It might be surprising to know that during my time penning this blog, I received a call from “Kate about my small business loan.” It was a recording and when I called the number back, after answering a few details about myself I was routed to a call center asking me for more personal information.
Did you know that the average American received eight robocalls a month in 2018 according to a Statista report? According to spam expert Hiya, there were approximately 26.3 billion machine calls in the U.S. during that time and the numbers are increasing. Although most people understand what a robocall is, it is interesting to breakdown the different types of calls. Telemarketers, spam and fraud accounts for the lion’s share of calls that are made, with fraud accounting for ~25%.
Consumers have been urging the FCC for over two decades to do something as the machines and software get more creative and invasive. The good news is there is a new solution called STIR/SHAKEN on the scene, and although it doesn’t prevent robocalls, it does prevent caller ID spoofing, which is the largest component to the calling schemes. Mobile carriers and consumers are expecting it to make a noticeable impact.
What is STIR/SHAKEN?
STIR/SHAKEN is a framework of interconnected standards and are acronyms for Signature-based Handling of Asserted Information Using toKENs (SHAKEN) and the Secure Telephone Identity Revisited (STIR) standards. This is a fancy way of saying someone would place an outbound call which would contain a certificate verifying that the call is indeed coming from the number it claims to be coming from. The phone call is passed along to the incoming carrier (which would then verify the public key against a heavily encrypted private key. A policy administrator, run by the telecom industry with oversight from the FCC, would manage distribution of certificates to ensure it is run seamlessly.
Nuance’s Simon Marchand, Chief Fraud Prevention Officer on Impact
Simon, as someone who is on the front lines of carrier fraud, what are your thoughts on how these new protocols will fare and any potential impact for carriers?
“Carriers have been in discussions around finding a way to stop unwanted spoofing for years now. Not only is it an issue for consumers who receive unwanted calls or fraudulent calls, but spoofing can also be used by fraudsters against businesses. STIR/SHAKEN is the result of years of discussions and reflection and it provides a series of rules that will now have to be followed by carriers within countries implementing it. Theoretically, it should prevent fraudulent spoofing and is a step in the right direction, however we fear it may have limited impact. We expect to see fraudsters simply move to countries not under STIR/SHAKEN protocols; they will simply initiate their fraudulent calls from there. The measures in STIR/SHAKEN can’t prevent cross-border spoofing, unfortunately, but we are hopeful there will be some impact.”
Although STIR/SHAKEN will not be a panacea, what tools does Nuance provide that can help carriers prevent fraud?
“Nuance is helping businesses protect themselves in many ways. Whether it is through the implementation of partner technology helping to detect spoofing or by providing IVR technology that makes businesses less vulnerable to specific fraud attacks using spoofing, we are always working to stay one step ahead of fraudsters. Not only do we stay ahead in terms of technology, but we also work closely with our customers to make sure we’re aware of emerging fraud trends. We can then find mitigation measures and best practices to share with our entire customer base — making sure we work together to stop fraud.
Additionally, Nuance has world class voice and behavioral biometrics solutions that can not only help prevent and thwart fraud, but also allows carriers to reduce contact center costs and reduce customer friction. “
Thank you, Simon, for your time and all you do to help carry the message to mobile carriers across the globe. It looks like STIR/SHAKEN will be a nice addition but will not solve all the carrier spoofing or fraud issues and requires an on-going, constantly living and breathing attack with technology and relationships to continue to keep subscribers safe and confident with as little customer experience impact as possible.