3 May 2023: Advanced Fraud Prevention

How can the latest technology detect and stop fraudulent network activities before telcos and their customers lose any money? Arnd Baranowski, CEO of Oculeus, shares his insights and answer questions from the live audience.

Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.

Transcript (auto-generated)

Hello, I'm Eric Priezkalns, and this is episode eight of the Communications Risk Show, the live streaming discussion show produced by Comms Risk in collaboration with the Risk and Assurance Group RAG. Every Wednesday, we talk to risk experts from around the world
of electronic communications, and we broadcast live, so you can also join the conversation, submitting questions and observations as we go along. Submitting your question is really simple. Just type it into the message window immediately beneath the streaming window on our website at tv.commsrisk.com. We don't collect personal dates about who watches our shows, so include your name in the message if you want me to read it out. The show is also streamed live to viewers on LinkedIn, so you can also leave a comment there. Just type
away and one of our production team will forward them to you. We've been talking a fair bit about fraud during this season of the Communications Risk Show, but it's always good to have more fraud prevention tools and techniques at our disposal. That's why today we'll be talking about new technologies that can be deployed to prevent fraud with Arnd Baranowski, CEO of Oculeus, innovative developers of anti-fraud systems and other software for Comms providers. Oculeus are the sponsors of today's show. But before we bring Arnd
on, let's make some time for topical chats with my fellow co-presenters, Ed Finegold and Lee Scargall. Ed Finegold comes to us from Chicago, where he's a market analyst and strategic advisor to tech and telecoms businesses. And Lee is dialing in from Bahrain. He's worked extensively with Comms providers in the Middle East, Asia, Caribbean, Europe, where he's been both a senior risk manager and also a consultant. Hello, Lee. Hello, Ed.
Topical subjects straight away. I'm going to ask you about this one first, Ed. I'm keen to get your point of view on this, but then I'll ask you as well, Lee. AI, a lot of fuss about that these days. AI, though, being used to clone the voice of somebody and then being used to commit crime. A few weeks ago, Good Morning America ran an interview with a lady called Jennifer DeStefano and her 15-year-old daughter, Brianna. Jennifer
recounted how she was walking down the street when she received a call from a strange phone number.
Brianna was away from home on a skiing trip, so Jennifer picked up in case it was about her
daughter. What she next heard was her daughter crying, then telling her, Mom, these bad men have
me. Help me. Help me. A man replaced Brianna on the line, claiming he had kidnapped Brianna and
demanding a ransom. But fortunately, Jennifer stayed calm enough to double-check Brianna's whereabouts before
agreeing to the supposed kidnappers' demands. It turns out Brianna was safe all along. The voice on
the line was believed to be an AI clone of Brianna's voice. So, Ed, Lee, you're both parents. I'm sure you
can imagine what it's like to be in a situation where you're given a shock like that and a phone
call like that. Somebody who sounds just like your own children. We talked a lot about identifying
the people who call us as well on this show. There's the advent of this kind of technology
where we're cloning voices, able to simulate people, able to take the persona of anybody.
Does that mean it's now game over for protecting our identities on the phone, Ed?
So, you know, interesting. You're qualifying that as on the phone. And what I was thinking was in
more general terms, I think the answer to on the phone is yes, but in more general terms,
don't forget deepfake video because that can be pretty convincing as well. So then getting into
sort of a more comprehensive impersonation, if phone actually also could include this
medium we're using right now. Right. So all of that. Yeah. I mean, I think that's pretty alarming.
I think, though, in terms of is it game over, I really want to hear what the biometrics folks have
to say about this and what are the best practices there as the generative AI curve keeps
accelerating, I guess, or getting steeper, whatever you want to call it. The trying to catch
up to that gets harder. Right. So I'm really interested to hear what those folks have to say.
But you and I have talked for a while now about like a concern that I raised with you
man, it's got to be a year and a half ago or so that we first chatted about the idea that you're
that you have a physical identity that does an awful lot of things and is gaining even more
autonomy now. And the idea that if you think about where all these impersonation schemes are going,
you know, can you extend that line out to where you will be separated, your physical self will be
separated from your digital self. And then what means if any, do we have to prove the connection
between those two things? That becomes real tricky, especially in the types of scenarios
that you're talking about, where the the fake can become so complete, right? So like three
dimensional. I'll leave it there for the moment. That's that's the piece. Yeah,
nightmarish, if you ask me absolutely nightmarish scenarios. And I think the fear for me is that
when it comes to the way businesses, organisations, governments, the market, for want of a better way
response to these things is we rush ahead with the new technology because you want the new
technology because the benefits new technology, and the investment on curbing the downsides of
technology, all it comes when there's a clear profit margin, or clear need or incentive to do
something about it. The rate of change, and the size of that market, and the amount of
that gap, we can see a lot of harm being done before we start having the technology applied
to solve this problem. Let's pivot the conversation your way. You're aware that
frauds like this, technologies like this, I should say also use things like CEO fraud.
And it could be used for spear phishing attacks, where the goal is to socially engineer a member
of staff, a big problem for telecoms companies, of course, you're aware of telcos doing things
in terms of like trying to reduce SIM swaps and things like that. But are you aware of telcos
taking steps to protect themselves, specifically from this kind of impersonation, a voice on the
phone that sounds like a co worker? Or are telcos now increasingly at risk of being hacked because
of the danger of voice cloning? So yeah, it's a real risk, Eric this. So if you're using voice
ID for authentication, then you really need to replace it immediately with something more a bit
more secure, right? Because there's technology out there right now that can be used to bypass
voice security. I think it's probably less secure now than OTPs over SMS. Okay, back in February
of this year, there was actually a journalist in the UK, he works for motherboard, he actually
recorded himself reading out a page of text, he then uploaded that to 11 Labs, which is a
synthetic voice platform, he then used that app to bypass the security on his Lloyds bank account,
and that's over in the UK. All he simply did, he just typed in the text box on the platform,
then converted it to say, my voice is my password, without even actually saying that, and he managed
to get into his bank account. And then you've got the likes of, you know, David, get to who
actually did quite a cool thing last month, what he did, he used chat GPT to generate a wrap in
the style of Eminem, and then he fed that into a synthetic voice platform, and it actually said
the wrap, as Eminem would actually say it. So there's actually some real cool commercial
activities you could use for this, but obviously, you can use it for the fraud as well.
But this is the problem. Excuse me, this is the problem. We get fixated on the cool stuff,
and I can give you another example of cool stuff. A businessman a few months ago, I noticed a story
on social media, he was promoting how he now obviously, we can't validate he really did this,
but how he had claimed to have connected a voice synthesizer, a clone of his voice,
to chat GPT, with the result that he used this entirely automated system to discuss his phone
bill with his phone provider, and to basically argue successfully for a credit on his phone bill.
