We need an industry-backed, technology-neutral resource to restore trust in voice communications

With illegal robocalls now accounting for nearly half of all unwanted calls in the United States, consumers are simply choosing not to pick up their phones. In fact, studies show that in the United States alone, 76% of calls from an unidentified or unknown number go unanswered, and 58% of consumers only answer calls from numbers they recognize.

A previous article exploring how companies can protect their brands from harm caused by illegal robocalls discussed industry initiatives that are helping consumers get their phones back on track. The FCC Illegal Robocall Response Team and STIR/SHAKEN, the FCC-mandated initiative that provides a framework that voice service providers use to digitally sign every call originating on their network, are examples of such initiatives.

But when analyzing the challenges that service providers and the industry face, it’s clear that a voice service provider’s robocall mitigation strategy is only as effective as the information they rely on. is based. This is all the more important since countries like Great Britain and France join the United States and Canada consider or require service providers to use call authentication.

The guiding principle of STIR/SHAKEN is that robocall mitigation is most effective when all receiving telephone companies know as much about the origin of the call as the originating telephone company. This information must also be protected against tampering, bad actors and other fraudulent activities to ensure that it always remains trustworthy. More importantly, this system must work at scale.

The good news is that there has been significant industry progress towards these goals, including common industry standards that have been defined and implemented. While the industry can certainly take a victory lap, there is still a long way to go. One example is the diversity of how companies make phone calls – through outsourced contact centers or directly in-house – using third-party phone numbers acquired separately from the company handling each call. These variables complicate call authentication and underscore the need for a platform that serves as the industry standard source of trusted information.

In the United States alone, hundreds of voice service providers have deployed STIR/SHAKEN in the IP portions of their networks. Already we see STIR/SHAKEN working with legitimate traffic and stopped suspicious traffic. And, as efforts continue to grow and become more robust, telcos are evolving their robocall mitigation efforts based on reliable information, which in turn benefits their enterprise customers.

Too many options lead to a Wild West

At the same time, some companies may feel that parts of their legitimate voice traffic may have been collateral damage captured in the web from the early months of STIR/SHAKEN’s launch. Valid companies want to be unequivocally known by their customers. They need deterministic and consistent results for all the networks their calls encounter in this new STIR/SHAKEN world, especially when it comes to blocking, tagging, and ultimately improving response rates. They also don’t want to have to fundamentally change their supply chains to achieve this consistency. This is something very important, in terms of how to support the whole ecosystem. So, as the industry progresses, it remains highly dependent on a highly reliable trust model. Reliable data is an essential factor in supporting STIR/SHAKEN and what underlies it.

Many players are innovating in the area of ​​robocall mitigation. It’s advantageous from an industry perspective, but the catch is that it can also feel like the Wild West.

Service providers and enterprises must navigate many solutions aimed at bridging the enterprise attestation gap. These range from gateway attestation, whereby the service provider has authenticated itself from where it received the call but cannot authenticate the actual source of the call, to full attestation, whereby the service provider has authenticated the caller and is authorized to use the calling number. Businesses are courted by many value-added providers who promise dramatic improvements in response rate, even if it only affects one or two of the many networks that those business calls will traverse. Moreover, since many of them are proprietary solutions, ongoing investment and innovation is largely driven by commercial considerations rather than neutral, industry-based decision-making mechanisms.

On top of that, there is fragmentation when it comes to brand registration and verification due to the many solutions for businesses to go to their portal and register their business and phone numbers. Consider all the mobile apps offering robocall management, most of which have announced that a business registry now accompanies their consumer app. There are also other solutions and vendors that promote their own registries.

This fragmentation may not restore consumer confidence in voice calls due to the inconsistencies businesses will see based on the networks serving their calls. If an operator changes solution provider, what happens to all those results that have been set up for a caller and no longer work as they used to? Service providers, of course, seek to differentiate themselves, and they must also collaborate to ensure that trust is always in place across the industry.

At the virtual STIR/SHAKEN Summit in July 2021, industry attendees answered questions such as: “What is your primary opinion regarding multi-brand registration vehicles in the industry?”

  • 42% said there were too many places to register or fit in.
  • 21% indicated that proprietary solutions may not be producing enough of the desired results.
  • 32% were unsure of the differentiation between the different options, while only 7% had no concerns about having multiple solutions to support.

Another survey on the primary value of a centralized, industry-backed source for reliable information, found that 73% of respondents said they value consistency and efficiency.

An industry standard approach ensures consistency

A centralized, industry-backed source for trusted information, where legitimate numbers can be registered, helps avoid confusion, unnecessary costs and inconsistencies by providing a single, industry-standard framework. In 2021, the industry-led Secure Telephone Identity Governance Authority (STI-GA) announcement that delegated certificates could now be used in the SHAKEN authentication ecosystem. These policy changes allow companies and third-party calling services to use delegated certificates to provide SHAKEN authentication when making calls, whether they originate from regular or toll-free numbers.

In addition to caller number attestation, this approach provides a much richer branded calling experience for engaging consumers. Proofs of concepts have already demonstrated support for delegated certificates and rich caller information, such as caller name, logo, and call reason, which can be passed between networks and signed using these certificates.

Here’s how it works: A call receives the highest level of attestation (Level A, Full attestation) only if the service provider signing the call can attest to the customer’s right to use that phone number for calls. outgoing. Additionally, the display of richer caller information to the consumer should be limited to trusted data and calls known to be genuine. A delegated certificate gives service providers a way to establish a customer’s right to use a phone number when the service provider has not assigned that number itself.

Using a delegated certificate allows calls to receive the highest level of attestation and send rich call data even when a company sends an outbound call through a service provider using a third party number. To do this, a centralized, industry-backed source of legitimate registered numbers verifies that the business caller is genuine. It also defines the set of telephone numbers that these callers can sign with delegated certificates, allowing telephone companies to trust these digital signatures.

Fraudsters will take advantage of every opportunity and situation, including the global pandemic, to exploit consumers. Hence the need for policies supported by the ever-evolving industry of STI-GA and others, as well as a common, technology-neutral trust engine, also driven by industry governance. . It is encouraging to see the progress the industry has made so far, and we will no doubt continue to see service providers, governments and regulators, and the broader telecommunications ecosystem, working together to restore consumer confidence in the response to their phones.