|
|
NaN1_01
Last update: 19-01-2024
|
ECC Report
|
ECC Report on Numbering issues for cloud-based communication services
|
FNI_03
|
We see more and more new applications emerging where phonenumbers are decoupled from SIM cards and/or fixed lines. They are dynamicallyassigned for short periods of time and or used for applications where there isno longer a strict relationship with a fixed/mobile phone line. Differentterminologies such as virtual numbers or cloud numbers, are used to describethis phenomenon.
These innovations have been made possible by using the cloudto provide electronic communications services.
There are many regulatory requirements in place in relationto the use of different types of number resources, in particular those designedto protect the interests of end-users, to facilitate competition and to ensurethe effective and efficient use of numbering resources. Are all of theseregulatory requirements reasonable and proportionate for those newapplications? In some circumstances they can even be contra-productive andhamper innovation.
The report will first of all describe these evolutions ofthe network and the new services based on those networks, will bring forward adefinition, make an assessment of the different regulatory requirements (e.g.number portability, CLI issues, emergency calls, relation of the identificationof calls with misuse or fraud) and other aspects (e.g. sub- assignment,security of communication) and their relevance to this new numbering usage andfinally make recommendations for the CEPT countries on numbering policy.
Special attention will be given to the question of whoexactly are the end-user and provider of the telephone numbers and theirtypical extraterritorial use.
|
S: 24-11-2021
T: 23-11-2023
|
Work item approved at WG NaN #23 (online) - 23-25 November 2021.
NaN1 (working jointly with NaN2 and NaN3)
|
In Progress
|
|
|
|
NaN2_03
Last update: 08-11-2024
|
ECC Report
|
ECC Report on the definition of missing,
invalid, or fraudulent CLI
|
NaN2_02
NPS_06
NPS_04
|
CLI spoofing has been increasing during the last years with a very negative impact not only for end-users but also for operators. ECC Report 338 on CLI spoofing adopted 7th June 2022 contains in the conclusion, under the form of 6 points, possible actions for CEPT administrations to take to help mitigate or stop CLI spoofing. The proposed report implements the conclusions contained in the first and last bullet points of number 2 of the ECC Report 338.
There are several places where terms like missing, invalid or fraudulent CLI are used, but these terms are not clearly defined. When the CLI is considered as missing, invalid or fraudulent, operators may decide to block the calls, to remove the CLI from any further routing or to change the CLI, applying higher wholesale interconnection rates. This could have implications on multiple aspects.
Therefore, without a common understanding of these terms, disputes may arise between operators on the handling of calls with a CLI that is considered by one of the operators involved in the conveyance of the call as falling within these categories. It is therefore important to establish a common understanding of what qualifies as a missing, invalid or a fraudulent CLI, in order to encourage a common approach.
Some use cases where this would be beneficial follow. For instance, a common practice is to change the CLI in order to mask the origin of the call, in particular changing the CLI for traffic originating from a number from the national numbering plan of a country that does not apply the delegated regulation (EU) 2021/654 setting the Eurorates to a CLI from the national numbering plan of a country that is part of the Eurorates zone, with the objective being to make the terminating operator believe that the traffic originates from a number pertaining to the national numbering plan of a Eurorates country, in order to take advantage of the cheaper termination fees that apply in the Eurorates zone. In this way, fraudulent arbitrage income can be generated.
Also, negative impacts may also be pointed out for end-users, since when the CLI is missing, spoofed to show an invalid number (e.g. from an unassigned range) or it fraudulently shows a CLI belonging to another end-user (e.g. a trusted bank), it would pose dangers for the end-user. Call-back would not be possible on invalid numbers or when the CLI is missing, or fraudulent use of third parties’ CLI would not identify the real caller and possibly expose the receiving party to fraud.
For those reasons, there is a need to define clear verifiable guidelines in a report of what is and what is not to be considered as missing, invalid or fraudulent CLI, in order to mitigate CLI spoofing and encourage a more harmonised approach in handling of such calls.
|
S: 22-11-2022
T: 21-05-2024
|
Work item approved at WG NaN#25 (22-24 November 2022).
|
In Progress
|
|
|
|
NaN2_04
Last update: 08-11-2024
|
ECC Recommendation
|
ECC Recommendation on SMS Sender ID
|
|
The ECC Recommendation will contain policy rules on how to
handle the SMS SenderID in order to maintain trust in the SenderID
The WG NaN has already developed detailed policies on how to
handle the CLI in voice communications in order to maintain trust in the CLI.
SMS SenderID is the equivalent identifier as CLI for voice
calls but for SMS. SMS is used for person-to-person (P2P) communications, but
also more and more for application-to-person (A2P) communications. In this last
category, we can distinguish between premium rate SMS, where the receiver of
the SMS pays for the premium rate service and business messaging as one-time
passwords, alerts for appointments which are not charged for the receiver.
While the premium rate SMS- service is in decline, business messaging including
the use of SMS as an extra security layer are getting more and more popular (2-factor
authorisation as defined in Payment Services Directive - PSD2).
