Ofcom GC C1: Fraud & Misuse Prevention
How to prevent AIT fraud, detect IRSF attacks and meet Ofcom's fraud monitoring requirements.
What You Learn
- ✓ General Conditions C1 requirements
- ✓ Fraud prevention obligations
- ✓ Call fraud detection
- ✓ Enforcement risks
Who It's For
- • Telecom providers
- • Service resellers
- • Compliance officers
- • Operations managers
GC C1 is the most common reason for Ofcom enforcement actions against telecom providers. You must actively prevent fraud on your network - reactive measures are not sufficient. Failure can result in fines up to 10% of turnover plus liability for fraud losses.
What Does GC C1 Require?
General Condition C1 requires communication providers to take "all reasonable steps" to prevent fraud and misuse on their networks. The condition specifically covers:
- Prevention of Artificial Inflation of Traffic (AIT)
- Blocking access to known fraud destinations
- Monitoring traffic patterns for anomalies
- Responding to fraud reports within 24 hours
- Cooperating with other providers on fraud prevention
Key Point: "Reasonable steps" is assessed based on your technical capabilities and resources. Large providers are expected to have sophisticated detection systems; smaller resellers still need documented procedures and basic monitoring.
Common Fraud Types
Artificial Inflation of Traffic (AIT)
AIT is the deliberate generation of fraudulent traffic, typically to premium rate or international revenue share numbers. Fraudsters profit from the termination revenue while the originating provider bears the cost.
International Revenue Share Fraud (IRSF)
IRSF exploits high call termination rates to certain international destinations. Attackers generate calls to these destinations and share the termination revenue with the number operator.
Wangiri Fraud
Brief "ring and drop" calls prompt callbacks to premium numbers. Victims see missed calls and call back, generating revenue for fraudsters.
PBX Hacking
Attackers compromise customer phone systems to make fraudulent outbound calls. Often happens overnight or over weekends.
CLI Spoofing
Falsified caller ID used for scam calls. Banks and government agencies are often impersonated.
SIM Box Fraud
Illegal call termination bypassing interconnect agreements. Reduces quality and evades taxation.
Required Fraud Controls
Ofcom expects providers to implement proportionate controls:
| Control | What It Does | Implementation |
|---|---|---|
| Traffic Monitoring | Detects unusual patterns | CDR analysis, real-time alerts |
| Destination Blocking | Prevents calls to fraud hotspots | Hot destination blacklists |
| Credit Limits | Caps financial exposure | Per-customer and per-call limits |
| Velocity Checks | Detects burst traffic | Calls per minute thresholds |
| CLI Validation | Prevents spoofing | STIR/SHAKEN or manual checks |
| Customer Verification | Ensures legitimate users | ID verification, credit checks |
Detection Indicators
Watch for these red flags in your traffic:
- Sudden spike in calls to unfamiliar international destinations
- High call volumes outside business hours
- Many short-duration calls to the same number
- Calls to high-cost destinations from new customers
- Sequential calling patterns (automated dialers)
- Unusual geographic patterns (UK SIP to premium international)
Incident Response Procedure
When fraud is detected, you must act quickly:
| Timeframe | Action | Documentation |
|---|---|---|
| Immediate | Block the traffic source | Log time, source, destination |
| Within 1 hour | Assess scope and impact | Estimated losses, affected customers |
| Within 4 hours | Notify upstream provider | Incident report with CDRs |
| Within 24 hours | Complete investigation | Root cause analysis |
| Within 48 hours | Implement preventive measures | Control enhancements |
Evidence Preservation: Retain all CDRs, logs and communications related to fraud incidents for at least 12 months. This evidence may be required for Ofcom investigations or legal proceedings.
Automated Detection with AI
Modern fraud detection uses machine learning to identify anomalies that rule-based systems miss:
- Isolation Forest: Detects unusual traffic patterns without predefined rules
- Real-time Scoring: Every call rated for fraud probability
- Adaptive Thresholds: Baselines adjust to normal business patterns
- Glass Box Accountability: Every block decision includes explanation
TELECOM COMPLIANCE's Telecompliance AI implements these techniques for UK telecom providers, with Human-in-the-Loop triggers for high-value blocks.