So on the one hand, everyone's going, oh, great, I don't need to spend half an hour on the phone,
wasting my time arguing with somebody in a call center, I'll let the machine do it.
Hold on, hold on. You've just created a machine to impersonate you successfully as a customer
and influence the service and the bills you get, and a real person in a real call center,
if this is a genuine example, was fooled. They thought they were speaking to the customer,
and they did change the customer service, and they did change the customer's bill as a result.
So we get excited with the positive example. Oh, goody, I don't need to do this. Hold on,
hold on. This is exactly the problem. We're not seeing the downsides to this.
This is potentially devastating. I don't want somebody calling up my phone provider,
reusing my voice, and starting to negotiate what my phone service should be. This is the problem.
I don't think telcos are even waking up to this problem.
Yeah, so I mean, if you're a public speaker, right, or if there's any audio of you out there
on the internet, right, then you're at risk of this type of attack, right? I personally think
voice identification, it's completely dead now. So, Eric, I hope you're not using voice
identification on your banking app. No, but you can't expect people not to use the internet to
spread their voice. There's this thing called TikTok-ly. It's quite common with, you know,
you're a cool kid. You know David Greta. You may have heard of TikTok. It's also cool with
the kids-ly, you know? We're not going to be able to roll back to a point in time where people are
not going to be hearing according to voice. The advice that's given, oh, well, don't share data
on the internet. Are you serious? Yeah, not only is it people like us talking on the internet,
what if somebody just called you and you spoke to them and they picked up the phone?
They've got your voice. They're recording your voice straight away. You're on a Zoom call
with 10 other people who work in your business. Somebody can record on that Zoom call without
your knowledge. It's not just about social media. Our voices can be recorded by any sort of device
these days. Yeah, I completely agree on that, Eric. I think there probably needs to be a lot
more regulation over these synthetic drinks. Regulation? Come on, Lee. That can't be the answer.
We need regulation, Eric. I'd say laws evenly, right? If you bought a Sawzall, think about this.
Go buy a Sawzall. You can go buy one at a tool shop, at least you can in the US, right?
What are you allowed to use it for? There's things it's completely illegal to use a Sawzall for.
There's things it's completely fine to use it for. If we're building tools like these AI tools,
well, what's it illegal to use them for? We don't even have that figured out yet.
It shows you what I'm messing with, though.
I think it's stricter than regulation in that sense, right?
No, come on. It shows you what I'm messing with, though, that you're now looking for
law and regulation to sort you out. We can't even sort out plain old-fashioned telephony.
The laws of the regulations are so far behind. Isn't that what we'd be discussing every single
week is how far behind the laws and the regulation are, how unrealistic are, how ineffective they
are. I'm not saying I have a solution here, but we are falling further and further behind.
That's what I'm saying. Businesses, at least they could protect themselves.
If you're waiting for the government to protect the man in the street,
so game over. I say it's game over. Government's never going to go around to it. Maybe a business
can protect itself because at least it's got the incentive to not be compromised.
Anyway, lots of comments coming in. Forgive me. I'm ranting. I'm in a ranty mode today.
You're going to get both powers. I'm sorry, guys. Lots of comments coming in. Todd Dunphy
says, great stuff, guys. Thank you, Todd. This issue is becoming massively huge on dating apps.
It is very dangerous. I have tons of chats every week testing all these theories you guys are
discussing. The issue we have is that the physical world is how human relationships were designed.
So many comments coming in. I can't keep pace with reading it out as they're flowing.
So that is what humans seek and desire, but tech allows a hybrid that's really bad with
fake AI humans. I totally agree, Todd. Lorenzo Francisco, high risk indeed. We advise customers
to use voice calls to confirm payment requests from their top managers to prevent business
email compromise fraud by having this kind of voice fraud confirmation. We're no longer safe.
Yes. I mean, good point because we still haven't dealt with emails. We haven't fixed that problem.
So we use voice. We're going to go from one factor to two factors, three factors. We're just going to
have 15 factors of authentication. I just kind of add them on and on and on and on and try to
solve our problems that way. George Woodworth says, I believe there's an AI generated video
of Michael Jackson rapping as well. Not quite as cool as Lee there, George, because Lee named
David Guetta, whereas Michael Jackson is no longer so cool, George. But you are right, George.
That is a good point. And yeah, we're not seeing the downsizing. Thanks for the comments, guys.
Really love the comments from the audience. Keep firing them in. But now, a moment of calm as I read
out our advert from our season sponsors, Lucha. There's so much that can be achieved by implementing
test techniques that include test calls and other test events over your networks. Do you want to
understand how your network services are perceived by customers and perform tests to reflect the
actions of real people? Are you worried about bad actors bypassing information feeds, termination
fees with SIM boxes, refiling or OTT bypass, originate calls on other networks, cover an
expansive range of international routes, then check how those calls are terminated on your network.
Do you want to verify that your outbound Roamers are able to connect to services whilst away from
home and the test program and the locations they travel to? Do you want to verify the network
services provided by roaming partners, then you can perform full roaming audits in key locations
using test devices that really test their networks. Problem is investing in the infrastructure and
resources to create all sorts of network events from lots of different locations in the world
would not be cheap. That's why the smart approach is to ask Blue Gem to do it using their Test
Anywhere crowd and their automated equipment with the latest Android test devices deployed
worldwide. Blue Gem test network services on behalf of telcos, governments and software
companies. They use real phone devices that can make a call, send a message, transfer data,
stream music and video, basically all the things that people do with phones, creating real customer
journeys. Blue Gem also support the latest technologies such as eSIM so they can validate
multiple eSIM profiles at home and abroad. The proliferation of wipe services these days means
it's never been more important for telcos to ensure traffic is routed correctly and termination
fees are correctly levered. Blue Gem can execute a risk-based testing program on your behalf,
focusing on the routes and countries where there's the greatest risk that your telco will be exploited.
And automated testing means your staff are not required to perform laborious manual tests.
Automated alerting your test results also means you get advice about fraud as soon as tests
identify where it's happening. But whilst you'll become newly aware of frauds, the fraudsters
won't know those tests have identified them until you decide what action you want to take. So with
your focus, is the customer's network experience, roaming costs or the assurance of interconnect
routing, then you should call upon the experts at Blue Gem. Their URL? blugem.com. Blue Gem.
So, Lee, continuing the themes we were discussing earlier, I'd like to talk now, I'd like to hear
your thoughts on whether home working, remote working, the fallout from the pandemic, in short,
means telcos are now more at risk than they ever were before, and whether there's a failure
to respond to this risk. Why am I suggesting they're more at risk? Well, because although,
Lee, you picked upon automation to identify your voice, there's something else that people do.