The work item will be limited to A2P- communications.
While for voice communication the CLI is always a telephone
number, for SMS it is possible to use alphanumeric characters in SenderIDs. It is
not common that CEPT Administrations regulate their use. This creates
additional risks as people are more likely to be mis leaded in case of spoofing
by an alphanumeric identifier (e.g. well-known brands) than a numeric one. From
a technical point of view it is easy to modify the SenderID in a number or
alphanumeric characters. SenderID spoofing for SMS is seen by many
administrations more and more as a problem with a very negative impact for
end-users, since often it is used for frauds. Moreover, in case of provisioning
of business messaging via SMS typically a long chain of subjects is involved
and this increases the complexity in identifying the real sender of the
messaging.
Although the scope of the ECC Report 338 on CLI spoofing
adopted 7th June 2022 and the following ECC Recommendation in
preparation is limited to voice communications, some principles (e.g. with A/B
handshaking and the respect of international Recommendation E.157 for
international communications) described can be used in this new Recommendation.
This ECC Recommendation aims to increase the trust in SenderID proposing
rules and good polices on how to handle SMS SenderID. Special attention will be
given to maximise the commercial benefit
for the stakeholders of SMS while minimising the risk of fraud and or abuse
where SenderID plays a role. It will draw on the good practices currently
applied in several countries.
The ambition of the ECC Recommendation is to move as far as
possible towards a common approach in the CEPT countries.
|
S: 21-06-2023
T: 10-06-2025
|
Work item approved at WG NaN#26, Budapest, 20-22 June 2023
|
In Progress
|
|
|
|
NaN3_01
Last update: 19-01-2024
|
ECC Report
|
ECC Report Next Generation Emergency Communications – transition from circuit-switched to packet-switched networks, services and PSAPs
|
|
Evaluate the technological potentials, regulatory requirements, and the possible applications or use cases of NG112. Challenges in terms of e.g., funding, supply chain for 112 emergency communications, phasing out of 2G/3G and impact on introduction of NG112 (legacy support for certain devices), accessibility and equivalence in access to emergency services (number based and number independent interpersonal communication, introducing media, roaming), characteristics of 112 emergency communications (present state and future implementation of NG112, prioritisation of calls to 112 in a packet-switched environment, limited service state (LSS), enhancing caller location information, routing to the most appropriate PSAP) are also to be recorded.
|
S: 07-06-2022
T: 19-11-2024
|
Work item approved at WG NaN#24 (7-9 June 2022).
|
In Progress
|
|
|
|
NaN3_02
Last update: 19-01-2024
|
ECC Report
|
ECC Report on Roaming SMS to 112 – challenges, current practices and future (harmonising) measures
|
|
For
roaming end-users, routing of SMS to the emergency numbers of the visited
country does not reach the visited country’s PSAP. As a consequence, also the AML-SMS
caller location information will not be transmitted to the PSAP. Taking into
account the different mobile network technologies, potential costs and the current
capabilities of the main operating systems (e.g. Android, iOS), this report
will:
- Describe the problems related to
roaming SMS to emergency services on 112 () and other national emergency
numbers,
- Investigate current practices which
resolve identified issues,
- Investigate potential for harmonisation
measures.
NaN3 can also explore other sides
of the topic, if found useful in the NaN3 discussions or during the
questionnaire. When further progress is made, and NaN3 finds it beneficial,
NaN3 can choose to split the work into two work streams, e.g. one for AML-SMS and
one for SMS generally.
|
S: 24-11-2022
T: 21-05-2024
|
Work item approved at WG NaN#25 (22-24 November 2022).
|
In Progress
|
|
|
|
NPS_07
Last update: 25-05-2021
|
ECC Report
|
CEPT cooperation process for withholding payments and/or blocking access to numbers or services in cases of cross-border fraud or misuse
|
|
One of the most effective long-term approaches to tackling fraud and misuse is greater cooperation and information sharing between regulators. This can help us to better understand the changing nature of fraud mechanisms and to develop ex-ante and ex-post measures to protect the interests of citizens and consumers. With this aim, it is proposed to define a process for cooperation in the investigation of cross-border cases of fraud and misuse. The process would assist any regulatory intervention in the withholding of payments and/or blocking of access to numbers or services where fraud or misuse has occurred.
As a starting point, we plan to review the BEREC cooperation process, as set out in report BoR (13)37. The BEREC cooperation process was developed to assist regulatory authorities in the effective application of powers provided by Article 28(2) of the Universal Service Directive (USD) to require the withholding of payments and/or blocking of access to numbers or services in cases of fraud or misuse. It is a cooperation and information sharing tool used to complement national processes in combating fraud and misuse. We would consider the strengths and weaknesses of the BEREC cooperation process in developing the CEPT process.
References:
ECC Report 275 (2018) The role of E.164 numbers in international fraud and misuse of electronic communications services
BEREC Report BoR (13)37 Article 28(2) USD Universal Service Directive: A harmonised BEREC cooperation process, March 2013
|
S: 31-05-2018
T:
|
|
On Hold
|
|