CallSwitch One Logo
All Blogs

VoIP

Here’s what you need to know from the CCUK Fraud Summit

Here’s what you need to know from the CCUK Fraud Summit

Last week, the Nebula Fraud Team attended the CCUK Fraud Summit 2026. Fraud Minister Lord Hanson joined industry leaders to set out a clear direction of travel, and for MSPs and resellers, the changes ahead are significant.


The headline message was straightforward: the era of every provider fighting fraud alone is over. A new wave of coordinated standards, automated tooling, and cross-sector intelligence sharing is being locked in, and it will reshape what good fraud prevention looks like for every partner and the customers they serve.

Here is what you need to know.

The traceback breakthrough and why it sets a new bar

The best way to understand where the industry is heading is to look at what is already working across the Atlantic.

Case study: Industry Traceback Group (ITG)

A network of over 2,500 providers across 80 countries recently traced a ransomware call across seven network hops and three continents. The full investigation was completed in under five days, with one provider responding in just 42 minutes.

That benchmark is now the standard the UK is working toward. The industry is replacing the decade-old ND1437 guidelines with a new framework called ND1527 (developed at the request of Ofcom)  which moves traceback away from slow, manual workflows toward high-speed automation via API integration and centralised portals.

For your customers, this means fraud investigations that once dragged on for weeks will resolve in hours. For you as a partner, it means fraud evidence becomes legally actionable far faster,  protecting your business as well as theirs.

CLI blocking: stopping fraud before it reaches your customers

Traceback catches fraudsters after the fact. The bigger priority at the summit was making sure they never reach the consumer at all.

Since January 2025, Phase 2 CLI (Calling Line Identification) blocking rules have been mandatory across UK providers. These require providers to block any international call that spoofs a UK number, a technique widely used by overseas scam call centres to gain victims' trust.

But there is a challenge every partner should understand: blocking has to be smart, not blunt. The risk is cutting off legitimate UK customers travelling abroad who are calling home on their +447 number. Two standards are being put in place to manage this:

ND1526

The technical framework that distinguishes a genuine roaming UK number from a spoofed one, so legitimate travellers are not blocked.

DNO (Do Not Originate)

A shared blocklist of numbers that should never be used for outbound calls. The UK has already flagged 14,000, but 5.7 billion unallocated numbers globally remain at risk.

Expanding and sharing DNO lists across the sector is how the industry is closing the doors criminals have been using to enter UK networks undetected.

Shared intelligence: the shift from reactive to pre-emptive

Technical standards are the locks. Collective intelligence is the alarm system. This was the theme that ran through the second half of the summit.

The Telecom Fraud Sector Charter is building a live intelligence pool where a block by one provider triggers an alert for all. Alongside this, the Online Crime Centre (OCC), a multi-million-pound hub launched this month, uniting the National Crime Agency, telcos, and banks, is creating a centralised database to dismantle criminal infrastructure at source.

Insights from Oculeus confirmed that bad actors are increasingly turning to AI-driven tactics and messaging platforms. Waiting for scams to be reported is no longer viable. By pooling data, the industry can now spot fraudulent patterns across multiple networks simultaneously and deactivate suspicious accounts before they ever reach a customer.

What this means for MSPs and resellers

Fraud prevention is moving from a checkbox exercise to a genuine competitive differentiator. Customers who see you actively managing these risks are more likely to trust you, stay with you, and refer to you. Here is where your attention should be:

  • Ensure the providers in your stack are aligning with ND1527 and ND1526, ask the question if you have not already.

  • Review your CLI blocking posture. Make sure legitimate roaming traffic is not caught in filters designed to stop scammers.

  • Use fraud as a conversation with customers, not just a technical topic, but a trust signal. Businesses increasingly value partners who protect them proactively.

  • Watch for AI-driven fraud vectors. Vishing and spoofed messaging campaigns are accelerating, your customers need to know the threat has evolved well beyond premium-rate call hacking.

42 min

Fastest single-provider traceback response (ITG)

14,000

UK numbers flagged on
Do Not Originate lists

2,500+

Providers in the ITG global traceback network

How Nebula supports you on fraud

Our platform includes real-time traffic analysis, geo-blocking for high-risk regions, and blocklists that halt calls to suspicious numbers, and our team attends summits like this one so you don't have to. If you want to talk through how any of the new standards affect your customers, speak to your account manager or get in touch with the team.

Written by:

Rhianna Butt

30 April 2026

4 min read

CallSwitch One

©Nebula Cloud Ltd., 2026.

Terms & Conditions|Privacy Policy|Cookie Policy|Accessibility Statement
LinkedIn LogoX LogoYouTube Logo