Telephony fraud isn’t new, but it’s becoming more complex, costly, and damaging, especially for businesses that rely on voice communications as a cornerstone of their customer experience.
As the telecoms ecosystem shifts to IP and cloud-based systems, fraudsters are exploiting vulnerabilities that can hurt companies’ reputations as well as their finances.
The UK’s biggest mobile networks have responded by signing a new Telecommunications Fraud Charter with the government, ahead of the upcoming UK Government Fraud Strategy, to introduce various measures aimed at reducing telecoms fraud. The signatories include BT EE, Virgin Media, O2, VodafoneThree, Tesco Mobile, Talk Talk, Sky, and trade association Comms Council UK (CCUK).
The networks have committed to upgrading their systems within the next year to stop overseas call centers spoofing UK phone numbers, making it clear when calls impersonating legitimate organizations originate from other countries.
Around 96 percent of UK mobile users decide whether to pick up a call based on the number shown onscreen, and three-quarters are unlikely to answer calls from an unidentified international number.
The mobile networks will develop call tracing technology to track down the origin of suspicious or fraudulent calls across interconnected networks and give police the information they need to find scammers operating in the country and dismantle their operations.
They will also design scalable, collaborative data-sharing models between telecoms service providers as well as banking and technology firms to make it harder for scams to go on undetected.
The agreement includes a B2B voice and telephony sub-charter focused on assisting business customers. CCUK, which represents the UK’s IP communications and Voice over Internet Protocol (VoIP) industry, will develop business victim support principles and best practice guidance to help members handle how to identify and respond to fraud.
Telecoms Fraud Increases Cost of Business Communications
Telephony fraud takes many forms, including spoofed numbers, call hijacking, PBX hacking, and toll fraud. And those threats are only increasing with the proliferation of AI tools. As fraudsters become more sophisticated, every interaction now carries a layer of doubt. Criminals use legitimate-looking numbers or brands to trick customers, or infiltrate business phone systems to route high-value calls overseas.
“The scammers are getting much more sophisticated. So although there’s great general awareness, I think it’s so easy to still get caught out,” Tracey Wright, Managing Director at Magrathea Telecoms and CCUK chair, told CX Today.
The immediate financial losses can be steep. A single incident of toll fraud can leave rack up thousands in unauthorized charges. But the broader damage—disrupted operations, lost productivity and compromised customer trust—is longer lasting.
Telecoms companies themselves take a hit because of the perception that they have failed to protect their customers or secure their networks.
“[T]he impact on telecoms businesses… is quite serious and quite considerable. Not only in the financial sense of losing money on bad payments, but the reputational risk is considerable,” Wright explained. “It doesn’t take long at all for consumers to pick up on what they perceive as a bad actor in the market.”
Companies are engaged in a constant battle against sophisticated and fast-moving schemes. While some forms of fraud are relatively easy to identify, others are far more subtle, using legitimate communications channels to trick unsuspecting customers.
“[T]he mass calling episodes, selling things that don’t exist… are quite easy to detect. We’re still seeing those, unfortunately; they slip through the net quite frequently,” Wright said. “It is constant whack-a-mole. These people move around the industry, blast these calls out, get caught, shut down, and move on.”
The more insidious threat comes from fraud that crosses multiple communication platforms.
“[T]he more challenging one to properly understand is where the telecoms network is used as part of social engineering. So you’ve already had an email or WhatsApp, or someone’s been sent a phone number in a text message… It’s much harder to detect because it might just be one or two phone calls and not look like anything suspicious.”
While the industry is improving its ability to identify and block fraudulent traffic, many cases still slip through.
“As a service provider, we collect a lot of information from customers on those things. And unfortunately, it is almost a daily occurrence that we get reports,” Wright said.
Many companies underestimate how fraud can ripple through the customer experience. When customers start doubting the authenticity of incoming calls, legitimate outreach can suffer. That erosion of trust can quickly translate into fewer answered calls, slower issue resolution and increased customer frustration.
Still, striking the right balance between robust security and a frictionless customer experience isn’t easy. Too much verification can frustrate users, but too little invites risk. The goal for most companies is to integrate protective measures without customers even noticing.
Breaking Down Barriers to Cross-Industry Data Sharing
The biggest challenge for telecoms service providers in thwarting fraud is sharing intelligence quickly and securely. There are significant barriers to creating an effective data-sharing framework across providers and industries.
“It has been the focus of our attention for most of this year,” Wright said. The trade association held a summit earlier this year that brought stakeholders together to address the problem.
