STIR/SHAKEN Is a Trust Signal, Not a Panacea
On July 1, 2021, STIR/SHAKEN made the practice of high-volume calling campaigns conducted by automated caller ID spoofing less effective. Consumers have more reason to trust phone calls again, thanks to how STIR/SHAKEN distinguishes legitimate calls from questionable ones.
Neustar has been an integral partner in the long path to implementing STIR/SHAKEN: a co-author of STIR, a contributor to SHAKEN, and the exclusive host of the ATIS Robocalling Testbed for validating STIR/SHAKEN implementations. As a result, Neustar is uniquely qualified to distinguish between functions where STIR/SHAKEN excels, as well as operations requiring other solutions.
In addition to spoofed robocall scammers, STIR/SHAKEN also addresses fraudsters who use call spoofing to attack call centers. The framework can provide inbound call centers with an additional data element to evaluate the authenticity of a calling phone number. This information can help establish the identity and authenticity of inbound callers and help inbound contact centers to strategize treatment for callers.
However, call centers must still contend with additional types of fraud that hinge on the identity of the caller and decide how much rigor to apply when authenticating callers. STIR/SHAKEN serves as an input to, but does not displace, inbound caller authentication solutions. Organizations that confuse STIR/SHAKEN as an inbound caller authentication solution invite risk of fraud loss, frustrated customers, and operational waste.
STIR/SHAKEN and inbound caller authentication
STIR/SHAKEN brings to the phone channel one of the internet’s bedrock principles: digital certificates. In the internet’s early days, users could be tricked into thinking that they were visiting one website when they were in fact visiting another. Users needed assurance that they were browsing the website they intended to visit.
Digital certificates solved that problem. They attest to the user’s browser that it is visiting the correct website. This assures the user that, for example, her browser is in a legitimate session with her bank’s website. Digital certificates do not authenticate user identity to websites. That is left up to each website.
STIR/SHAKEN uses the principle behind digital certificates to indicate whether a caller has the right to use a given telephone number. Knowing how a call originated in the network is a useful signal of trust. However, inbound call centers require more signals and analysis to authenticate callers.
Authenticate inbound callers with their phones
Forward-thinking enterprises incorporate STIR/SHAKEN data with an inspection of the caller’s device to authenticate caller identity. When the calling phone is confirmed as authentic and the ANI matches the reference phone number on file, then the call center can determine that it is engaged in an authentic call with the customer’s unique, physical, legitimate phone. (This is identical to the way that credit cards facilitate cashless transactions.) If the caller’s device is not unique and physical, then other signals can support a risk assessment such as STIR/SHAKEN data, calling history, call routing, and line type.
Device-based authentication completes before the caller hears "hello," making it faster and more secure than knowledge-based authentication (KBA), the current de facto method of authenticating inbound callers. Trusted callers take less time to authenticate and can access self-serve options that are too risky with KBA: account transfers, contact information updates, and PIN resets. Shielded from social engineering attacks, agents can focus on speedy resolution of more complicated matters. Only the smaller remaining pool of unauthenticated callers experience friction or diversion to the fraud department. Combined, this optimizes expensive fraud-prevention personnel and resources, sends a reassuring message to trusted callers, and focuses agents on helping callers.
How Neustar can help
Neustar Inbound Authentication establishes an optimal level of trust for each caller by combining an inspection of the caller’s device with a risk assessment of the call’s signaling data. Callers who pose a risk of third-party fraud cannot manipulate or bypass the process.
Because STIR/SHAKEN attestations transmit via call signaling data, it is a perfect complement to Neustar’s pre-answer authentication approach. Forward-thinking inbound contact centers leverage STIR/SHAKEN data with Neustar Inbound Authentication to mitigate fraud, improve customer experience, and increase operational efficiency.
