ComReg has the power to require, on a case-by-case basis, that access to numbers or services be blocked and to require undertakings to withhold relevant interconnection or other service revenues where this is justified by reason of fraud or misuse. The powers under Regulation 83(2) of the European Union Electronics Communications Code Regulations 2022 (S.I. No. 444 of 2022) are invoked for the purposes of preventing fraud or misuse of Irish numbers and for the protection of end-users.
ComReg considers that this power may be invoked in circumstances such as:
- the hacking of PBXs (companies’ telephone systems). In this type of misuse, the hacker remotely gains access to a company’s PBX and begins making calls to international destinations. Generally the hacker’s aim is to generate a high volume of calls to a particular destination which generates revenue for the hacker. The end user which is the victim of this misuse can face bills of many thousands of Euro for these calls from their communications provider. In these circumstances ComReg may intervene in the often complex billing arrangements between domestic and international communications providers and require that the payments resulting from this type of misuse are withheld. Typically, when ComReg intervenes in this way a communications provider will not hold the hacked end user liable for the calls.
- The sending of large volumes of unsolicited communications (typically SMS) to consumers, which are likely to result in the recipients responding and thereby unknowingly incurring charges. Typically, the original unsolicited communication that is received by consumers and does not include details, of the nature or price of the service.
If you are the owner of a PBX and find out that you have been hacked, you must report the incident to the Gardaí and provide all necessary information to your Communications Provider as soon as possible.
PBX Hacking – ComReg advice to PBX Owners.
Communications providers can report a Misuse incident to the Wholesale Compliance team using the following form:
Operator Misuse Notification Form
This form should be sent to email@example.com
The following document describes the Regulation 83(2) Process – An Operator’s Information Notice