“Not only is there the technical challenge of how to share data in a safe, secure way… The bigger issue is around creating a system that all types of service provider—telecoms company, banking, everyone—can use, and the law that goes behind that to allow us to do so.”
Without the proper mechanisms, vital information can remain siloed within individual networks, allowing fraudulent activity to spill across industries unchecked.
“We’re pushing on both sides of that to have the cover of the legal and regulatory side to allow us to proactively share information. For example, if in the telecoms industry we have access to a potential scam, we’d like to be able to share that with the banking sector to say ‘you might find all these people are victims’. And at the moment, we neither have the route to do it or the legal position in which to do it.”
“So those are our big asks. And one of our commitments under the Charter is to keep working on those. We’ve had a commitment in return from the Home Office and others that are going to work with us on that.”
That ongoing dialogue between industry, regulators, and government will be the key to unlocking progress. For now, CCUK and its members are developing their own models to test what secure, compliant data sharing could look like in practice.
“We don’t have the specifics at the moment on exactly what it looks like. We’re working on our own proof of concept as a membership that, if it works, we will roll out to the wider industry.”
“It is the hardest part, but we are determined because it really does unlock so much of the rest of the things we want to do if we can just find the magic key. And there are lots of steps going forward. We can learn a lot from the finance sector; they’ve already achieved quite a lot in that space. So we’re hoping to work quite closely with them and take all the best bits of the schemes that are already out there.”
This is where the traceback technology that the phone networks are developing—to verify that callers are who they appear to be—is essential.
“That ties in with the data sharing, because at the moment, there is no method for doing this—unless you are providing a call, it’s your vertical market and you own the customer and the whole network—we’ve got otherwise no way of knowing that a caller is who they say they are,” Wright said. “If we can figure that out as an industry, then we’ll be halfway there.”
From AI-driven analytics to automated monitoring systems, new tools are helping providers detect unusual activity faster and respond before customers are affected. But for CCUK, the focus is on solutions that can help providers of all sizes strengthen their defences without adding unnecessary complexity.
“We’re certainly committed to promoting any technology; it doesn’t necessarily have to be AI,” Wright said. “We are… keeping an open mind that it’s not necessarily the kind of silver bullet to fix all this… We’re not going to put all our eggs in one basket to try and overcome this problem. We need to be looking at different solutions.”
For many of its members—who are often smaller and more agile service providers—the emphasis is on accessibility. “Whatever we do has to be simple and accessible to the smaller provider. So one of the proof of concepts we’re looking at is a much more simple API-driven data sharing tool, which any one of our members could just use at very low cost,” Wright said.
Educating Businesses to Strengthen Defenses
Technology alone won’t solve the problem. Businesses need to raise their awareness of how telephony fraud works and how to protect themselves. Clear internal policies, staff training and customer communication all play a role.
Customers, too, need to understand what legitimate contact from a business looks like. When companies proactively explain how they communicate, detailing what numbers they use and what information they’ll never ask for, they help close the information gap that fraudsters rely on.
Under the Charter, the phone networks and CCUK will work together to help improve public awareness, and enhance the protection and support that victims of fraud receive. The networks aim to reduce the time it takes for victims to receive support to two weeks.
Telecoms fraud tactics evolve constantly, so timely information is crucial. By ensuring members have access to the latest intelligence and resources, CCUK UK aims to help providers recognise emerging threats and communicate those risks clearly to their customers.
“There are existing schemes out there that we will support and promote… on our website to our members,” Wright said. “But we’re also developing some awareness specifically for telecoms companies to give their staff the skills to talk to their customers. That’s going to be evolving over the next few months.”
Navigating Legal Grey Areas to Battle Telecoms Fraud
While there’s widespread agreement that better data sharing is vital to combating telecoms fraud, the legal framework that governs it remains an obstacle. On paper, UK data protection and law enforcement rules appear to offer clear guidance on when information can be exchanged, but in practice, the reality is far more complicated.
There are loopholes and ambiguities that can make compliance difficult, particularly for smaller providers without in-house legal teams. “If you’re not on the law enforcement list, for example, you can’t be shared certain data,” Wright said. “We’ve got some great guidance from the ICO on data sharing. But when you actually start digging into the laws and look at the exceptions that are in there, you keep getting tripped up.”
Companies want to do the right thing but fear falling foul of privacy laws in the process. “That’s what we’re trying to overcome. It’s trying to find someone give us the law or the cover from the law to say, if you follow these guidelines, you can’t get in trouble. And that probably needs some kind of regulatory or legal shift,” Wright said.
By creating a framework for ongoing education, CCUK aims to build awareness across the industry, so that telecoms providers can secure their own networks against fraud and empower their customers to stay safe.
