U.S.–ASEAN Regional Traceback Workshop · Jakarta 2026

Identify the source.
Cut off the call.

The Industry Traceback Group traces scam calls hop-by-hop back to their origin — and hands regulators the intelligence to act. Now we're building this for ASEAN.

See how traceback works → The ASEAN opportunity
~40,000 Tracebacks Initiated
2,100+ Providers Identified
80+ Countries
1,100+ Subpoenas Answered
The Threat

Scams are a regional emergency

Calls and SMS are the dominant vector — and the scale is accelerating across every ASEAN member state.

$23.6B
Annual scam losses across ASEAN
GASA's 2025 Southeast Asia report estimates total regional losses reached USD 23.6 billion — with calls and SMS as the primary delivery channel.
63%
Of adults experienced a scam in the past year
A 6,000-person survey across ASEAN member states found 62% via phone calls, 56% via SMS — making telecoms the critical battleground.
80%
Of scam cases involve calls or SMS in some AMS
A July 2025 workshop poll among AMS governments and regulators found that for some member states, nearly all reported scams flow through telecommunications channels.
Source: GASA State of Scams in Southeast Asia 2025; GSMA ASEAN Consumer Scam Report 2025; AMS consultative workshop, Singapore, July 2025.
The Process

One question at every hop

Traceback doesn't capture calls or monitor networks. It asks a single question — and follows the answer backward to the source.

Interactive traceback demo
📵
Victim
Reports the call
🏢
Provider A
Terminating
🔀
Provider B
Transit
🌐
Provider C
International gateway
⚠️
Originator
Source identified
Click Start Trace to walk a scam call back hop by hop — the way ITG does it every day.
📥
1 · Source
Complaint submitted with calling #, called #, date/time, and incident description
🔍
2 · Vetting
ITG confirms evidence of illegality and verifies the authorized requestor
🔗
3 · Traceback
Secure portal assigns a traceback #. Terminating provider gets 24-hr response window
🪜
4 · Hops
Each transit provider names upstream. Originating provider identifies the customer
5 · Action
Non-compliant providers flagged; law enforcement handed the intelligence package
"An investigation that would have taken at least four separate subpoenas and two to three months to complete was successfully traced back in less than 24 hours." — Federal Communications Commission, Report to Congress
Enforcement

Traceback produces the evidence.
Two levers apply the consequences.

Intelligence without a backstop is just information. The U.S. model pairs traceback with regulatory teeth that reach any provider carrying illegal traffic.

LEVER A Mandatory Call Blocking

A graduated escalation — from notice to cut-off — with strict response windows at every stage.

1
Notification of Suspected Illegal Traffic — investigate, block, and report back within 14 days.
2
Initial Determination Order + Show Cause — issued on inadequate response or continued traffic. 14 more days to answer.
3
Final Determination Order — every downstream provider must block and cease accepting all traffic within 30 days.
The teeth: silence is scored as non-compliance. Stonewalling doesn't buy time — it guarantees the cut-off.
LEVER B Robocall Mitigation Database Removal

A network-level kill switch: remove a provider's certification and every U.S. carrier must stop accepting its calls.

Only certified providers may exchange traffic in the U.S. voice network. Certification lives in the RMD.
Remove the certification and every other provider must stop accepting calls within 2 business days — except 911.
No re-filing without Enforcement Bureau and Wireline Competition Bureau consent.
Used in practice: SK Teleco — 16 ignored tracebacks → Final Determination Order + RMD removal, June 2026. The first-ever shutdown driven by the 24-hour traceback-response rule.
🏛️
Regulatory Intel
ITG packages intelligence on bad actors and their enablers for DOJ, FBI, state AGs, and regulators — ready for legal process.
🚫
Industry Disruption
Non-compliant providers are named and surfaced. Commercial and reputational pressure cuts off the traffic where legal action can't reach.
🤝
Financial Sector Partnership
A new NCFTA pilot shares ITG traceback data with the financial sector and law enforcement to identify and cut off telcos behind FI-targeted fraud.
The ASEAN Opportunity

A regional traceback federation

Locally controlled, legally grounded domestic operations — connected across all 11 ASEAN member states, and built to interoperate with global platforms.

🏛️
Regulators
ADGMIN · national regulators
Set expectations · address non-cooperation · build the enforcement framework
🚔
Law Enforcement
ASEANAPOL · Regional CERT · police
Authorized requestors · legal process for identity · coordinate cross-border referrals
🏦
Banks & Enterprises
Submit fraud referrals · provide call evidence · receive traceback intelligence
↓ ↓ ↓
🔒
One Shared Secure Traceback Portal
All 11 AMS operate in one aligned system · notifications flow in · CDRs stay home
↓ ↓ ↓
📡
Carriers across ASEAN — all tiers
Respond to traceback notices · investigate and block identified traffic · report back within agreed SLA
11 ASEAN Member States — each retains control of its own data
🇧🇳 Brunei 🇰🇭 Cambodia 🇮🇩 Indonesia 🇱🇦 Laos 🇲🇾 Malaysia 🇲🇲 Myanmar 🇵🇭 Philippines 🇸🇬 Singapore 🇹🇭 Thailand 🇻🇳 Vietnam 🇹🇱 Timor-Leste
Interoperable by design — the regional portal can peer with global platforms (e.g., ITG STP) at the boundary for cross-region traces.
Endorsed direction — the ASEAN Guide on Anti-Scam Policies & Best Practices (endorsed January 2026) recommends a regional traceback mechanism.
Administration model — government-run, industry-coordinated, or delegated neutral. This is the Block 1 question for the region to decide together.
Data Minimization & Sovereignty

The only question traceback asks

Traceback is a post office, not a database. Nothing is centralized. No country queries another country's data.

Every hop. The same question. Nothing else.
"Who handed this call to you?"
No call content · no subscriber profile · no financial records · no cross-border CDR transfer
What crosses a border
  • A single notification about one already-reported call — sent to a provider that already holds that call in its own records
  • The traceback request ID
  • The calling / called number on that one call
  • Date, time, and provider handoff information
What never leaves the country
  • Subscriber records & KYC files
  • Billing & customer account details
  • Law-enforcement files & investigation notes
  • Customer identity — obtained separately, in-country, under national law
The line

Traceback identifies the provider path. Customer identity follows legal process, at home — every member state keeps full control of its own customers' information. Privacy law, retention periods, data formats, and domestic procedure are answered jurisdiction by jurisdiction. The framework is the goal; the details serve it.

The Framework

Build first. Disrupt now.

A scam-focused traceback program doesn't need everything at once. These are the irreducible steps — in the order that gets traffic cut off fastest.

1
Designated Traceback Entity
One body that runs path resolution across providers — your ITG analog
2
Legal Basis for Data-Sharing
The safe harbor that makes carriers exchange routing data lawfully — most often missed
3
Conduct-Based Disruption Lever
Registration · traceback duty · blocking / cut-off — bites without needing a fraud case
4
Detection Feed
Complaints + analytics that classify campaigns and drive the traceback queue
5
Criminal / Civil Hook
Prosecution + penalties + victim recovery. Build second — don't let it block steps 1–4
Endorsed by ASEAN
The ASEAN Guide on Anti-Scam Policies & Best Practices, endorsed January 2026, formally recommends a regional traceback mechanism and designates cross-border call tracing as a priority for all ASEAN member states. The ITG is ready to partner on that implementation.
Jan 2026