Mail - [email protected] Page 1 of 1 Feb 14 Agenda item, Anti-Spoofing Provisions of the RAY BAUM'S Act Tony Rutkowski Fri 2/8/2019 6:42 AM To:[email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; Mike.O'[email protected] <Mike.O'[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; Cc:Paul Najarian <[email protected]>; Eric Burger <[email protected]>; 1 attachments (95 KB) T17-SG02-C-0167!!MSW-E.docx; The Chairman and Commissioners should be aware that most of the actions called for in the Act and the Commission's proposed implementation are before the 19-28 February, Geneva, meeting of ITU-T Study Group 2, in the form of a draft Rec. M.rtafm, "Requirements for Telecom anti-Fraud Management in the TMN." See attached contribution from the Recommendation editor. Study Group 2 has global jurisdiction over the use of telephony services and especially the use of telephone numbers as they are allocated and managed pursuant to ITU-T Rec. E.164. It is therefore an essential venue for implementation of Sec. 503 of Ray Baum's Act. The Commission should consider support for the Recommendation and involvement in the meeting via the State Dept by appropriate staff. respectfully, Anthony M. Rutkowski, EVP for Regulatory and Standards https://outlook.office.com/owa/?path=/mail/inbox 08-Feb-19 INTERNATIONAL TELECOMMUNICATION UNION SG2-C167 TELECOMMUNICATION STANDARDIZATION SECTOR STUDY GROUP 2 STUDY PERIOD 2017-2020 Original: English Question(s): 5/2 Geneva, 19-28 February 2019 CONTRIBUTION Source: China Telecommunications Corporation Title: The contribution on modifying M.rtafm document. Purpose: Proposal Contact: LING Ying Tel: +86 21 28970016 China Telecommunication Fax: +86 21 58754013 China E-mail: [email protected] Keywords: Telecom anti-Fraud Management; TMN; Abstract: This contribution proposes some modification in M.rtafm document based on the document T17-SG02-180704-TD-GEN-0439!!MSW-E. 1. Discussion This contribution proposes some modification in M.rtafm based on the comments from last meeting in Geneva. 2. Proposals This contribution proposed some modifications in the document as follows: 1) Adding the new definitions in Chapter 3.2; 2) Modifying the text in Chapter 6.3; 3) Modifying the text in Chapter 7; 4) Adding “8.1.5 Fraud detection management function” and “8.2.4 Fraud mitigation management function” in Chapter 8; 5) Modifying the text in Chapter 9.1; 6) Adding the content of Appendix A. - 2 - SG2-C167 Draft ITU-T Recommendation M.rtafm Requirements for Telecom anti-Fraud Management in the TMN 1 Scope This draft Recommendation describes the requirements for Telecom anti-Fraud Management in the TMN, the functional framework for combating telecom fraud management and the functional description. 2 References The following ITU-T Recommendations and other references contain provisions, which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. [ITU-T E.156] ITU-T Recommendation E.156 (2006), Guidelines for ITU-T action on reported misuse of E.164 number resources. [ITU-T E.156 – Suppl. 1] ITU-T Recommendation E.156 – Supplement 1 (2007), Guidelines for ITU-T action on reported misuse of E.164 number resources. Supplement 1: Best practice guide on countering misuse of E.164 number resources [ITU-T E.156 – Suppl. 2] ITU-T Recommendation E.156 – Supplement 1 (2007), Guidelines for ITU-T action on reported misuse of E.164 number resources. Supplement 2: Possible actions to counter misuse [ITU-T M.3010] ITU-T Recommendation M.3010 (2000), Principles for a telecommunications management network [WTSA RESOLUTION 61] WTSA-12 – Resolution 61(2012), Countering and combating misappropriation and misuse of international telecommunication numbering resources 3 Definitions 3.1 Terms defined elsewhere 3.1.1 Fraud: Fraud is use of numbers in the manner for which they were prescribed, but in a manner intended to generate revenue. The use of a number in the manner for which it was allocated but for the purpose of generating cash at the expense of the customer and/or operators. [ITU-T E.156 – Suppl. 