By Oscar Lazcano, Voice Cybersecurity Experts

The Communicator, April 2020

México and Brazil, the two biggest economies in the region and two of the 20 biggest in the world, are being heavily impacted by cybercrime. On top of that, most of the countries in the region are at least 10 years behind about operating based upon best practices against fraud and deploying technologies to not only to protect their bottom line, but to protect subscribers of telecom networks.

Latin America combined has more than 400 million mobile subscribers and most of them are completely vulnerable to identity theft, social engineering and extortion. Part of this is explained by underlying issues such as the ability to buy dozens of SIM cards with pretty much zero control, high rates of stolen mobile phones and a very poor level of security awareness and culture of prevention in the general population, as well as the absence of strong security criteria in the rules for interconnections between carriers.

These crimes occur 24×7 over a telephone line. Scammers operating as illegitimate contact centers, experts in spoofing numbers are generating thousands of calls every day to abuse data from an unraveled black market of personal sensitive information that’s reachable to anyone with a little bit of curiosity. Personal data records have a price list ranging from one to up to 100 dollars per record depending on the type of data and its “reliability and accuracy”.

In the other hand, vertical industries such as banking and insurance are literally begging for solutions to make their Contact Centers more effective in protecting their customers’ identity and, solutions to protect their own identity in telecom networks. For instance, banking must comply with very strict regulations to protect customer’s personal data. Yet, as of today, there is no telecom network that guarantees that the bank’s phone number can’t be spoofed and at the same time, there is no telecom network that offers spam blocking to endusers. 

This is a huge market opportunity for TELCO’s operating in the region.

Pure STIR/SHAKEN is not a viable option at least for the next 5 years because of political, business, legal and regulation matters that must be straightened out before even thinking about creating consensus as it has happened in the USA and Canada. However, there are relatively simple techniques that carriers may take advantage of to create new revenue streams while protecting their consumers and B2B customers.

The following are recommendations to mitigate these issues, leveraging existing technology reachable to any carrier:

1. Inventory DIDs assigned to companies handling sensitive personal data such as banking, insurance, health and government just to mention a few.
2. Blacklist this inventory of ANI’s at international interconnections. No calls from these ANI’s should enter their network via an international interconnection, regardless the technology.
3. Either by processing CDR’s or by using signaling analytics, define a baseline that documents normal patterns of these ANIs while traversing domestic interconnections and local networks.
4. Setup a system of alerts that enable the organization to monitor activity from these ANI’s and to setup any kind of alert that helps the engineering group learn when something is outside of norm. The closest to real-time, the better.
5. Normally, banks do not call customers from the same numbers they use to receive calls. Block all these ANI’s from reaching mobile subscribers.
6. Discuss with your Enterprise Customers their interest in deploying Out-of-Band STIR/SHAKEN. If all carriers introduce this service, that for starters, may create new trust-based relationships between Enterprises and Consumers, in a relatively short period of time there will be common interest to institutionalize the standard. And, the telco provider is right at the middle of this trust relationship building loyalty. 
7. The BPO industry (Business Process Outsourcing) has a very strong penetration in LATAM and many offshore contact centers serve customers in different countries. Out-of-Band STIR/SHAKEN is a perfect fit.
8. Consolidate SPAM, scammers, and bad reputation blacklists and offer them as an opt-in/opt-out service. This is something that APP and smartphone vendors are doing and charging for with zero accuracy and standardized quality assurance.

All the items above are monetizable. And of course, they require a commercial and legal touch, however, there’s demand for these services. Mitigating identity theft, social engineering and extortion will increase the adoption of other digital services and will restore trust in telephone networks. This represent more usage, more bandwidth, more cloud adoption, and in general more demand for the services that TELCOs are currently advertising.

It is a win-win-win-win. For governments, the TELCO’s, the Enterprises, and the end-users.