A lot has happened in the call delivery world in the last year. Here is my attempt to weave together the developments and put them in context.
According to a report published earlier this month by robocall analytics company Hiya, voice traffic was up 184% in 2020 compared to 2019. Unfortunately, so are the scams. The report states that each of us received an average of 144 spam calls last year—58% of which were fraudulent. A Censuswide survey of more than 2,000 consumers and 300 business professionals commissioned by Hiya revealed that 75% of Americans surveyed were targeted by scammers over the past 12 months, and more than 7% reported losing more than $500 as a result of a phone scam in 2020.
Meanwhile, 44% of Americans surveyed say they regularly miss important calls because they are unidentified. According to Hiya, 94% of unidentified calls went unanswered in 2020, as 85% of survey respondents indicated they are concerned unidentified calls might be fraudulent.
The survey found that, in financial, insurance, and healthcare industries, the majority of consumers prefer to be contacted via voice over other communication channels, including email, text, instant messaging, web chat, and video call. However, consumers also noted that businesses in these industries are those most often “spoofed” - a practice of hijacking a legitimate business’ phone number to exploit their customers - and it’s difficult for businesses to monitor and stop on their own, as they often don’t even know they’ve been spoofed. Nonetheless, spoofing can cause long-term damage to a firm’s reputation.
According to Hiya’s report, nearly half of all Americans surveyed (48%) want to see regulators address the issue of spam and fraud calls, nearly 42% of respondents want their wireless carrier to put an end to the problem, and 37% of consumers want the businesses who are being falsely impersonated by scammers to address the problem.
Carrier response - the Industry Traceback Group
Over the past few years, carriers have responded to intense pressure and developed multiple ways to address the issue. One of these is USTelecom’s Industry Traceback Group (ITG), which is also the designated Robocall Traceback Consortium. When the ITG receives a complaint from a terminating voice service provider, consumer, regulator or law enforcement it opens a case. The case is tracked using the ITG Secure Traceback Portal, with each provider adding information to the case record, including the next upstream provider that relayed a robocall in the case. Traceback is repeated until the originating service provider is identified, the U.S. point of entry is identified, or a dead-end is reached.
According to the ITG’s first annual report, in 2019, 100+ companies participated in over 1,000 ITG traceback investigations, implicating more than 10 million illegal robocalls and resulting in more than 20 subpoenas and/or civil investigative demands from federal and state enforcement agencies.
As noted by telecommunications network software provider TransNexus, the ITG reported in a letter to the Federal Communications Commission on November 13, 2020 that about 100 providers have failed to cooperate with the ITG, including less than 30 that are based in the United States. The ITG encouraged the Commission to bring aggressive enforcement against robocallers and voice service providers that routinely refuse to participate in the traceback process.
Subsequently, in their Fourth Report and Order on Advanced Methods to Target and Eliminate Unlawful Robocalls released December 30, 2020, the FCC required “all voice service providers to respond to traceback requests from the Commission, civil and criminal law enforcement and the Consortium.”
STIR/SHAKEN and the TRACED Act
Additionally, in September of last year, the Commission released its latest initiative “to continue the FCC’s work to implement the TRACED Act and promote the deployment of caller ID authentication technology” (i.e., STIR/SHAKEN). This step would “adopt rules implementing many of the proposals [the agency] made in the First Caller ID Authentication Report and Order and Further Notice. Among other things, [the proposal would] adopt rules governing intermediate providers and caller ID authentication in non-IP networks, we implement the exceptions and extensions established by the TRACED Act, and we prohibit line-item charges for caller ID authentication.”
The STIR/SHAKEN protocol, once widely implemented, is expected to help eliminate the practice of spoofing by letting terminating carriers know that the call originator is authorized to use the phone number in question. Some believe STIR/SHAKEN will eliminate scam calls; it’s unclear that this will happen, as the protocol alone doesn’t involve vetting the reputation or practices of a caller.
Trusted entity verification
In November 2020 a group of technology companies and voice service providers announced a milestone in protecting consumers from fraudulent robocalls and building a more secure and trustworthy telephone ecosystem. Comcast, Everbridge, NetNumber, Numeracle, and Twilio completed what is believed to be the first-ever call to combine authenticated caller ID and Rich Call Data (RCD), powered by the STIR/SHAKEN framework and protocols.
To begin the end-to-end caller ID authentication, Everbridge and its enterprise clients first completed the Numeracle Verified Identity™ entity vetting and validation process. Verified Identity provides a compliance-based, know your customer (KYC) and customer due-diligence solution used to validate the business identity and calling competency in support of the TRACED Act’s goal of ensuring the calling party is accurately identified.
Utilizing Numeracle’s Entity Identity Management™ platform, the relationship between the Everbridge Verified Identity enterprise, its authorized phone numbers, and its active relationship with outbound VoIP Service Provider, Twilio, was validated and certified. Branded Rich Call Data was associated with the Numeracle-validated enterprise call profile and pushed to the NetNumber Guaranteed Caller™ platform for issuance of a SHAKEN delegate certificate, and for use in call signing via Twilio as the originating service provider (OSP).
Based on the receipt of the RCD-signed call, Twilio was then able to confidentially and reliably sign the call with a SHAKEN signature using A-Level Attestation, the highest level of verification. Comcast then demonstrated the receipt and verification of the RCD and STIR/SHAKEN signed call with the display of the Verified Identity of the Everbridge enterprise caller via Caller ID Name, brand logo, and call reason.
And now, texting
In what you might call an “adjacent” matter, we are now seeing carriers take action to control the flow of text messages to consumers.
In recent months, insideARM has become aware of a new trend -- “text blocking.” It seems that at least one major carrier has declared debt collection texts off-limits, regardless of procedures or level of compliance. As we reported last week, T-Mobile’s latest Code of Conduct defines “disallowed content,” including debt collection text campaigns.
Years ago the CTIA developed guidelines for managing shortcodes, including strict requirements for receiving and using the codes.
Now, there is a movement to exert similar control over 10DLC (10-digit long codes). The Campaign Registry is a reputation authority for business messaging which requires brands and Campaign Service Providers (CSPs) to be verified prior to being allowed to send messages.
...It seems that the quest to develop an ecosystem of trust is never-ending.
How will all of this play out in the ARM industry?
For an industry that is required to be transparent, but not too transparent...or should I say, not too transparent too soon (until you've confirmed the identity of the person on the line)...there is added complexity. New trends such as branded call identity and electronic disclosure delivery that improve the consumer experience may be challenging in the third-party collections space. Hopefully, tools like STIR/SHAKEN and trusted entity verification will provide a way for legitimate companies, which are often spoofed by scammers, to separate themselves.