud, which were relevant for a certain period and then a medicine was found and boom, it's gone. And it's like a cycle and I don't think that this is going to stop soon and this evolvement of this process and currently, I mean, you can do more but at least we're doing something and at least discussions are on in order to do more to get better achievements. And the feedback we're getting on things, on these pipes like the fraud events you've discussed in the first half of the show, I mean, they are just the indicators which show that we have to be aware of some new stuff coming and maybe we have to go for even other ways in order to overcome these types of fraud. Okay, now your business, Oculeus, you've chosen to integrate data feeds from the RAG fraud blockchain into the fraud management systems used by your customers. Why has your company decided to take advantage of this non-profit information exchange and make it available to your users? Absolutely, I mean, it's of relevance to use the input from all sides in order to fight the fraud, let's say, of all areas, of all sections. And the input of these numbers is good and any type, let's say, any fraud which is prevented just simply by the input of such a number is just simply a good result here in this case. And we would be simply crazy to not provide this ability to our customers here and I have to say RAG really did a great job on that. In introducing it and get it running. And yes, all the contributors here in this case and this thing lives as long as just simply people contribute and it's the same service open source. Open source empowers us to do things we would not have been able to do years ago and this is just simply a good concept which has been here just simply implemented and taken over by ARAQ. Thank you, thank you for that. I want to bring in Ed in now, if you don't mind the conversation. I'm going to pick up on Ed because I'm going to come back to this theme of collaboration here because Ed, I think what Arnd is doing is a bit of a counter example to the suggestion that governments and regulators take the lead because there can be circumstances here. Artificial intelligence, correct me if I'm wrong here, Arnd, artificial intelligence, ultimately it's built upon data. Companies might see for their own interests facilitating the exchange of data, they're going to deliver the result potentially much more quickly through things like APIs than if we wait for a government, which some countries are waiting for, waiting for a government to mandate what ultimately national exchanges of intelligence, which again begs the question of why we want a national exchange of intelligence, not an international exchange of intelligence. Ed, what's your views in terms of are there times when the free market, when the capitalist system, when business interests will get to that result far more quickly than governments and we're making a mistake to wait for governments? Yeah, I mean this should be one of them, right? And so I can't off the top of my head come up with a whole business case behind it, but this should be one of them just in the sense that the problem that we're talking about is a global problem. The second we start chopping it up into regional bits as you do with telecom regulation, you kind of move away from the problem. And I think that this has always been this issue of the internet, this global phenomenon growing out of regionally or nationally regulated telecoms. Those two things have always been kind of in contrast to each other. So yeah, I think the free market makes more sense in this case because it's a global problem. And the other thing too, it's like we've talked about before, how many examples are there of just purely a regulatory organization solving a problem like this that then goes to the rest of the world, right? I don't know. I mean, I'd love to see someone come back to me with data that's telling me I'm wrong about that. But in 25 years of covering the telecom industry, I can't think of an example off the top of my head where we came up with this amazing regulatory regime that the whole world adopted that solved a major problem that hurt everyone. Yeah, I don't know. I haven't seen it yet. Well, there isn't one. They're wasting any more time thinking about it, mate. It hasn't happened. Lee, I will put you on the spot here. Please answer truthfully. And he's a businessman. He wants to promote his company. He wants to promote his products. Would it make it more attractive to you if a company comes along with a fraud management system and say it's plugged into the data from lots of other telcos? Or is that of no difference to you in terms of when you look at a fraud management system, its virtues and its vices and the benefits and costs of using it? Well, information is power, right? So the more information you have, then obviously the better it'll be. But ultimately, it's about results. So if it gave me the right results I was expecting, then yeah, I'd definitely buy Arn's software. You made it seem like I set that up now. I was actually looking for a more extensive analysis of how much value is there to a company. Because you've worked in big telcos. You've worked in small telcos. Does it make a difference? Perhaps when you're in some massive group, your attitude is, I don't need intelligence from somewhere else. But if you work for a small telco, maybe it's crucial that you start looking at information exchanges. Give me some perspective on the value that comes from having intelligence. Yeah, I think you need to have intelligence whether you're a big company or a small company area. That's how you basically decide where the threats are coming from and how you then counter those threats. So sharing information, obviously that's a benefit for the industry. And like we've discussed on the call today, there needs to be more collaboration, more data sharing. You're always the dipper, Matthew. But I think, Aard, we did get you an additional sale there because Lee did basically say if his supplier doesn't step up, then he'll be switching to Oculeus. Aard, we've massively overrun in terms of the time of the show. So I apologize. This is going to be my final question to you. But in terms of advice that the viewers who are watching this show, the fraud managers who are watching the show, in terms of what they should be prioritizing as the number one, the number two, or even the number three, but really the number one thing they should be putting on their roadmap in terms of the capabilities they need to add to