By: Dmitry Sumin

National regulators, charged with consumer protection as well as national security objectives, are becoming more active in the fight against voice and SMS fraud. But legislation on its own has limits.

Operators deploy solutions ranging from number validation to advanced AI-based fraud detection, yet without cooperation across networks, even the most sophisticated tools cannot address the central problem: spoofing.

By promoting technical solutions at the national level, regulators can enable cooperation among operators, enterprises, and government agencies to safeguard the integrity of voice and SMS traffic.

Fraud has gone from nuisance to crisis

Voice and SMS fraud has shifted from an irritating nuisance to a global crisis. Consumers are bombarded with vishing and smishing attempts that cause not only financial losses but also lasting damage to trust in telecom services. Fraud prevention is often framed as an industry problem, but the economic impacts reach much further. Information security is a critical element of national security, and governments are increasingly focused on securing these communication channels.

Consumer scams result in billions of dollars in direct losses every year. In the United States alone, the Federal Trade Commission reported that impersonation scams cost consumers over $1.1 billion in 2023. Similar figures appear in Europe and Asia, where consumers are increasingly targeted by smishing and vishing attacks. These losses translate into reduced consumer confidence and greater demand for regulatory intervention.

Enterprises also suffer: impersonation fraud undermines customer confidence in their brands, while employees and systems are targeted by increasingly sophisticated scams. Over time, subscribers begin to disengage from voice and SMS altogether, weakening essential communication channels.

National Security - The Cost of Doing Nothing

The consequences of vishing and smishing are not confined to individuals or businesses. Misinformation campaigns during elections and other sensitive events highlight the national security dimension of telecom fraud. When fraudulent communications have political aims, the effects extend to the integrity of democratic processes and public institutions.

Governments also bear indirect costs. Fraud cases drive up spending on law enforcement investigations, court proceedings, and consumer redress. Lost tax revenues from bypass fraud and SIM box schemes further erode national income, diverting resources from other priorities. When consumers lose trust and enterprises disengage from voice and SMS, governments also lose valuable communication channels for public services and security alerts.

Why Spoofing Defeats Traditional Defenses

Spoofing—the manipulation of caller or sender IDs to impersonate a trusted source—is a powerful enabler of telecom fraud. It gives legitimacy to scam calls and smishing attempts, and also underpins many wholesale and interconnect fraud types.

Traditional defenses such as firewalls and fraud management systems rarely detect spoofing reliably. Unless the call or message is flagged for other reasons through content analysis, volumetric thresholds, or anomaly detection, it is likely to reach the end user.

In order to effectively detect spoofing, operators must be able to verify that traffic from numbers belonging to other national operators is valid, whether the traffic originates locally or internationally.

Spoofing also distorts operator economics. Fraudsters use caller ID manipulation to bypass approved routes and mask the true origin of calls, allowing them to exploit interconnect agreements. While frauds that utilize CLI spoofing techniques such as Wangiri, CLI refiling and OBR traffic manipulation may account for a small percentage of total volume, the financial incentives to detect spoofed traffic are significant.

The GSMA has recommended “roaming checks” as a basic control—verifying whether calls from local numbers truly originate abroad when a subscriber is roaming. Yet this simple measure is difficult to implement without real-time verification across networks. And in competitive markets, there is little incentive for operators to share the data required to make it work. This is where regulators have a role to play.

National and Global Lessons in Fraud Prevention

Some regulators have already taken steps to address telecom fraud, though results have been mixed. The most cited example is the FCC’s rollout of STIR/SHAKEN, a protocol designed to authenticate caller IDs in IP-based voice traffic. While the program has had a measurable impact in reducing certain types of robocalls, it has also revealed clear limitations. The authentication protocol does not extend to 2G/3G voice or SMS, is difficult to enforce across international traffic, and has faced adoption challenges among smaller operators. Implementation costs were also significant, and enforcement remains uneven. For these reasons, STIR/SHAKEN is unlikely to be applied at scale outside North America. Other initiatives, such as Do Not Originate (DNO) lists, Do Not Call (DNC) registries, and verified sender databases, have