Published April 8, 2026
Read Time Mins
The UK Government’s Fraud Strategy 2026-2029 places telecoms operators at the centre of the national fraud response for the first time. We feel that is the right call. But meeting the obligation, and the commercial opportunity it creates, requires more than blocking known bad numbers. It requires intelligence embedded in the network itself.
Fraud is now the most common crime in the United Kingdom. It accounts for more than 40 per cent of all crime recorded against individuals and costs the economy billions of pounds each year. The harm is not abstract. Behind each statistic is a person, often elderly, vulnerable, who trusted a message, answered a call, or clicked a link. And unltimately paid a price they will spend years recovering from.
In March 2026, the Government published its response: the Fraud Strategy 2026-2029, backed by over £250 million of investment. The strategy is built around three pillars: Disrupt, Safeguard and Respond, and it comes with a clear change in direction. The fight against fraud will no longer be left primarily to law enforcement and financial institutions. For the first time, telecoms operators are named as critical control points in the national fraud response.
That is a significant shift. And it is one that operators need to understand clearly, not as a compliance burden but as a structural opportunity to lead.
The strategy makes a point that the industry has been slow to internalise. In much online fraud, the decisive intervention, happens long before any bank transfer takes place. It happens in the network: a consumer dials a spoofed number, a fraudulent SMS is delivered to their device, they click a malicious link, install a remote access application. And by the time a payment instruction reaches a bank, the criminal has already done most of the work. The bank sees the transfer; it does not see the conditions that led to it.
“The decisive intervention may happen long before any bank transfer, in the blocking of a spoofed number, the removal of a malicious advert, or the disruption of infrastructure at source.”
– UK Fraud Strategy 2026-2029
This is why the strategy places a new set of obligations directly on telecoms operators. The Telecoms Fraud Sector Charter (updated alongside the strategy) requires operators to maintain maximum scam blockage, modernise and secure their networks, contribute to traceback systems so criminals cannot hide within network infrastructure, and actively share intelligence on emerging scam patterns through the new Online Crime Centre.
The £31 million Online Crime Centre, launching in 2026, will bring together law enforcement, intelligence agencies, financial services and telecoms operators to work in real time on disruption. However, this is not a voluntary discussion forum. It’s a coordinated enforcement mechanism and operators are expected to participate as active contributors, not passive observers.
The Telecoms Charter sets out a specific roadmap. Operators are expected to block fraudulent calls and messages at scale, implement two-factor authentication standards before account transfers, share reported URLs and phone numbers suspected of smishing with the National Cyber Security Centre and the National Fraud Intelligence Bureau. They are expected to work collaboratively on common network standards that reduce fraud across all messaging channels.
Beyond the Charter, the Home Office has announced a Call for Evidence in 2026 on measures to reduce anonymity within the telecoms ecosystem and strengthen accountability across the sector. So, the direction of travel is clear. Operators who cannot demonstrate that their networks are not being used as tools for fraud will face growing regulatory scrutiny.
This is not a future risk, it’s a current obligation. And the operators who treat it as such, who invest now in the capabilities the strategy demands, will be in a substantially better position than those who wait for enforcement.
Financial institutions are not released from responsibility under the new strategy, far from it. The expectation on banks is to drive upstream detection and share intelligence swiftly with the counter-fraud ecosystem. Simultaneously, they should protect vulnerable customers and help close the cash-out routes that make fraud economically viable for criminals.
The Authorised Push Payment reimbursement framework, which requires sending and receiving payment service providers to split liability equally, remains in place. But the strategy acknowledges what practitioners have long understood: a simple 50/50 split does not align incentives with outcomes. It applies equal liability regardless of where in the fraud chain the failure actually occurred.
This matters because it creates a structural problem. If a fraudulent call was allowed to reach a subscriber because the network failed to block it and that subscriber then authorised a payment under duress, the fault lies primarily upstream of the bank. And a liability model that treats the bank as equally responsible does not reflect that reality. It also does not incentivise the network-level investment that would have prevented the harm.
