One of the biggest challenges faced by both consumers and legitimate businesses is the ability to prove they are who they say they are. Consumers are wary that callers may be scammers. Legitimate collectors must ensure they are speaking with the right consumer, lest they risk disclosing personal matters to a third party. This is also called “authentication.”
In the world of debt collection, this is may be the single biggest barrier to the quality of communication needed to collect the right debt from the right consumer the right way. Many organizations, including the FCC, currently advise consumers not to reveal any personal information to a caller they don’t know. Yet collectors are required by law to use information like this to ensure they are speaking with the right party. This often creates a stalemate where no conversation at all can occur.
On the other hand, how is a consumer to know that the person calling them actually works for the organization they say they do? Scammers could say they are from Legitimate Collector, Inc., when they are not.
Last week the Federal Communications Commission (FCC) issued a Notice of Inquiry (NOI – WC Docket No. 17-97) aimed at addressing one side of this equation. The NOI states,
“While there are a number of legitimate uses for spoofing caller ID numbers, by simply impersonating a different number spoofing also can help fraudulent robocallers to evade call blocking or filtering tools that identify unwanted calls based on the calling party number—either that of a trusted party or using a random, possibly temporary, identity.8 These robocallers use cheap and accessible technologies to spoof their caller identity and scam victims with threats (such as false threats of legal action from the Internal Revenue Service), offers of loans, or purported awards of free travel.9 Moreover, these calls can harm more than their recipients: innocent subscribers whose numbers have been impersonated may find their numbers reported as the source of robocalls, resulting in their calls being blocked.”
One group, the IETF (whose mission is to make the Internet work better by producing high quality, relevant technical documents that influence the way people design, use, and manage the Internet”), has developed a framework called SHAKEN/STIR, that incorporates a certificate model to create credentials that are used to vouch for the authenticity of callers. Technical details of how this would work – and how it would be managed -- can be found here, in the FCC’s NOI titled the Call Authentication Trust Anchor.
The FCC is seeking comment on:
- The FCC’s role in promoting and/or assuring call authentication;
- A system of call authentication proposed by industry groups (including the Alliance for Telecommunications Industry Solutions, the SIP Forum, and the Internet Engineering Task Force), as well as any potential alternatives;
- An industry proposal called “SHAKEN” (Secure Handling of Asserted information using toKENS) for a governance system that would set the policies on how service providers, telephone numbers, and other entities and sets of information are managed in the call authentication system;
- The criteria by which the various roles within this system should be selected, including the governance authority, the policy administrator, and certification authorities, and recommendations on particular entities that can fill these roles;
- The effects of call authentication on reducing unwanted robocalls on IP-based and legacy telephone systems and other public policy considerations, including privacy and security.
- Estimates of the costs and benefits of implementing call authentication.
Comments on this NOI are due by August 14, 2017. Replies to the comments are due by September 13, 2017.
The FCC news release about this NOI, the NOI itself, and statements about it by Commissioners Pai, Clyburn and O’Rielly can all be found here.
It will be interesting to see whether this proposal will have legs. While it is not aimed specifically at debt collection, the problem is significant in the industry.
The next trick would be to assist in helping the consumer authenticate their identity to a legitimate collector, in a way that eliminates the need to share personal information. I previously wrote about this in March, in the context of a Federal Trade Commission warning about scams.
The debt collection community – including creditors, collection agencies and consumers – could benefit greatly from innovation that provides transparency and trust.
The iA Institute (parent of insideARM) is devoting considerable effort to the concept of innovation for the industry. In conjunction with the Consumer Relations Consortium, the second meeting of our Innovation Council – a thought leadership group of creditor, agency, and service provider executives who gather to contemplate the future of debt collection technology - meets in August.