They start a job, they're sat at home, somebody else calls and says they're from the IT help desk
in your own company, and you're trusting the voice. You don't know the voice, you maybe don't
know the person, or maybe it's a cloned voice, but whether you know the person or not, we're not
having the face-to-face interaction at work that we used to do. We're more and more likely to have
a message, a call from a coworker, maybe in a different part of the country, maybe in a
different country altogether, and we don't know if that person is genuine or not. Should telcos be
taking more action just to verify that the calls received by their own staff originated with other
members, other employees of the company, Lee? Yeah, I think, you know, can companies do more?
Well, the answer is always yes. Yeah, you can never rest on your laurels when it comes to fraud
awareness programmes for your employees. I think you should be training all new staff
who join the company, and you also need to make sure there's like mechanisms and processes
in place. So if anybody actually suspects some suspicious activity, they can actually report
that into somebody. There's actually a lot of impersonation or business email compromise fraud,
right? So that's emails appearing to come from a superior, and it's usually asking for
somebody to make a payment or make a SIM swap or kind of give away customer information.
So if you're in doubt, my advice would be if you've received a call or an email,
you should report it, you should maybe contact that person who you've received that email from
just to double check first, right? It's very easy to spoof somebody's email these days.
Are telcos doing more, though? Have you noticed signs of increased training of staff to deal with
these risks or are telcos waiting till the problem occurs and only then responding when it's, you
know, basically the horse has bolted? The ones that I know, Eric, they are being quite proactive
in this. So in particular, some of the telco companies I've worked with, there are awareness
programmes in place and there are mechanisms to report this in. But like I say, I'm not too sure
if every telco is doing that and is active on it. I'm sure there's some which aren't and I'm sure
there's some which are on top of it. I actually like your idea you were saying earlier is that
surely if you receive a phone call from your employee who kind of reports that they're from
the IT department, surely that we should be the ones able to check that. So I think that's quite
a good idea there, Eric. I mean, forgive me. I think some of the things I say are so simple,
I don't understand why we don't do it more generally. Why are we fussing and getting
all excited about validating every call everywhere when a phone company can't even validate calls
between their own employees? Surely that would be a more logical starting point for solving
the problem. If you can solve it for your own employees, then maybe you can generalise it to
everyone else. If you're not bothering to solve it for your own employees, why would a big bang
approach to the whole country make sense? Surely that doesn't make sense. And this is Ed, I want
to come back to the point you brought up earlier and we were discussing earlier before the ad break
there. If you're waiting for government to do things, if you're waiting for government to solve
problem, it's going to be a very bad problem before the government is going to have a point
of view on how to deal with it. Because you don't elect politicians to positions of power,
because they're specialists in every rinky-dink little problem that the world faces. They're not
experts in network technology or voice coding or anything like that. Other people have to give them
answers, as well as bring them problems. Is there anything that we can do in terms of changing the
rate of progress at which industries like the telecoms industry percolate up the problems so
they are being acknowledged and recognized at senior levels within our society, that we're
currently missing a trick at the moment because we just tend to ignore the problems and hope they'll
go away? Is there somewhere we can not just get public awareness, but get the awareness of the
decision makers in our society to deal with these problems sooner?
What's it going to take? I mean, is the question, right? And if you look at the litany of things
that have already occurred, like the physical example is the 737 Max. That's the ultimate
physical example of what you're talking about, of this completely backward, unintended evil
of technology crashing planes full of people into the ground. But then things like that happen,
and I think in cyberspace, in the digital world, every single day. And we talk about those things
on this show, obviously, all the time. All those unintended evils and ways that things are misused
and where the gaps are that are taking advantage of. So I think, what can be done about it?
We spoke to a gentleman about this the other day, and I don't want to steal his words because
I'm going to let him speak his thing when he gets his chance. But there was a point discussed
that said that it's a risk equation that says if the business can afford
the risk and it can be factored in and it can be spread out enough, then we move on.
And it's not going to change the way we do anything if we can swallow the cost of that risk.
It was something to that effect. And I think there's something to that, where the cost of
that risk needs to be higher, maybe, than it is. And I've had arguments with executives about this
who will point to things like British Petroleum and the trouble that they got into in the Gulf
of Mexico and the penalties and everything else. But it's hard for me to imagine that
in the end of the day, and I'm not calling out BP here, but do those penalties at the end of
the day really make major changes occur? I don't know that they do. Again, I hate to not answer
your question because it's hard to imagine, but it certainly feels like we have this obsessive
need to keep pushing the limit of tech. Obviously, there's a lot of economic growth and a lot of
speculation that pressures that kind of thing. And I don't know, I guess to be really dark
about it, Eric, if I come back to the lessons of my childhood, it's that when external forces
forced you to get technology up in the air faster than you want to, you end up with a challenger
explosion. It's those kinds of things. And so it feels like that's where we're headed.
Yeah. Here's why I think this problem is different to those other problems. Those are the incidents,
those are the failings that we've seen. You have an oil rig blow out. Some number of people die
on the oil rig. Sorry about that. And there's a pollution in the Gulf of Mexico. That's bad.
Okay. You have a plane crash. The number of people on the plane crash. Okay. All of the example,
and the challenger, try this amount of work being done in oil rigs, in planes, and by NASA to make
sure that the space shuttle works correctly. But still mistakes happen despite that enormous
amount of work. And yet for all of the terrible outcomes that we have in the end, it's only the
people on the challenger that are affected. The difference with tech, the difference with
communications networks is if we get it wrong, everybody's affected. There's no limit here.
If you can clone someone's voice, if you can impersonate someone, if you can steal their
identity, if you can harass somebody using networks, the whole world is at risk. It's
unbounded. And that's why I feel as though we are massively under investing in protecting ourselves
from the risks because we do, society does spend a lot of time and effort and a lot of money gets
put into validating the design of a plane and checking them and maintaining them. And they
don't get to take off and they all have licenses and stuff like this. Whereas in tech, it's like,
boom, here's a new unicorn. We're going to make a lot of money from this technology. Let's throw it
out there as quickly as possible. We're not even at the point where we're even reviewing the
possible repercussions until it's out there in the wild affecting potentially millions, if not
billions of people. I don't know the answer. Just to go back to your question, Eric.
We actually use a corporate messaging application. I'm not going to say which one it is,
but we are encouraged to use that all the time to contact people within the organization.
So, we've actually adopted that since the pandemic. So, I think that would be good practice
as well to use that and make sure your company has something like that.
Yeah. I mean, and this is a valid point about how you start devising society-wide strategies
with dealing with problems like this. Maybe our strategy will one way or another end up being,
we don't have global networks. Because if a global network like telephony gets so infested with crime
and abuse, people aren't going to want to pick up the phone. People aren't going to be dialing.
People dial me. I see a phone number. I don't recognize it. I don't answer the call.
I wait to see what the voicemail is going to be. So, whether by design or by accident,
we won't have global networks. But if somebody say like you, like you, Lee, like you, Ed,
if you send me a WhatsApp message, of course I'm going to respond to your WhatsApp message.
