ECC WorkProgram Database

NaN2_04

Last update: 19-12-2024

ECC Recommendation

ECC Recommendation on SMS Sender ID

The ECC Recommendation will contain policy rules on how to handle the SMS SenderID in order to maintain trust in the SenderID

The WG NaN has already developed detailed policies on how to handle the CLI in voice communications in order to maintain trust in the CLI.

SMS SenderID is the equivalent identifier as CLI for voice calls but for SMS. SMS is used for person-to-person (P2P) communications, but also more and more for application-to-person (A2P) communications. In this last category, we can distinguish between premium rate SMS, where the receiver of the SMS pays for the premium rate service and business messaging as one-time passwords, alerts for appointments which are not charged for the receiver. While the premium rate SMS- service is in decline, business messaging including the use of SMS as an extra security layer are getting more and more popular (2-factor authorisation as defined in Payment Services Directive - PSD2).

The work item will be limited to A2P- communications.

While for voice communication the CLI is always a telephone number, for SMS it is possible to use alphanumeric characters in SenderIDs. It is not common that CEPT Administrations regulate their use. This creates additional risks as people are more likely to be mis leaded in case of spoofing by an alphanumeric identifier (e.g. well-known brands) than a numeric one. From a technical point of view it is easy to modify the SenderID in a number or alphanumeric characters. SenderID spoofing for SMS is seen by many administrations more and more as a problem with a very negative impact for end-users, since often it is used for frauds. Moreover, in case of provisioning of business messaging via SMS typically a long chain of subjects is involved and this increases the complexity in identifying the real sender of the messaging.

Although the scope of the ECC Report 338 on CLI spoofing adopted 7^th June 2022 and the following ECC Recommendation in preparation is limited to voice communications, some principles (e.g. with A/B handshaking and the respect of international Recommendation E.157 for international communications) described can be used in this new Recommendation.

This ECC Recommendation aims to increase the trust in SenderID proposing rules and good polices on how to handle SMS SenderID. Special attention will be given to maximise the commercial benefit for the stakeholders of SMS while minimising the risk of fraud and or abuse where SenderID plays a role. It will draw on the good practices currently applied in several countries.

The ambition of the ECC Recommendation is to move as far as possible towards a common approach in the CEPT countries.

S: 21-06-2023
T: 10-06-2025

Work item approved at WG NaN#26, Budapest, 20-22 June 2023

In Progress

NaN2_05

Last update: 19-12-2024

ECC Report

ECC Report on international voice traceback

The WG NaN has already done a lot of work in combatting fraudulent electronic communications. With this work item another recommendation from Report 275 will be executed.

The objective of voice traceback is to find the source of illegal voice calls. It is important to identify the operators which are the source of illegal voice calls. These operators can then be held accountable for originating or being too passive allowing fraudulent traffic. Collaboration between operators/carriers is needed across international borders in the CEPT-area.

The aim of the report is

to develop an operational framework which enables international voice traceback;
identify regulatory and legal obstacles for such a international voice traceback as e.g. privacy concerns (GDPR and e- privacy laws impose strict regulations on the collection, processing, and storage of personal data, including voice communications) and contractual issues in interconnect agreements such as non-disclosure agreements;
Explore ideas to deploy voice traceback with other regions in the world.

If needed recommendations can be made for provisions enabling voice traceback in future European and national legislation.

In order to develop the report the approach in the US to trace the origin of the fraudulent traffic including the work of the Industry Traceback Group (ITG) will be studied.

S: 26-11-2024
T: 26-11-2026

Work item approved at WG NaN#29, Bonn, 26-28 November 2024.

In Progress

NPS_07

Last update: 25-05-2021

ECC Report

CEPT cooperation process for withholding payments and/or blocking access to numbers or services in cases of cross-border fraud or misuse

One of the most effective long-term approaches to tackling fraud and misuse is greater cooperation and information sharing between regulators. This can help us to better understand the changing nature of fraud mechanisms and to develop ex-ante and ex-post measures to protect the interests of citizens and consumers. With this aim, it is proposed to define a process for cooperation in the investigation of cross-border cases of fraud and misuse. The process would assist any regulatory intervention in the withholding of payments and/or blocking of access to numbers or services where fraud or misuse has occurred.

As a starting point, we plan to review the BEREC cooperation process, as set out in report BoR (13)37. The BEREC cooperation process was developed to assist regulatory authorities in the effective application of powers provided by Article 28(2) of the Universal Service Directive (USD) to require the withholding of payments and/or blocking of access to numbers or services in cases of fraud or misuse. It is a cooperation and information sharing tool used to complement national processes in combating fraud and misuse. We would consider the strengths and weaknesses of the BEREC cooperation process in developing the CEPT process.

