Mandate display of names when business entities making calls to curb frauds, Trai to government

NEW DELHI: Highlighting the growing menace of number spoofing, voice cloning and AI-enhanced threats for cyber frauds and spam, telecom regulator Trai on Thursday asked the govt to urgently introduce Calling Name Presentation (CNAP) Service – that displays the identity of the business who has been issued the number -- to drive in transparency and curb frauds.

In its recommendations on ‘Revision of National Numbering Plan’ made to the Department of Telecom (DoT), Trai reiterated that there is a need to mandate the measure (originally suggested in Feb last year) to ensure that genuine name of the business/bulk connection holding the number is displayed so that spoofing can be terminated.

“To mitigate the menace of call spoofing and spam, Trai recommended the ‘Introduction of Calling Name Presentation (CNAP) Service in Indian Telecommunication Network’… The introduction of the CNAP facility in telecommunication networks would empower subscribers to make an informed decision while receiving an incoming call and reduce the harassment of subscribers from unknown/ spam callers. Hence, the Authority is of the view that CNAP supplementary service… should be implemented at the earliest to inhibit Unsolicited Commercial Communication (UCC) and spam calls,” it said.

In its original recommendations on the issue of CNAP, Trai had suggested that subscribing entities holding bulk and business connections should be able to present their ‘preferred name’ in place of the name appearing in the Customer Acquisition Form (CAF). “The ‘preferred name’ could be the ‘trademark name’ registered with the Ministry of Corporate Affairs, or the ‘trade name’ registered with the GST Council, or any other such unique name duly registered with the Govt, provided that the subscriber entity present the necessary documents to prove the ownership of such name,” it had said.

Currently, when a person receives a business/bulk call on smartphone, the mobile/ landline numbers are displayed as Calling Line Identification (CLI) during the incoming calls. However, a calling party can spoof its number.

“CLI spoofing is when a caller deliberately falsifies its CLI to disguise its identity; this technique tricks the called party into answering a call. Scammers often spoof a trusted company or a government agency number (that a called party may already know and trust) to defraud the called party. Further, certain entities indulge in UCC and spam, annoying customers,” Trai said.

Trai said that “critical vulnerabilities exist in today’s increasingly open telecommunication networks”, where signalling mechanisms used for control and management are susceptible to exploitation.

“The current Network-Network Interface between telecom service providers (TSPs) relies on an assumption of trust grounded in commercial agreements rather than rigorous technology-based security measures. This assumed trust, coupled with the proliferation of new interfaces such as Session Initiation Protocol (SIP) trunks for non-TSP entities, third-party SMS gateways, and open 5G architecture, creates significant security gaps. These gaps can be manipulated for malicious activities, including CLI spoofing, International Mobile Subscriber Identity (IMSI) theft, and unauthorised surveillance, posing serious challenges not only to the integrity of network communications but also to the safety of sensitive user information,” it said.

Stressing the “urgency for robust countermeasures”, the regulator said the situation becomes even more dangerous, considering the potential for AI-enhanced threats, such as voice cloning combined with CLI manipulation.

“Trai reiterates its recommendations on ‘Introduction of CNAP Service in Indian Telecommunication Network’ dated February 23, 2024, to be implemented by the DoT at the earliest.”

It also said that DoT may establish a “trust framework” by authorising a centralised or distributed Certification Authority (CA) to authenticate and validate signaling messages between various network entities.