The most effective response for financial institutions is not to absorb the cost of reimbursement. It’s to demand and partner with telecoms operators who can demonstrate that their networks are hardened against fraud origination.
Telecoms operators and financial institutions share a problem but not a view. Each sector sees a different part of the fraud chain. Banks see the transfer and the account behaviour. And telecoms operators see the communication and the network behaviour. However, neither on its own sees the full picture.
So, the strategy attempts to close this gap through the Online Crime Centre and through expanded data-sharing obligations. But data sharing alone is not sufficient. Ideally, operators need detection capability that works in real time, across both domains, before the fraud completes.
The bank sees the transfer. The network sees the conditions that made it possible. Protecting customers requires both.
This is where the architecture of protection matters. Blocking a known bad number is necessary but it’s not sufficient. Fraudsters adapt rapidly, rotating numbers, exploiting legitimate infrastructure and combining multiple individually benign signals into an attack pattern that no single rule will catch.
Consider a common pattern: a subscriber receives what appears to be a call from their bank’s fraud team. Simultaneously, a remote access application is installed on their device. Together, these two signals form a high-risk behavioural pattern. Individually, neither would necessarily trigger an alert. But the capacity to detect the combination in real time at the network and device level, is what separates a platform capable of meeting the strategy’s intent from one that merely meets its minimum requirements.
The strategy is directionally right about where intervention needs to happen. The Telecoms Charter is directionally right about what operators must do. However, what both documents leave underspecified is the technology architecture that makes this possible at scale.
Blocking known bad numbers and URLs is a minimum standard. It’s reactive by definition. By the time a number or domain has been flagged and distributed, it has already been used. And the criminals have already moved to the next one.
What the strategy demands, in practice, is the capacity to detect fraud before it has been seen before. That requires behavioural intelligence. The ability to correlate signals across network traffic, device behaviour and session context to identify risk patterns, even when each individual signal appears benign.
Fortunately, this is not an aspirational technology. It exists and is deployable within operator infrastructure today. It operates at the network edge, inline, without latency impact, without user friction and without requiring any change to the subscriber experience. For operators who need to demonstrate to the OCC and to the Home Office that their networks are genuinely hardened against fraud origination, behavioural intelligence at the edge is the capability that makes that case.
The Fraud Strategy 2026-2029 formalises something that was already becoming commercially true. Subscribers and enterprise customers increasingly judge their operator not just on speed or price, but on the safety and reliability of the digital environment they deliver.
An operator whose network is routinely used as a vehicle for fraud carries reputational and regulatory risk that will only grow as the strategy’s enforcement mechanisms mature. However, an operator who can demonstrate that their network actively detects and prevents fraud, and who contributes meaningfully to the shared intelligence infrastructure the strategy creates, occupies a fundamentally different commercial position.
Trusted connectivity is not a marketing claim; it’s an infrastructure capability. It’s built at the edge, in the network, through the kind of behavioural intelligence that the strategy is asking operators to deploy.
The operators who understand this earliest will have the greatest opportunity to lead commercially, in terms of regulation and in the eyes of their subscribers.
The strategy is live. The Charter obligations are in place. The Call for Evidence on telecoms accountability will shape legislation. The window for voluntary leadership, before enforcement mechanisms are fully in place, is now.
Three questions worth addressing immediately:
The Fraud Strategy 2026-2029 is not a burden designed to constrain the industry. It’s a framework designed to direct investment towards the places where it will have the most impact. For telecoms operators with the right architecture, it’s a competitive advantage.
BlackDice Halo is a network-edge cybersecurity platform built for telecoms operators. Deployed within operator infrastructure, it delivers real-time threat detection, behavioural intelligence across network, device, session signals and policy enforcement at the edge, with no latency impact and no user friction. BlackDice enables operators to deliver trusted digital environments to their subscribers, at scale.
To learn more, visit blackdice.ai