Because now this is, although it's a global tech, it's actually not a global network in terms of
who I'm communicating with. We're now breaking things down. Maybe this is the future, is that
we're going to have fewer global forms of communication. Anyway, apologies. I've got to
just read out one quick comment here before we go into the next ad break. Roberto Pareto asks,
and this is a completely pertinent question. I absolutely understand why you asked this question,
Roberto. How do we know that I'm not an artificial intelligence? Well, I agree, Roberto. In fact,
the last 30 years of my life, I have been trying to behave in an eccentric, erratic fashion,
unlike other human beings, just so technology will not be able to simulate me so effectively
in future. It's all you normals out there who are in trouble, because the more normal you are,
the easier you are to simulate. Whereas weirdos like me, we're going to be relatively immune from
the effects of artificial intelligence, at least in the first way. And Sridhar Rao says, nutrition
labels may not work all the time, but having them on all tech products is a first step. Quite right.
We need to have people at least informed and aware of what's happening in terms of the risks
they're taking and what can go wrong. Okay. Here's another. Comments keep flying in. I don't have time
to read them all out. Sorry, guys. Now, here's another of our recurring features, the symmetry
prism fact of the week. Now, each week, we share an interesting fact from the Prism Intelligence
gathering team at Symmetry Solutions. It comes as no surprise that fraudsters are amongst the worst
people in the world, and they do not hesitate to make a quick buck by exploiting other people's
suffering. The invasion of Ukraine and the refugee crisis that followed prompted many telecoms
operators to offer free or reduced cost to Ukraine and free roaming for Ukrainians leaving the
country. Fraudsters responded by cynically exploiting new opportunities for fraud that
that created. That's why the Prism team continues to give away, free of charge, intelligence about
the Ukrainian number ranges being advertised by dodgy websites for use by fraudsters. At present,
there are over 64,000 Ukrainian phone numbers advertised for use by fraudsters. That total is
higher than it's been in recent months, despite the conflict being well over a year old now.
And that's why Symmetry recommends telcos remain vigilant about communications traffic directed
towards Ukrainian numbers. But on the other hand, please don't overblock. We don't want to see
anybody suffering as a result of being too cautious in response to fraud. So, if you work
in telecoms fraud management, and you want to receive Symmetry's free updates about Ukrainian
numbers so you can pinpoint what to do about tackling fraud, then contact their fraud
intelligence team via their website. That's symmetrysolutions.co.uk. I have to say, I think
that's a thoroughly admirable initiative that they have there. Oh, I just got to take a quick
breath here, but I'm about to start ranting again any moment on a new topic. Seems to me that we
talk a lot in this industry about collaboration to solve these big problems, big, big, big
problems affecting billions of people. But we'd have a lot of people who talk about collaboration,
and they're talking to one or two other people about collaboration. There's no real broad
collaboration at all. I know people are going to get angry at me, but I'm going to say what I'm
about to say anyway. So, feel free to send in your comments if you don't agree. Last Thursday, I
noticed on social media a post from the CFCA, the Communications Fraud Control Association. Yes,
I'm calling them out by name. I'm not afraid. Now, their post promoted a new YouTube video
of one of their recent online discussion panels. Not that different to what we do here,
okay? That video, in the course of three days, had amassed 11 views. 11. One and another one.
So, they broke double figures, okay? But not that many people. When you consider that there
were six people on the panel reaching 11 people worldwide, well, probably six of the viewers was
the people who were on the panel watching the video back again. So, that is, and I'm not bragging
here, it is a smaller audience than this show reaches, okay? I went to Twitch the same day,
straight afterwards, straight after seeing these figures on YouTube, took a screen grab of the
episode we had aired the previous day. It had already garnered 374 views at that point in time.
So, 374 views for just one channel we use in a single day versus CFCA struggling to get into
double figures over three days. In fact, now, as far as last week's episode is concerned,
the total view count is now over 2,600, with 1,800 of those coming through our website and
through Twitch, and over 800 watching via LinkedIn, either live or watching the replay later
on. So, it's not about bragging. Here's my point, and it's a serious point. I'm keen to have your
views, Lee, and your views out on this as well, because maybe I'm in the wrong here, all right?
There's a lot of people who talk about industry collaboration to fight fraud in some vague,
eye-faluting fashion. But if you're not reaching anybody, if you're not actually connecting to
anybody, you're not doing it. And the stats speak for themselves, and they've been consistently
repeating. This is not a one-off. This is the repeated story. Nobody's watching. Nobody's
listening to associations like the CFCA in actual practice. They're sucking at resources because
some companies understandably want to sell to telcos like Verizon and AT&T. They're sucking
at resources, but they're saying and doing the same things for 20 years in a row. We have not
got the time to waste in dealing with these new risks that we face in the communications industry
to still be talking about the same old nonsense for the decade after decade. And because they're
always talking about the same thing, it's boring. It's unproductive. That's why they've got no
audience. The only thing that comes out of associations like that is phony baloney statistics
about how big fraud is. Guess why? So you can go and buy such and such system. Well, if that's your
philosophy, then you're always going to have a lot of fraud because that's always your logic for why
you should buy more and more systems, never reducing the problem. These are the kinds of
people who think stir-shaking is a great use of money and didn't say boo to a goose in terms of
whether there'd be any flaws or problems with its implementation. And then infuriatingly, vendors
around the world cite the CFCA statistics like this as evidence that we're succeeding in the
fight against fraud. My conclusion is short. We are not ever going to deal with these worldwide
problems unless we sometimes tell the big US telcos to shut up, step to one side and start
getting some real collaboration, some real information, some real advice and leadership
from big telcos in China, big telcos in India, the big telecoms groups headquartered in Europe,
the innovative work being done in Latin America, the innovative work being done in the Middle
East. I was reading a UK consultation that's bragging about how good stir-shaking is the other
day. Nothing was said about what had been done in the Middle East to deal with CLI spoofing,
not a single lie. That can't be right because the Middle East has been lots of good work done.
And yet the people who are giving the advice to people like Ofcom, the UK regulator, they don't
even know about it. And heaven forbid anybody should ever meet a black African giving his
a lecture about mobile money. It's as if some parts of the telecoms industry are even aware
that Africa exists. So Lee, let's pick on you first because I've been very controversial here.
And I've given you a few seconds to sum up, get yourself ready for the onslaught of hate that
we're going to have as a result of my diatribe. Lee, am I wrong to talk about industry collaboration
really descending into this pit of empty preening that accomplishes nothing?
It's kind of difficult to follow this, Eric. What you've just said there. Look, I can't talk about
the CFCA because I haven't actually been to one of their meetings, right? So it would be unfair
of me to comment. That's a cop-out and a half. That is a cop-out and a half. You've heard of
their statistics. You know that they're going on. I just told you they had 11 views on the video.
