April 28, 2021

Call Authentication Overview and Its Future

| | |

Call Authentication Overview and Future

Call authentication is imperative to stopping robocalls and scammers. While it has been in development for years, it is just now growing closer to widespread consumer integration. And it’s a win-win, customers and clients will know for sure who’s calling, and you’ll know your calls will always get through to the intended recipient.

But if scammers get through to your customers, you risk a damaged reputation and your customers face the potential of dealing with bad actors. This is why call authentication is so important.

What Is Call Authentication?

Call authentication is a mechanism that verifies the origin of a call, making spoofing a lot more difficult to engage in. While call spoofing is not technically illegal, it is a common practice used by scammers and robocallers to mask their true identity.

Online sites, applications and other methods of contact require such tools as two-factor verification to ensure secure service. The world is moving towards a majority of interactions occurring online or by phone, so verifying the identity of customers and clients is crucial. But it’s just as crucial that customers can trust the content on their caller ID.

The Call Authentication Process

The process of authenticating calls is multi-faceted. Carriers and service providers must work together to vet and authenticate calls properly in order to protect consumers and businesses. But how do carriers and providers do this? And can it help decrease fraud, improve your customer service and solve capacity issues?

At its core, call authentication has three steps:

  1. A call is placed to a customer.
  2. Connecting the call to the customer.
  3. Call authentication takes place.

Yes, this is a rather simplified version of the process. You’ll need to more deeply understand the forms of call authentication and how you can use them to protect your business, your customers’ sensitive information and your bottom line.

The three attributes of call authentication include:

  • Subscriber vetting
  • Phone number validation
  • Attestation levels

Let’s take a closer look at these.

Subscriber Vetting

Vetting subscribers to a network typically involves:

  • Customer: The entity or person purchasing services, including rights to a telephone number.
  • End user: The entity or person using the subscribed service, i.e., initiating a call from the issued phone number.
  • Direct relationship: Customer and end user are the same.
  • Indirect relationship: Customer and end user are not the same.

Vetting subscribers is important to ensure that the service provider and VoIP customers are legitimate sources. Identifying the relationship between these parties can help determine the legitimacy of the call.

Best practices help determine the relationship between service providers and end users. For instance, if there is a direct relationship, normal sign-up practices suffice for vetting. If the relationship is indirect, however, the service must collect additional information warranted by the relationship’s nature, such as the business’s location, contact personnel, state of incorporation, federal tax number and the type of business the customer engages with.

Phone Number Validation

This is an essential practice to ensure that the entity making a call can legally use the “calling from” number. Typically, businesses register their CNAM data with carriers. This validates their business information and ties it to the associated phone number(s). CNAM data is the information that shows up on a consumer’s caller ID.

When you purchase the phone numbers to use with your business, it’s important to timely register each number with telecom carriers along with your CNAM data. This authenticates your phone numbers, tying them to your company. For telecom carriers that house CNAM data repositories, it ensures the caller ID information shows up on the consumers’ caller IDs. However, not all carriers use the same types of repositories, so your data could become fragmented.

Validating phone numbers prevents unauthorized users from spoofing a business’ phone number.

Phone number validation services establish:

  • If a certain number is an active phone number.
  • Whether an actual person answers the phone
  • If a machine answers the call.

Attestation Levels

Originating service providers use attestation levels to determine the trust of the calling party’s phone number identity. This breaks down into three attestation ratings:

A-Attestation, or Full Attestation: Your call passes all validation checks. The phone carrier has validated that you are indeed the calling party using the phone number ascribed to your business.

B-Attestation, or Partial Attestation: The phone carrier has validated your identity but cannot completely verify your phone number. For instance, this can occur when you purchase your phone number from a different carrier than the one the call is being routed through.

C-Attestation, or Gateway Attestation: This, the lowest of all ratings, means that the phone carrier cannot validate that it’s indeed you placing the call and using the phone number. The carrier also cannot validate your caller ID information. This can sometimes happen for phone calls placed through an international gateway or a legacy system.

Full attestation is ideal. However, there are a variety of factors that can lower a caller’s attestation rating.

These ratings are essential components of call authentication. Carriers perform this process for every phone call to verify unknown callers. The process from start to finish takes just a few seconds.

The concept of attestation ratings is relatively new. Within the new STIR/SHAKEN protocol, this is just one way the government is attempting to crack down on scammers using ill-gotten phone numbers to scam consumers. While they’re not yet entirely foolproof, these tactics do help carriers decide if certain callers are using spoofed phone numbers.

Dealing With Other Service Providers

The telephony network is a complex process and is not always uniform. This is especially true when dealing with international calls. STIR/SHAKEN call authentication is rolling out in the U.S. and Canada. This means that service providers will have a hard time authenticating international calls unless this type of verification eventually rolls out internationally. Additionally, processes like least call routing can further convolute attestation ratings.

Sometimes, using third parties to validate phone numbers is the ideal option. Especially when enterprises use numbers from a variety of service providers.

The Future of Call Authentication

While call authentication is a big step towards eliminating call spoofing and mitigating robocalls, it has some challenges to overcome. Many businesses will likely see adverse effects from call authentication, depending on the service providers they use. In any case, it is important to stay vigilant.

These tips can help:

  • Ensure you’re using reputable service providers.
  • Own and register the phone numbers you’re dialing from.
  • Monitor your phone number’s reputation.
  • Avoid using least call routing if possible.

By having a plan in place, you can prepare your business for when call authentication reaches consumers.