what's available to them. What would be the messages that you would give them? What are the messages that you're pushing right now as being the big winners, the big gains in terms of additional technology telco should look at implementing in their companies? I think they should really look into the verification of the origination of numbers. This is the hottest topic right now. And there is Columbus Act still has to be found. Okay. That was a shorter answer than I expected. I mean, in terms of, again, Germany, you know, Germany is not reviewing stir shaken in terms of this. Do you think that there will be more alternatives? We have a comment from one of our viewers. Here's James McKenzie asks, what happened to CBAN? So we know that there's some alternatives out there. Are we still waiting for more research and development to be done in order to form this decision? Look, there'll be some stuff coming, which will be even different to what's out there. The German approach currently is simply anything with what comes into Germany with the German number. The number has to come by an international link. The number has to be wiped here in this case. The problem is this is even not easy with the technology, which is there right now, because it doesn't consider roaming. You know, if you're outside roaming, now your calls home, you don't see a number. And we nowadays have the habit to not take numbers, to not take calls without numbers here in this case. So I don't know what's happening here on the German side. I'm not that much involved, even if us being a German company here on these levels. So I cannot give you here a definite answer. But for sure, in the near future, we'll have some other talks. And I get you some more insights on stuff, which we have on the agenda. We've got a win-win going on here, Arndt, because I've sold you into Lee. Now I'm going to sell Lee to you, because Lee's got the answer. In the Middle East, he's been talking in the previous episodes about how to deal with roaming. So you should just get him in, consult you, and then you can sort it out for the rest of Germany, because they're dealing with this problem in the Middle East. Did I misunderstand you from what you said previously, Lee? Basically, you're already an advance ahead of some of the European countries in terms of how to look up data from the HLR, how to understand and ascertain if somebody's roaming or not, and then integrate that into the work you're already doing. We do. And we discussed this, I think, on the show two weeks ago. So if anybody didn't see that show, what we do is we, if it's a number coming in with a CLI, which is from our fixed lines, we would check that. And you can't have that call coming in from an international route. So we know that's being spoofed. We block those calls. If it's a mobile number coming in of one of our customers, we then check our HLR. And if they are roaming, we allow that call to pass. If they're not roaming, again, we know that's spoofed. So we block that. And then we're working with the other operators now, because what we've seen is there's been calls, which are now numbers, which are being spoofed using their number ranges. And now we're getting access to their HLRs. We'll check them to see if they're in a roaming scenario. If they are, we allow that call to come onto the network. If it's not, we'll block it. And another great example of information sharing, data intelligence there. Another great example of it in practice. Arnd, is this something that you'd be interested in copying and trying to sell around to the European telcos who currently aren't aware of how to do this? Look, what Lee just said, this is familiar for me here in this case. And one thing which we should really step off is pinpointing, this is from the Middle East, this is from Africa, this is from Asia or somewhere, or this is from Europe, you know. The world got small. And in any of these companies, bright guys, smart guys, simply sit and work and just simply put together the scenarios necessary to overcome problems. And we have to simply take the best solutions and the best results out there in order to cope with the problems. And we, nobody should think we are any better or any less than anybody out there. Good point to finish on with the interview. I do appreciate your time, Arnd, we've massively overrun, but thank you for your insights today. I really appreciate them. Thank you for joining us on the show. Thanks very much as well. That's it for today's show. Ed, Lee and I will return next Wednesday when we'll be talking about the new risks created for the communications industry by the adoption of embedded SIMs or eSIMs, helping us to understand those risks. We'll be telecoms testing expert and Blue Gem CEO, John Davies. We'll be live on Wednesday, 10th May at 4pm UK, 6pm Saudi Arabia, 10am US Central. Save the show to your diary by clicking on the link in the Communications Risk Show webpage, or save yourself the hassle of doing that every week by subscribing to our broadcast schedule and having every weekly show added to your diary automatically. Thanks again to today's guest, Arne Baranofsky, CEO of Opuleas. They were the sponsors of today's show. Thanks to my co-presenters, Ed Finegold and Lee Scargall for putting up with all my nonsense and for being so diplomatic when I'm so rude. I guess if you never see them again, it's because they've been tarnished with the AI brush that will soon be censoring me off social media. For everyone else, comment in here for it's just flown in. How long would it take for fraudsters to find out which numbers are roaming so the CLI can be used for spoofing? I'll leave that one for Lee to ponder, and we'll bring them back for next week with that show. Thanks to our co-presenters. Your insights are always much appreciated, and thanks to the two guys you never get a word in, but they're doing all the work keeping this show on the road. Our hard-working producers, James Greenlee and Matthew Carter. That's all for Episode 8 of the Communications Risk Show. I'm Eric Priezkalns. Remember to visit the Communications Risk Show website, tv.commsrisk.com, for recordings of all our past shows. Read our main site at commsrisk.com for the latest news and opinion about risks in the comms industry. And if you fancy some real collaboration for a change, then download the crown-sourced Risk Catalogs, or select to use the intelligent sharing blockchain of the Risk and Assurance Group at riskandassurancegroup.org. Thanks for watching. We'll see you next Wednesday.