You could have watched the YouTube video yourself, couldn't you? I'm trying to keep it professional,
right? But look, as an industry, as a whole, do we need to be more collaborative?
Then the answer is yes, we do, right? A lot of this fraud, it's committed across international
borders. So we have to have collaboration. I think there is some good work. I think
RAG's doing some great work. I also think the GSMA, FASG, also do a good job as well.
Evan, a diplomat. I'm turning to you, Ed. Are you going to be a diplomat too?
No. No, I think the telecom industry stinks at collaboration on a few different levels.
So two different things, I'd say. So one, starting with the CFCA, I just want to comment on that.
So what I can say from someone that does primary research, right? And sometimes obviously you're
doing desk research and looking at other people's data and what have you. But I think it's important
looking at other people's data and what have you. You always have to consider who your source is
and if they have an agenda or not. And so any organization, whether it's the CFCA or
any other industry-funded organization like that, that obviously represents some kind of an agenda,
whether it's political or business or regulatory or whatever it is, you have to take that into
account when you're weighing the data. So for somebody like CFCA, it's automatically something
that I think you can kind of look at and say, okay, if I'm going to look at a variety of data
points and see how they compare to each other, I'll probably have it in the mix. But I don't
know that from any organization of that sort, right, you want to hang your hat completely on
the data point unless you are also doing some PR to drive a similar agenda, which is a lot of what
happens with data points these days, right? It's sort of like a parallel story to what you're
talking about, that a lot of the data that gets produced, it's not only is it not to drive action,
not only are people that can drive action not paying attention, it's mostly used for
infographics and press releases and generated for that purpose to open eyes, right, and
click chasing and all that sort of thing, right? There's that whole side of it.
There's also like a golden calf effect too, though, that happens in that process,
right, where you'll see data, some big data point gets cited by some semi-reputable or semi-reputable
publication. And then there's a daisy change of other sites to that source. And you'll see a lot
of people doing that kind of sort of desk research and piecing things together. And on more than one
occasion when I've tried to follow back to the original source, I found nothing. So there's that
effect is happening to your point all the time. And so my point though on telecoms being bad at
collaboration where I started was, and I've written about this a lot, I've sat in enough
sessions at different meetings like Mobile World Congress that are specifically like, hey,
this is the session where we're getting the multiple industries together to talk about
what 5G solutions are going to look like in five or six years. And this is five or six years ago,
right? And everyone in the room is from a telecom or one of their major suppliers. And there is
nobody in there from any other industry. And now here we are bringing 5G to market and everyone's
saying, we don't really have any practical use cases to run with. I'm uncertain about this. Well,
why do you think that happened? Because we stink at collaboration. And six years ago when you had
sessions at Mobile World Congress, talk about those things. There was nobody that could do
anything about it in the room and no one listening to your point. So yeah, I think it's an ongoing
problem. It's pervasive. I think we so underestimate the significance
of it. Let me give you a recent example. Tom Walker, you mentioned his name the other day
in our previous show. I'm having a bit of a row with Tom Walker these days on the social media
because, and I've been pointing a lot of fingers and I'm not afraid to point fingers at people in
the US industry. And whenever I point a finger at somebody, they always say the same thing.
Nobody has ever said, stir-shaken will be used to block coals. Okay. That's funny because it keeps
being reported that stir-shaken is used to block coals. It's so reported that stir-shaken is used
to block coals that the UK now has a consultation and the word blocking is on the front of it. And
the whole thing is about the promise that it's going to be used to block coals. So this is not
just appearing from nowhere, this belief, okay? Somebody's making promises here. And when I turn
the finger back and go, who actually made this promise? Suddenly you can't find who's making the
promise anymore. It wasn't me, it was them over there. So I would say, oh, yeah, look that way.
How can we be running an industry like this? This is like expensive decisions about protecting
people from even more expensive harm. And yet we're all acting as though the information
just somehow fell into our lap from the sky. We trusted it. We weren't sure where it came from.
We'll probably do the right thing somehow or other. Absolutely insane. It's driving me up
the wall. This is why I'm going crazy, guys. Sorry.
I thought of you the other day, and I think Lee wants to jump in and I want to let him,
but I just have to say quickly, I thought of you the other day because I walked into my bank
and saw a large sign advertising on the wall, right? That is a hand holding up a phone with
a caller ID, a smartphone with a caller ID popping up. And the caption says, be careful
of caller ID. Be careful of caller ID, right? Deliberately telling you this is not something
you should trust. It's going to scam you, which is, I think, sort of validating your point about
strategy. Thank you. Thank you.
Did you want to jump in, Lee? No, I was just going to say that I was agreeing with Ed on
most of everything you said there. But not agreeing with me. Okay. That'd be typical.
Right. We need to keep moving on because we're now way behind schedule. So, I apologize to
everybody who's been waiting for our interviewee. We're going to take a brief break from my
horribleness with a soothing feature from one of the nicest, kindest, most decent professionals
working in the industry. God bless him. I'm so glad that he's working in this industry
because so many other people drive me up the wall. Jeffrey Ross, a call authentication,
fraud prevention, and geolocation specialist. One root. Now, he's both a Texan and a cosmopolitan.
And each week, he takes us on a tour of the world, highlighting the diversity found all
around this planet, whilst reminding us of the common challenges faced by common providers.
We call this feature the world in your phone. And this week, Jeffrey is taking us to Thailand.
Producer James, roll VT. Hey, everyone from One Route. I'm Jeffrey Ross,
and this is the world in your phone. Let's talk about Thailand. Now, if you've ever had the
pleasure of visiting Thailand, then you likely know it is home to some of the world's most
beautiful beaches, friendliest people, and tastiest food. Located in Southeast Asia,
Thailand is officially known as the Kingdom of Thailand. But did you know that at the end of 2022,
the Thai police raided multiple locations, finding and cutting more than 10,000 internet lines that
were going across to neighboring Cambodia, believed to serve the call scam gangs that
had defrauded many of Thai people. Also earlier that year, the Thai police seized more than 200,000
SIM cards all used for call scams. That's taken the fight right back to the fraudster.
Did you also know that the capital city of Bangkok's real name in Thai is Krung Thep,
but even that's a shortened version of the name. So without me completely trying to butcher this
with my Texas twang and not being able to pronounce it, go out there and Google,
figure out how long that capital city's name really is. Thailand also is the world's largest
exporter of orchids. So world's largest exporter of rice by value. And there are more than 40,000
temples in Thailand. Another fun fact, the smallest mammal in the world, the bumblebee bat
is located in Thailand. Be sure to subscribe to the one route roundup in the world in your phone
on our YouTube channel. And follow us like do all that fun stuff where we put a spotlight on
individuals and companies making a positive difference in the telecom industry. Eric,
back to you for some more great communications risk show.
