article 28(2) usd introduction. the problem fraud and misuse scale evolving risks impact on end...

Article 28(2) USD

Introduction

The Problem

• Fraud and Misuse scale• Evolving risks• Impact on end users

– Direct financial impact– Direct inconvenience

• Indirect costs• Operators (access,termination, transit) confirm to be regularly

affected by fraud / misuse

Process followed• Previous BEREC work• Information gathering on scope and scale (operators)• Information gathering on implementation of article 28(2) -NRA• Consultation with operators– Need for harmonisation vs. operators’ own procedures– Scope of fraud/ misuse– Thresholds– Simplicity and details of the process– Impact on operators – Short timescale for payments

• Participation of EC

Challenges• Article 28(2) USD implementation across EU

– Dealing with a global issue– Develop effective institutional cooperation at EU level

• Protect end users• Intervention has to be rapid• Minimise distortion of incentives • Avoid economic gain • Respecting national subsidiarity • Encourage support from industry• Regulatory intervention vs. contractual provisions

Article 28(2) USD1. Member States shall ensure that, where technically and economically feasible, and except

where a called subscriber has chosen for commercial reasons to limit access by calling parties located in specific geographical areas, relevant national authorities take all necessary steps to ensure that end-users are able to:

a. access and use services using non-geographic numbers within the Community; and b. access all numbers provided in the Community, regardless of the technology and devices

used by the operator, including those in the national numbering plans of Member States, those from the ETNS and Universal International Freephone Numbers (UIFN).

2. Member States shall ensure that the relevant authorities are able to require undertakings providing public communications networks and/or publicly available electronic communications services to block, on a case-by-case basis, access to numbers or services where this is justified by reasons of fraud or misuse and to require that in such cases providers of electronic communications services withhold relevant interconnection or other service revenues.

• Implementation in Member States by May 2011

Article 28(2) Process aims General aspects

• Cross-border situations• Reinforced institutional cooperation and coordination• Guidance and consistency at EU level• Independent NRAs role• NRAs experience at national level on interconnection issues• Focused on end-users• Crucial role of operators

Article 28(2) Process aimsGeneral aspects

• Workable process • Focus: end-users, avoiding perpetrators’ benefits (disrupting

money flows) • Common understanding, timelines and information exchanged• Timely action by NRAs in originating, transit and terminating

countries (as applicable)• Regulatory intervention vs. contractual management• Operators encouraged to bring forward contractual

amendments and increase use of detection

Article 28(2) Process aimsScope of frauds / misuse covered

• Non-exhaustive list• Includes widespread practices including: • Short-stopping• AIT (e.g. PBX hacking, identity theft)• Wangiri • Roaming situations covered• VAS

Article 28(2) Process aimsRelevant authorities

• Implementation pursuant to national law • Independent NRAs• Judicial bodies • Consumer protection bodies • Independent NRAs as first contact point (internal

coordination)• Institutional exchange of information not available to third

parties

Article 28(2) Process aimsMeasures that can be adopted

• Case-by-case analysis• Principle of proportionality• Blocking access to numbers and/or • Withholding of payments • No retrospective nature of withholding as general rule• Payment periods (1 month timeframe)• Compulsory nature of measures taken by relevant authorities• Operators’ incentives to increase security measures• Promotion for use outside EU

The BEREC Process• Aims to achieve

– Cooperative approach– Better and faster communications– Common understanding

• approach• definitions

• Interface to national processes– Single points of contact– Accommodating national circumstances– National processes to align with BEREC process

Example of process in action

• PBX Hacking– Short stopping of numbers– Calls going beyond EU borders

• Inbound nuisance calls• Roaming mobiles

13

Operator 1Retail

Operator 2Transit

NRA 1

Country A

National Authority 1

a

14

Operator 1Retail

Operator 2Transit

Operator 5Allocated number

Termin-ating user

NRA 1

Country A Country C

National Authority 1

NRA 3

National Authority 3

a

b

15

Operator 1Retail

Operator 3Transit

Operator 2Transit

Operator 4Transit

Operator 5Allocated number

Termin-ating user

NRA 1

Country A Country B Country C

National Authority 1

NRA 2

National Authority 2

NRA 3

National Authority 3

a

c

b

16

Operator 1Retail

Operator 3Transit

Operator 2Transit

Operator 4Transit

Operator 5Allocated number

Termin-ating user

NRA 1

Country A Country B Country C

National Authority 1

NRA 2

National Authority 2

NRA 3

National Authority 3

a

c

b

BEREC Office

d

Example of process in action (Irish experience)

• PBX Hacking– Short stopping of numbers– Calls going beyond EU borders

• Inbound nuisance calls• Roaming mobiles

Contacts• BEREC to maintain a list of contacts

– NRAs– Other relevant national authorities– European Commission– Other law enforcement agencies

Reports• BEREC to maintain a record of incidents

– Template for reports– Reports to be made by originating NRA– Reports to be confidential vis-à-vis third parties– Review of cases to be held to assess process effectiveness