1] TBD Editor’s note: – The terms involved in this recommendation should be in accordance with E.156, Supplement 1 and Supplement 2. The changed text will be proposed based on contributions received in the future. – The fraud calls should be clarified from two aspects as following table. The fraud scenarios should be described. - 3 - SG2-C167 It’s necessary to describe whether the number resources are misused and how the number resources are used. Misuse of E.164 number resources Fraud scenarios Using an assigned numbering resource. Case 1: - Some calls are initiated by web dialers The spoofing calls are often very short. These short using applications to originate calls with calls are generated to consumers with the purpose of false calling party numbers (CPN). These leaving a missed call notification on phones display in calls are spoofing calls. order to prompt the called party users to call back. Using an unassigned numbing resource. Case 2: - In many cases, VoIP technologies have Fraud calls are often use of numbers in manner for been used, and somewhere in the route not which they were prescribed, but in a manner intended assigned numbering resources have been to generate revenue or in a malicious manner (such as inserted or reassigned. harassing, threatening, obscene, fraud manner and so on). – The more fraud scenarios will be described as the appendix of this recommendation based on the contributions received in the future. 3.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.1 nuisance call: refers to the unsolicited, annoying telephone call, such as one originating from a telemarketer, robotcaller, or prankster or one that is obscene, harassing, misdialed, or senseless. 3.2.2 phishing: refers to the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in a communication. The attacker sends spam emails, SMSes and voice calls aimed at getting banking details of a target. 3.2.3 telecom anti-fraud management: is the development, execution and supervision of plans, policies, programs and practices that detect and mitigate telecom fraud activities. NOTE--Taking full advantage of telecom network operation data, to detect the possible fraud in time and to make the appropriate treatment to mitigate lost revenue due to fraud by means of telecom network management functionalities (including signalling monitoring, data analysis, alarm monitoring, and configuration management). Contributor’s note: The definition of telecom anti-fraud management had been modified considering the comment from SCV-TD91. 3.2.4 telecom fraud: refers to the use of telecom service (telephones, cell phones, computers etc.) to commit the fraud. Victims in telecom fraud include telecom consumers, called party users and communication service providers. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: CLI Calling Line Identity CPN Calling Party Number - 4 - SG2-C167 5 Conventions In this Recommendation: The keywords “is required to” indicate a requirement which must be strictly followed and from which no deviation is permitted if conformance to this document is to be claimed. The keywords “is prohibited from” indicate a requirement which must be strictly followed and from which no deviation is permitted if conformance to this document is to be claimed. The keywords “is recommended” indicate a requirement which is recommended but which is not absolutely required. Thus this requirement need not be present to claim conformance. The keywords “is not recommended” indicate a requirement which is not recommended but which is not specifically prohibited. Thus, conformance with this specification can still be claimed even if this requirement is present. The keywords “can optionally” indicate an optional requirement which is permissible, without implying any sense of being recommended. This term is not intended to imply that the vendor’s implementation must provide the option and the feature can be optionally enabled by the network operator/service provider. Rather, it means the vendor may optionally provide the feature and still claim conformance with the specification. 6 Overview of telecom anti-fraud management in the TMN 6.1 Telecom fraud statements Telecom fraud refers to the fraudulent activity through the means of communication (such as targeted spear-phishing e-mails or SMSes, spoofing calls or nuisance calls and so on). These fraud activities increasingly impact on telecom consumers, called party users. The misuse of numbers and numbering plans might form the basis by which a fraud is perpetrated, but the misuse itself might not constitute actual fraud. Telecom fraud is use of numbers in the manner for which they were prescribed, but in a manner intended to generate revenue. Telecom fraud occurs with numbering misuse, including global numbering resources, international numbering resources, national numbering resources, local numbering resources, advertisement emails, SMSes or rogue dialling and so on.