Thanks, Jeffrey. I never know what to expect from Jeffrey's videos, but I always learn something.
That said, I won't be attempting to pronounce the full and proper name for Bangkok. Now,
let's say hello to today's guest. Arnd Baranowski is the CEO of Oculeus. Hello,
Arnd. Now, they are suppliers to telcos all around the world with a particular specialism
in using cutting edge technology to stop fraud before it even begins. It's a pleasure to have
you on the show, Arnd. I want to get straight into the meat of our conversation here. What is
the next big step forward in technology for fraud prevention? Or has it already been taken?
First of all, thanks. And thanks for the really great discussion. I was able to follow before.
And it's great to be on this show with regard to your question. I think it's about time that we
really rethink the architecture of communication. It's about time to harden the communication and
not to run behind the fraudsters to try to prevent them from doing things because the technology is
advancing. As you described in the first half of the show, the technology is advancing in the style
that actually what we have in place is just simply not sufficient. We have to look at everything from
the start of call to the end of the call. Where is it transiting? Through what networks? And there
is, in my personal opinion, there is a biggest weakness because we're talking here about an
architecture which is really ancient compared to what's possible today and what's been utilized by
fraudsters and scammers here in this case. So the next big thing will be to really change
some stuff. And I think these changes will also change, let's say, the landscape of communication.
Communication will, certain types of communication will lose importance, others will be done
differently, and maybe certain communication will be just simply much more protected, much more
secured, and this way it'll be just simply much more difficult to step in and to commit fraud.
Will you be more specific, Alan? Can you give us some examples of how things are changing?
Because you're saying it's not just about the technology, it's about the technology.
Because you're saying some big changes, but you're not using any buzzwords. Normally,
when I say, what about new technology? They just start throwing out machine learning and
words like this. Look, if we're talking about AI and machine learning, this actually, for us,
for me, this is an old hat. This is nothing new. This is just simply there since the middle of last
century. It's there. And what people mostly don't understand, AI can only be, and the results of AI,
can only be as good as the models, and it can only be as good as the experts' input. When we're
talking about artificial AI, how many of us are not sufficiently intelligent and you don't want
to mirror them? And this is what's happening all the time, because simply the models and the inputs
are not good enough. And what amazes me most about AI, or not about AI, but about specialists,
about the ones in our industry, what amazes me most is that we're still here talking with people
which then start to come up with ideas, crude ideas about what you need for AI and so on,
not having an understanding that they are just simply 10 years old, what they think about.
And so this has gone by. And even what we see today, I mean, this is just simply the peaks,
the peaks of what is possible. And actually, this should be the science that we really also
think about the communication here in this case. And yes, we're working on stuff. We're working
on stuff which has the ability to really harden communication here in this case. And it's just
simply about to take the full steps necessary in this case, because it's not time to continue to
run after the last cent or the last or the newest commercial thing here in this case. It's now about
time to secure what is there and just simply to change architectures in order to ensure that
the problems we have don't overwhelm us. Well, I love the fact that you're so honest.
I have to say it's refreshing, Arnd, because as I say, I think 90% of vendors would have come on.
And the first thing they would say is we've got artificial intelligence, and they would
have made that into their sales point when you talk about new technology. I hear what you're
saying about AI perhaps being talked about too much, being hyped up by not being delivering.
But what is at the cutting edge then, Arnd? Let's be positive. What's at the front? Can
you give me specific examples or put a name onto it? Yeah, I can give you some ideas here.
Number one, we're using AI in different styles, for example, in our solutions. But this does
mean that we didn't abandon what's in there. We just made it into a full model, which is,
let's say, we've integrated into a system which is able, let's say, to run self-maintain
and which only needs the input in order then to run properly and is able to
cope with a lot of fraud which is actually ongoing. But the thing here is we are at a
stage where we are within the industry like these attempts with steer-shaking. I mean,
okay, it's understood there is a problem. This problem is an architectural problem because we
have only single line communications here via different networks in this case. And this problem
has to be solved somehow. But the conclusion here, what's been adopted and what's been
introduced, technology, doesn't match the problem. It's just simply halfway gone, or
you could say here in this case. But as technology advances, I mean, there are possibilities.
I mean, we're always talking about two-factor authentication. Why not about a two-factor
network? In this case, it would mean just something like we have the regular voice
communication and we just simply add a security layer which just simply communicates the call
credentials in parallel to the regular call, just simply straight from the one who starts the call
to the one who's receiving the call. And you can think about how many problems this might
solve here in this case already. And this runs in lightspeed without affecting the regular call
in parallel and is going to really solve plenty of the ongoing current issues here in this case.
Who would lead that? Which country would lead that? Would it be Germany?
No, it's not something which we're talking about a country here, about introduction in this case.
It's just a matter of the industry which we're talking about here. This is just one example.
But who goes first, Art? Who goes first? There's always got to be leaders so there can be followers.
So I always ask the question, who is ahead? Because I want to know. Who should we be following?
I don't know. We are in talks on things like that. I don't know yet and it's just simply something
which might be upcoming soon. So maybe in the near future we have some more discussions on
these points. I look forward to hearing that. Yes. Another point, besides the fact that we are
developing solutions for the industry here in this case, we also develop systems, let's say,
for global use within companies here in this case. And of course, because of all the implications
which we have, we are moving everything into these solutions so that everything runs secure
in these solutions. Also, we are adopting technologies, cutting-edge technologies,
like hardening the web appearance, hardening what's on in the cloud, in the style,
which is to government security level. I mean, this is difficult stuff, of course,
and this is really hot nuts. We know major companies which are not able to do so
and so they just simply trust in someone like Google, they trust in someone like Microsoft
because they pay a hundred people which have the knowledge and they pay the price that they think
that these guys are hard on them. But the more you have involved here, the more you have a problem
because you're never sure because the weakest part of every organization is us. It's us because
we are the weak ones and as long as the more are involved, the more it can be a problem in this
case. And so it's like looking at architectures, looking at changes which harden the whole
communication we know right now, maintain the communication we know and this is going to be
the next thing which everybody has to focus on. And this is one thing which should be talked about
and this is one thing where actually the industry should go along with and this really requires
cooperation and it requires input from all sides which are interested in maintaining this.
I've got a question from the audience here for you, Arne, sorry to interrupt,
and I think it's a good one so I'm going to share it with you now. Somebody anonymous has asked,
AI has been around forever but it is super hot right now with the gigantic general models like
ChatGPT and so on. Is it that you don't see a real change of the type that's being hyped about
or is it just that they don't have specific applications in telecoms?
Look, ChatGPT, we looked into that. I mean, this is fancy stuff. I mean, this is pretty cool.
