Malicious Call Identification

Description

Malicious Call Identification (MCI) is a classic supplementary service defined in 3GPP for circuit-switched (CS) telephony networks, including GSM, UMTS, and legacy parts of the core network. It is a network-based service invoked by a called subscriber during or after receiving a call perceived as malicious, obscene, threatening, or a nuisance. When activated, the service triggers the network to record and store key information about the offending call. This information typically includes the calling party's number (if not withheld), the called party's number, the date and time of the call, and the duration. This data is stored in a secure log, often accessible only by authorized network operator personnel or law enforcement agencies, to aid in investigation and potential legal action.

The service operates through specific signaling procedures. In traditional GSM/UMTS, it uses protocols like ISDN User Part (ISUP) in the core network and possibly MAP for interactions with the Home Location Register (HLR). When a subscriber wishes to invoke MCI, they typically perform an action during or immediately after the malicious call. This could be by dialing a specific feature code (e.g., *57 in some regions) or, in more modern implementations, through a menu option on the phone. This generates a service request sent to the Mobile Switching Center (MSC). The MSC, which has already handled the call setup and maintains call detail records (CDRs), will then flag the specific CDR associated with that call as a "malicious call identification" event. It may also initiate additional logging procedures to ensure the relevant data is preserved and associated with the subscriber's complaint.

Architecturally, the MCI service relies on the capabilities of the MSC and the service control functionality. In earlier intelligent network (IN) architectures, a Service Control Point (SCP) might be involved to manage the service logic. The key components are the subscriber's terminal (to initiate the request), the MSC (to recognize the request and tag the call record), and the operator's administrative systems where the logged information is stored and retrieved. The service does not actively block or intercept the call in real-time; it is a post-event identification and logging mechanism. Its effectiveness depends on the calling line identity being presented and not withheld, and on the operator's procedures for handling the logged data.

Purpose & Motivation

MCI was created to address a fundamental social and security concern in telephony: harassment and threatening calls. Before such services, victims of malicious calls had little recourse. They could report the issue to the operator, but without a reliable, network-verified record of the call's origin, investigation was difficult, especially if the caller used number withholding. The MCI supplementary service provides a standardized, network-assisted mechanism to create an auditable trail. This serves two main purposes: it acts as a deterrent, as potential harassers know their identity can be traced, and it provides concrete evidence for law enforcement and legal proceedings.

The service originated in the era of fixed-line telephony and was adopted into mobile standards (GSM from Phase 2 onwards) to provide consistent security features across networks. It solved the problem of subscriber vulnerability and empowered users by giving them a simple tool to respond to abuse. For network operators, it provided a standardized way to handle a common customer complaint and meet regulatory obligations regarding user safety and privacy. The limitations of the pre-MCI approach were reliance on manual operator intervention and the lack of a guaranteed, tamper-proof log linked directly to the subscriber's invocation request.

In the modern context, with the decline of circuit-switched voice and the rise of IP-based Voice over LTE (VoLTE) and Voice over NR (VoNR), the principles of MCI have evolved. Similar functionalities for identifying unwanted communications are being addressed through different mechanisms in IP Multimedia Subsystem (IMS)-based services, such as SIP signaling for identity assurance and spam identification services. However, the legacy MCI service remains a defined part of the 3GPP CS domain specifications, ensuring backward compatibility and service continuity for networks and devices still utilizing circuit-switched fallback (CSFB) or traditional CS voice.

Key Features

• Allows a called subscriber to request network logging of a malicious call's details.
• Logs critical call data: calling number (if available), called number, time, date, and duration.
• Invoked by the subscriber during or after the call via feature code or handset menu.
• Relies on the Mobile Switching Center (MSC) to flag and store the relevant Call Detail Record (CDR).
• Provides an auditable trail for investigation by network operators or law enforcement.
• Standardized supplementary service for GSM, UMTS, and legacy circuit-switched core networks.

Evolution Across Releases

Defining Specifications