STIR/SHAKEN and Inbound Authentication: Better Together
STIR/SHAKEN usually comes up in the context of outbound calling and improving answer rates. However, information and attestation levels gleaned from STIR/SHAKEN also provide value with inbound caller authentication.
Inbound call centers face multiple fraud vectors that revolve around the identity of the caller. In those cases, STIR/SHAKEN serves as an important input for existing call analytics tools. The combination makes it harder for fraudsters to take over consumer accounts through call spoofing—a common tactic bad actors employ to attempt to impersonate customers by pretending to call from their phone number.
As STIR/SHAKEN improves detection of spoofed calls, fraudsters will likely adopt other phone fraud tactics that do not rely on call spoofing, such as virtual call apps. Virtual calls—enabled through web-based calling services (e.g., Skype and Vonage), Google Project Fi (routed through T-Mobile or U.S. Cellular), or a business PBX—are anonymous and inherently impervious to spoof-detection technology. Criminals use these apps to evade detection and pretend to be a real customer calling from a number not in the account record.
Because of increasingly sophisticated fraud tactics, inbound contact centers end up treating all inbound callers with caution—requiring more time and resources, and adding unnecessary friction to the customer experience.Organizations that do not adequately adapt to these dynamics invite the risk of fraud losses via account takeover, and revenue losses via subsequent customer attrition.
Nearly all these problems are eliminated if callers can be authenticated before reaching the IVR or an agent. Neustar Inbound Authentication turns callers’ phones into an ownership factor of authentication, inspecting the caller’s phone to confirm that the device is physical, unique, authentic, and registered to the claimed ANI. In tandem, the solution inspects and confirms the call between the calling phone and the contact center. Identifying and authenticating callers this way—before callers hear “hello”—reduces fraud risk, improves customer experience, speeds call resolution, and reduces IVR-to-agent transfers.
STIR/SHAKEN serves as an input to, but does not displace, inbound caller authentication solutions that must assess all threat vectors. Organizations that confuse STIR/SHAKEN as an inbound caller authentication solution invite risk of fraud loss, frustrated customers, and operational waste. To mitigate these risks, Neustar published a “frequently asked questions” (FAQ) document, which addresses the following questions:
- What is STIR/SHAKEN call authentication?
- Must carriers implement STIR/SHAKEN?
- Does STIR/SHAKEN protect inbound call centers from phone fraud?
- Will STIR/SHAKEN stop all phone-channel account takeover attempts?
- What type of STIR/SHAKEN data will enterprises be able to obtain?
- How will enterprises obtain STIR/SHAKEN data to assess calls?
Neustar is an industry-leading pioneer in call authentication. As the co-author of STIR standards and early contributor to the SHAKEN framework, Neustar plays an ongoing leadership role in defining industry standards with ATIS, IETF, and CRTC. We provide the industry’s reference implementation of STIR/SHAKEN as the exclusive operator of the ATIS Robocalling Testbed, where real-world STIR/SHAKEN implementations are tested for interoperability. Neustar leads the industry in commercial call authentication deployments. Visit the STIR/SHAKEN Resource Hub to learn more.