There is a massive database there in the background which is emigrated and it's just
simply cleverly made. And, of course, here when we're talking about AI, then it is just simply
really a good engine has been set up in order to get good output of that. But this is amazing to a
certain point, to a certain extent. And, again, here it's as good as what is fed into it. We
looked into this. I mean, it's from the surface when it is impressive because we've not seen
anything like that so far because everybody failed. But then if you go to the second or
the third level, then you quickly come to the points where it again fails here in this case.
So, there is still a long way to go before this gets perfect or before we get really at a point
where we say, okay, this is now really cracking. And it's really actually a special use case
because it's nothing else. And it's just simply Google 2.0. I mean, everybody uses Google in order
to look for some information. Now we have ChatGPT. We just simply ask them and they then just simply,
they've done the Google search before and they provide us back the info here about it. And that's
what it's about and nothing more and nothing less. So, if I was to sum up your point of view,
is it really that when we talk about artificial intelligence, we're delivering average
intelligence, the average that a human being could deliver, and that it's not delivering us what you
might call special intelligence, better results, improved results, especially when dealing with
complex problems? Is that the point? It is a matter of the model and it's a matter
of what you need something for here in this case. And there can be specialist models, which can be
tiny, but these specialist models just simply cover certain areas. And it's about just simply
that a lot of aspects will be looked at and then the system is able to take a decision.
The system learned it and in learning what it can decide, actually, it's been sort of even like hard,
like the system has been hard. It's like as if we learn, I mean, if we play the same song
a hundred times on a piano, then surely we're able to repeat this song. And that's the same stuff
which you actually do here with AI. Rather than us programming on how to play the song,
what we provide with AI, we provide a meme which is able to record what's been
played. And then out of that, this is possible to play simply the song. And it's very similar
to how we learn at school, how we learn things, and it's just simply repetition of stuff here.
And it's very much about the input which is provided, not necessarily the technology
below, under it, but it's very much the input which makes the difference here.
You make a strong case. I'm very grateful for your insights as somebody who's really doing
the work with these topics. But here's a point I want to make that sometimes we don't discuss
enough, I don't think. Sometimes people use these phrases. I hate these phrases like whack-a-mole,
this implication that you always need to catch up with the criminal because it implies that we're
falling behind because they move ahead so fast. I don't see us moving forward that fast. I see us
actually always dealing with some old problem and always acting like we're surprised that a new
thing comes across. We always have a new problem. Oh, wow. We didn't expect. We didn't anticipate
the new problem. Technologies like AI, as you mentioned earlier in the show, they can be used
by fraudsters as well. The criminals can use technology and we should not be surprised when
criminals use technology. We should be anticipating it. Bearing in mind what we've been talking about
in this show, do you believe, I'm not talking specifically your customers here, but do you
believe that telecoms companies in general are keeping pace with the rate of change in technology
just to stay in relation to where the criminals are or are they now falling further and further
behind the criminal use of technology? Actually, it's a difficult question to answer.
Of course, everybody stays in line with the advancements of the technology here in this case
and it's just simply a matter of time when you do what here in this case. Number one,
you have to do business. Number two, you have to secure your business. Number three, you have to
look at aspects which actually damage your business here in this case and I think
the industry is moving and the industry is moving and it is moving and it's understanding
and the awareness is there and because of that, I think in general, the industry will take
the action necessary here in order to overcome situations. But like I said, fraudsters are
opportunistic. They are like an industry. The industry on the bad side of life,
while we try to prevent them, they also simply look for new sections and if you can recall
about the past, from the past until now, you've met so many different scenarios, types of fraud,
which were relevant for a certain period and then a medicine was found and boom, it's gone.
And it's like a cycle and I don't think that this is going to stop soon
and this evolvement of this process and currently, I mean, you can do more but at least we're doing
something and at least discussions are on in order to do more to get better achievements.
And the feedback we're getting on things, on these pipes like the fraud events
you've discussed in the first half of the show, I mean, they are just
the indicators which show that we have to be aware of some new stuff coming and maybe
we have to go for even other ways in order to overcome these types of fraud.
Okay, now your business, Oculeus, you've chosen to integrate data feeds from the RAG
fraud blockchain into the fraud management systems used by your customers. Why has your
company decided to take advantage of this non-profit information exchange and make it
available to your users? Absolutely, I mean, it's of relevance to use the input from all sides in
order to fight the fraud, let's say, of all areas, of all sections. And the input of these
numbers is good and any type, let's say, any fraud which is prevented just simply by the input of such
a number is just simply a good result here in this case. And we would be simply crazy to not
provide this ability to our customers here and I have to say RAG really did a great job on that.
In introducing it and get it running. And yes, all the contributors here in this case and
this thing lives as long as just simply people contribute and it's the same service open
source. Open source empowers us to do things we would not have been able to do years
ago and this is just simply a good concept which has been here just simply implemented
and taken over by ARAQ. Thank you, thank you for that. I want to bring in Ed in now, if you don't
mind the conversation. I'm going to pick up on Ed because I'm going to come back to this theme of
collaboration here because Ed, I think what Arnd is doing is a bit of a counter example to the
suggestion that governments and regulators take the lead because there can be circumstances here.
Artificial intelligence, correct me if I'm wrong here, Arnd, artificial intelligence,
ultimately it's built upon data. Companies might see for their own interests facilitating the
exchange of data, they're going to deliver the result potentially much more quickly through
things like APIs than if we wait for a government, which some countries are waiting for, waiting for
a government to mandate what ultimately national exchanges of intelligence, which again begs the
question of why we want a national exchange of intelligence, not an international exchange of
intelligence. Ed, what's your views in terms of are there times when the free market,
when the capitalist system, when business interests will get to that result far more
quickly than governments and we're making a mistake to wait for governments?
Yeah, I mean this should be one of them, right? And so I can't off the top of my head come up
with a whole business case behind it, but this should be one of them just in the sense that
the problem that we're talking about is a global problem. The second we start chopping it up into
regional bits as you do with telecom regulation, you kind of move away from the problem. And I
think that this has always been this issue of the internet, this global phenomenon growing out of
regionally or nationally regulated telecoms. Those two things have always been kind of in contrast
to each other. So yeah, I think the free market makes more sense in this case because it's a
global problem. And the other thing too, it's like we've talked about before, how many examples are
there of just purely a regulatory organization solving a problem like this that then goes to
the rest of the world, right? I don't know. I mean, I'd love to see someone come back to me with
data that's telling me I'm wrong about that. But in 25 years of covering the telecom industry,
I can't think of an example off the top of my head where we came up with this amazing regulatory
regime that the whole world adopted that solved a major problem that hurt everyone.
Yeah, I don't know. I haven't seen it yet. Well, there isn't one. They're wasting any
more time thinking about it, mate. It hasn't happened. Lee, I will put you on the spot here.
Please answer truthfully. And he's a businessman. He wants to promote his company. He wants to
promote his products. Would it make it more attractive to you if a company comes along
with a fraud management system and say it's plugged into the data from lots of other telcos?
