These are the new measures to combat phone fraud

01/04/2025

Every day we meet more people who have fallen or been tempted by digital fraud. More and more phishing scams are becoming prevalent, often starting with a call or message in which the cybercriminal impersonates a trusted organization, such as your bank or a public administration. What they're looking for, you know: consumers who bite sensitive personal and financial information, their personal keys or take any action such as accessing a website, calling a telephone number or carrying out a transfer, among others.

Faced with this situation, the Ministry for Digital Transformation and the Civil Service approved on February 12 a ministerial orderAbre en ventana nueva with a package of measures to combat identity theft scams through telephone calls (vishingAbre en ventana nueva) and fraudulent text messages (smishingAbre en ventana nueva), to ensure the identification of the numbering used for the provision of customer service and making unsolicited commercial calls.

Its objective is to increase the protection of consumers and businesses in the face of the increase in this type of fraud. Thus, measures are established to (i) prevent the progress of communications that manipulate the calling line identifier or the numeric or alphanumeric identifier of the messages; and (ii) ensure the correct identification of customer service and commercial calls. The former shall apply to operators providing interpersonal communications services, providers of message storage and forwarding and their respective resellers in so far as they enable communications (calls and messages) to be established; The latter shall apply only to customer service providers or those making unsolicited commercial calls.

Below, we summarize, on the one hand, the measures that are introduced with this regulation to combat fraud by phone and messaging:

• Call Blocking: calls must be blocked with numbers that have not been attributed to any service, assigned to any operator or assigned to any customer, including empty numbers, such as those starting with 3 or 4.
• Blocking calls with international origin identified by a calling line identifier (CLI) of the national fixed or mobile numbering plan: their use shall be prevented, except in the case of international roaming.
• Message blocking (SMS/MMS/RCS): Messages must be blocked with numbers that have not been attributed to any service, assigned to any operator or assigned to any customer, including empty numbering.
• Blocking messages with international origin: these messages must be blocked, except in the case of international roaming.
• Alias registration and blocking of messages with unregistered aliases or issued by non-enabled entities. This register will be managed by the National Commission of Markets and Competition and will contain the alias (alphanumeric string), along with the identification of those providers of messaging services enabled to send and transmit messages, thus preventing other unauthorized actors from supplanting legitimate entities such as banks or administrations.

And, on the other hand, we indicate the measures that are introduced to ensure the correct identification of the numbering used for the provision of customer service and the making of unsolicited commercial calls:

• Prohibition of the use of mobile numbering for customer service calls or for the making of unsolicited commercial calls.
• Attribution of the 800 and 900 ranges for the provision of customer service and for the making of unsolicited commercial calls.

“Disclaimer: Please note that this is a translation of the original in Spanish that has been obtained using eTranslation (the machine translation tool provided by the European Commission), with the intention of giving you a basic idea of the content in English until a human translation becomes available. The Banco de España accepts no liability whatsoever in connection with this translation.”