References:
ECC Report 275 (2018) The role of E.164 numbers in international fraud and misuse of electronic communications services
BEREC Report BoR (13)37 Article 28(2) USD Universal Service Directive: A harmonised BEREC cooperation process, March 2013

S: 31-05-2018
T:

On Hold

NaN2_04 Last update: 19-12-2024	ECC Recommendation	ECC Recommendation on SMS Sender ID	The ECC Recommendation will contain policy rules on how to handle the SMS SenderID in order to maintain trust in the SenderID The WG NaN has already developed detailed policies on how to handle the CLI in voice communications in order to maintain trust in the CLI. SMS SenderID is the equivalent identifier as CLI for voice calls but for SMS. SMS is used for person-to-person (P2P) communications, but also more and more for application-to-person (A2P) communications. In this last category, we can distinguish between premium rate SMS, where the receiver of the SMS pays for the premium rate service and business messaging as one-time passwords, alerts for appointments which are not charged for the receiver. While the premium rate SMS- service is in decline, business messaging including the use of SMS as an extra security layer are getting more and more popular (2-factor authorisation as defined in Payment Services Directive - PSD2). The work item will be limited to A2P- communications. While for voice communication the CLI is always a telephone number, for SMS it is possible to use alphanumeric characters in SenderIDs. It is not common that CEPT Administrations regulate their use. This creates additional risks as people are more likely to be mis leaded in case of spoofing by an alphanumeric identifier (e.g. well-known brands) than a numeric one. From a technical point of view it is easy to modify the SenderID in a number or alphanumeric characters. SenderID spoofing for SMS is seen by many administrations more and more as a problem with a very negative impact for end-users, since often it is used for frauds. Moreover, in case of provisioning of business messaging via SMS typically a long chain of subjects is involved and this increases the complexity in identifying the real sender of the messaging. Although the scope of the ECC Report 338 on CLI spoofing adopted 7^th June 2022 and the following ECC Recommendation in preparation is limited to voice communications, some principles (e.g. with A/B handshaking and the respect of international Recommendation E.157 for international communications) described can be used in this new Recommendation. This ECC Recommendation aims to increase the trust in SenderID proposing rules and good polices on how to handle SMS SenderID. Special attention will be given to maximise the commercial benefit for the stakeholders of SMS while minimising the risk of fraud and or abuse where SenderID plays a role. It will draw on the good practices currently applied in several countries. The ambition of the ECC Recommendation is to move as far as possible towards a common approach in the CEPT countries.	S: 21-06-2023 T: 10-06-2025	Work item approved at WG NaN#26, Budapest, 20-22 June 2023	In Progress
NaN2_05 Last update: 19-12-2024	ECC Report	ECC Report on international voice traceback	The WG NaN has already done a lot of work in combatting fraudulent electronic communications. With this work item another recommendation from Report 275 will be executed. The objective of voice traceback is to find the source of illegal voice calls. It is important to identify the operators which are the source of illegal voice calls. These operators can then be held accountable for originating or being too passive allowing fraudulent traffic. Collaboration between operators/carriers is needed across international borders in the CEPT-area. The aim of the report is to develop an operational framework which enables international voice traceback; identify regulatory and legal obstacles for such a international voice traceback as e.g. privacy concerns (GDPR and e- privacy laws impose strict regulations on the collection, processing, and storage of personal data, including voice communications) and contractual issues in interconnect agreements such as non-disclosure agreements; Explore ideas to deploy voice traceback with other regions in the world. If needed recommendations can be made for provisions enabling voice traceback in future European and national legislation. In order to develop the report the approach in the US to trace the origin of the fraudulent traffic including the work of the Industry Traceback Group (ITG) will be studied.	S: 26-11-2024 T: 26-11-2026	Work item approved at WG NaN#29, Bonn, 26-28 November 2024.	In Progress
NPS_07 Last update: 25-05-2021	ECC Report	CEPT cooperation process for withholding payments and/or blocking access to numbers or services in cases of cross-border fraud or misuse	One of the most effective long-term approaches to tackling fraud and misuse is greater cooperation and information sharing between regulators. This can help us to better understand the changing nature of fraud mechanisms and to develop ex-ante and ex-post measures to protect the interests of citizens and consumers. With this aim, it is proposed to define a process for cooperation in the investigation of cross-border cases of fraud and misuse. The process would assist any regulatory intervention in the withholding of payments and/or blocking of access to numbers or services where fraud or misuse has occurred. As a starting point, we plan to review the BEREC cooperation process, as set out in report BoR (13)37. The BEREC cooperation process was developed to assist regulatory authorities in the effective application of powers provided by Article 28(2) of the Universal Service Directive (USD) to require the withholding of payments and/or blocking of access to numbers or services in cases of fraud or misuse. It is a cooperation and information sharing tool used to complement national processes in combating fraud and misuse. We would consider the strengths and weaknesses of the BEREC cooperation process in developing the CEPT process. References: ECC Report 275 (2018) The role of E.164 numbers in international fraud and misuse of electronic communications services BEREC Report BoR (13)37 Article 28(2) USD Universal Service Directive: A harmonised BEREC cooperation process, March 2013	S: 31-05-2018 T:		On Hold