Or is that of no difference to you in terms of when you look at a fraud management system,
its virtues and its vices and the benefits and costs of using it?
Well, information is power, right? So the more information you have, then obviously the better
it'll be. But ultimately, it's about results. So if it gave me the right results I was expecting,
then yeah, I'd definitely buy Arn's software. You made it seem like I set that up now.
I was actually looking for a more extensive analysis of how much value is there to a company.
Because you've worked in big telcos. You've worked in small telcos. Does it make a difference?
Perhaps when you're in some massive group, your attitude is, I don't need intelligence
from somewhere else. But if you work for a small telco, maybe it's crucial that you start looking
at information exchanges. Give me some perspective on the value that comes from having intelligence.
Yeah, I think you need to have intelligence whether you're a big company or a small company
area. That's how you basically decide where the threats are coming from and how you then
counter those threats. So sharing information, obviously that's a benefit for the industry.
And like we've discussed on the call today, there needs to be more collaboration, more data sharing.
You're always the dipper, Matthew. But I think, Aard, we did get you an additional sale there
because Lee did basically say if his supplier doesn't step up, then he'll be switching to
Oculeus. Aard, we've massively overrun in terms of the time of the show. So I apologize. This is
going to be my final question to you. But in terms of advice that the viewers who are watching this
show, the fraud managers who are watching the show, in terms of what they should be prioritizing
as the number one, the number two, or even the number three, but really the number one thing
they should be putting on their roadmap in terms of the capabilities they need to add to what's
available to them. What would be the messages that you would give them? What are the messages
that you're pushing right now as being the big winners, the big gains in terms of additional
technology telco should look at implementing in their companies? I think they should really look
into the verification of the origination of numbers. This is the hottest topic right now.
And there is Columbus Act still has to be found.
Okay. That was a shorter answer than I expected. I mean, in terms of, again, Germany, you know,
Germany is not reviewing stir shaken in terms of this. Do you think that there will be more
alternatives? We have a comment from one of our viewers. Here's James McKenzie asks,
what happened to CBAN? So we know that there's some alternatives out there.
Are we still waiting for more research and development to be done in order to form this
decision? Look, there'll be some stuff coming, which will be even different to what's out there.
The German approach currently is simply anything with what comes into Germany with the German
number. The number has to come by an international link. The number has to be wiped here in this
case. The problem is this is even not easy with the technology, which is there right now, because
it doesn't consider roaming. You know, if you're outside roaming, now your calls home, you don't
see a number. And we nowadays have the habit to not take numbers, to not take calls without
numbers here in this case. So I don't know what's happening here on the German side.
I'm not that much involved, even if us being a German company here on these levels.
So I cannot give you here a definite answer. But for sure, in the near future, we'll have some
other talks. And I get you some more insights on stuff, which we have on the agenda.
We've got a win-win going on here, Arndt, because I've sold you into Lee. Now I'm going to sell Lee
to you, because Lee's got the answer. In the Middle East, he's been talking in the previous
episodes about how to deal with roaming. So you should just get him in, consult you, and then you
can sort it out for the rest of Germany, because they're dealing with this problem in the Middle
East. Did I misunderstand you from what you said previously, Lee? Basically, you're
already an advance ahead of some of the European countries in terms of how to look up data from
the HLR, how to understand and ascertain if somebody's roaming or not, and then integrate
that into the work you're already doing. We do. And we discussed this, I think, on the show two
weeks ago. So if anybody didn't see that show, what we do is we, if it's a number coming in with
a CLI, which is from our fixed lines, we would check that. And you can't have that call coming
in from an international route. So we know that's being spoofed. We block those calls.
If it's a mobile number coming in of one of our customers, we then check our HLR. And if they are
roaming, we allow that call to pass. If they're not roaming, again, we know that's spoofed. So
we block that. And then we're working with the other operators now, because what we've seen is
there's been calls, which are now numbers, which are being spoofed using their number ranges. And
now we're getting access to their HLRs. We'll check them to see if they're in a roaming scenario.
If they are, we allow that call to come onto the network. If it's not, we'll block it.
And another great example of information sharing, data intelligence there. Another great example
of it in practice. Arnd, is this something that you'd be interested in copying and trying to
sell around to the European telcos who currently aren't aware of how to do this?
Look, what Lee just said, this is familiar for me here in this case. And one thing which we
should really step off is pinpointing, this is from the Middle East, this is from Africa,
this is from Asia or somewhere, or this is from Europe, you know. The world got small.
And in any of these companies, bright guys, smart guys, simply sit and work and just simply
put together the scenarios necessary to overcome problems. And we have to simply take the best
solutions and the best results out there in order to cope with the problems. And we,
nobody should think we are any better or any less than anybody out there.
Good point to finish on with the interview. I do appreciate your time, Arnd, we've massively
overrun, but thank you for your insights today. I really appreciate them. Thank you for joining us
on the show. Thanks very much as well. That's it for today's show. Ed, Lee and I will return next
Wednesday when we'll be talking about the new risks created for the communications industry
by the adoption of embedded SIMs or eSIMs, helping us to understand those risks. We'll be telecoms
testing expert and Blue Gem CEO, John Davies. We'll be live on Wednesday, 10th May at 4pm UK,
6pm Saudi Arabia, 10am US Central. Save the show to your diary by clicking on the link in the
Communications Risk Show webpage, or save yourself the hassle of doing that every week by subscribing
to our broadcast schedule and having every weekly show added to your diary automatically.
Thanks again to today's guest, Arne Baranofsky, CEO of Opuleas. They were the sponsors of today's
show. Thanks to my co-presenters, Ed Finegold and Lee Scargall for putting up with all my
nonsense and for being so diplomatic when I'm so rude. I guess if you never see them again, it's
because they've been tarnished with the AI brush that will soon be censoring me off social media.
For everyone else, comment in here for it's just flown in. How long would it take for fraudsters
to find out which numbers are roaming so the CLI can be used for spoofing? I'll leave that one for
Lee to ponder, and we'll bring them back for next week with that show. Thanks to our co-presenters.
Your insights are always much appreciated, and thanks to the two guys you never get a word in,
but they're doing all the work keeping this show on the road. Our hard-working producers,
James Greenlee and Matthew Carter. That's all for Episode 8 of the Communications Risk Show.
I'm Eric Priezkalns. Remember to visit the Communications Risk Show website,
tv.commsrisk.com, for recordings of all our past shows. Read our main site at
commsrisk.com for the latest news and opinion about risks in the comms industry. And if you
fancy some real collaboration for a change, then download the crown-sourced Risk Catalogs,
or select to use the intelligent sharing blockchain of the Risk and Assurance Group
at riskandassurancegroup.org. Thanks for watching. We'll see you next Wednesday.