Registered Caller™ & Centralized Telephone Number Registry
CommTech Brief subscribers receive session directly, on August 25th. Sign up for Daily CommTech Brief here.
The Registered Caller™ industry-backed centralized telephone number registry helps maintain the integrity of one of our most important methods of communication – voice calls – by providing Voice Service Providers with a single source of truth for verified caller information.
Executive Speakers:
Andrew Jurczak – Principal Member of Technical Staff, AT&T
Linda Vandeloop – AVP External Affairs/Regulatory, AT&T
Chris Drake - Chief Technology Officer, iconectiv
John Marinho - Vice President, Cybersecurity & Technology, CTIA
Full Transcription
Host: Register caller, the nation's new telephone registry from CTIA and iconectiv helps call centers and enterprises mitigate robocalls and increase their call answer rates. This energy session we'll discuss the registered caller and centralized telephone number registry and how it helps maintain the integrity of one of our most important methods of communication, that's voice calls that by providing voice service providers with verified caller information On this session is Andrew Jersey, he's a principal member of the technical staff at AT&T, also from AT&T is Linda Vandeloop, she's associate vice president of external affairs and regulatory. We also have Chris Drake, he's chief technology officer at iconectiv and lastly, we have John Marinho, he's vice president of technology and cybersecurity at CTIA and they represent the US wireless communications industry, and everyone welcome to the program.
All Guests: Thank you very much. Thank you.
Host: Thanks for being here, it's good to have all of you on this topic at one time. Linda, I'm going to start with you if you don't mind. So what is the state of play of robocall mitigation and also STIR/SHAKEN and how is the industry really making positive headway in these arenas?
Linda: Thank you. Yes, the industry has been working very hard for many years and most recently the FCC requires that by June 30th, 2021, that all providers must certify that they've implemented STIR/SHAKEN on the IP portions of their network and they have a Robocom mitigation program to avoid originating illegal robocalls on the non-IP portions of their network. We also were required to commit to certify that we will cooperate with traceback, which is the process, the industry process to trace back calls to the source, illegal robocalls, and to work with enforcement to mitigate those illegal robocalls. We are also required all terminating and intermediate providers are required to, prohibited actually from accepting calls from any provider who is not certified in the FCCs robocall mitigation database. This is a great development, as I said, the industry has been working very hard, but this puts everybody on the same playing field and requires that we all have a robocall mitigation program.
As these robocall mitigation programs are implemented, which require vetting customers when we sign them up for service, monitoring our network to detect suspicious calling patterns and to take action when we identify those patterns. Made a lot of progress, over 3000, the last time I looked there were over 3000 service providers who have certified in the database. Now it's not quite 3000 since some providers are certified for multiple operating companies, but it's quite an impressive number of service providers. Also over 300 service providers have been approved by the industry governance process for exchanging STIR/SHAKEN information and putting the attestation levels on the calls. In addition, we continued to make improvements and mechanized the traceback process, as well as we continue to provide consumers with tools to block and label calls, as well as we do our own network analysis to identify suspicious calling patterns, and then take action when we identify calls that have been sent to our network that may be illegal robocalls.
Host: So Andrew from a technical vantage point and of course AT&T's perspective, do you have anything to add to Linda's comments?
Andrew: Just to really reiterate those first points that Linda made concerning the implementation of STIR/SHAKEN by the June mandate. So certainly AT&T and the other service providers had just put in an incredible effort to implement STIR/SHAKEN on the IP portions of their network to do inner carrier testing, to make sure shaken works end to end and I think the industry has done a fantastic job in the meeting of the June 30 mandate.
Host: Perfect, and Chris Drake from iconectiv, certainly behind this initiative your comments as well.
Chris: Yes, so I think this formal phase one of meeting the mandate was an enormous amount of work and a great achievement. We all know there's more to be done. In parallel, the industry's been working on phase two requirements which are being considered by the governance authority as well in terms of enterprise calling, toll-free numbers, rich call data, emergency preparedness number calling with still authentication. So there's still quite a bit going on to improve on what we just launched now, which was, as I said, enormous. Lots more to be seen.
Host: And John Moreno, of course, CTIA very much behind or behind registered caller. Any comments on the state of play of robocalling and STIR/SHAKEN?
John: I would add to what you heard from the other panelist that it really is a testament to the industry coming together and really focusing on an issue that really affected consumers and really impacted the ability to use voice communications and the industry has demonstrated how, again, it could come together, really focus on this issue, drive a lot of resources. In some sense, despite the fact that it's been some years in the making, actually moved very, very quickly to actually deploy and rollout the STIR/SHAKEN framework capabilities like the registered caller, and to really lay their foundation for subsequent phases to continually improve upon the experience associated with who's calling.
Host: So Chris back to you; at a macro level, can you explain the purpose for the registered caller and centralized telephone number registry and how it provides voice service providers with this verified caller information, and what are some use case examples that you might be able to offer us as well?
Chris: Yes. So just building on what John said about the consumers and how they have suffered under this onslaught that's lasted for years, and frankly they've stopped answering the phone. So the problem that remains after phase one of the deployment is the enterprise voice calls are still subject to a lack of transparency in terms of their authenticness and a resistance to answering the phone. We've got to help the enterprises get their calls answered again. And the problem here is that enterprise voice calls use a wide variety of methods to enter the network and depending on how they did that and whether they used third-party telephone numbers, as we call them numbers from a different provider, it can be challenging to give full authentication full attestation as Linda called it to that call and the caller ID. If you can't give full attestation, I have to say bluntly, that this is a second-class call and those with full attestation are going to be trusted and be given better treatment and the enterprise wants to play with equal footing there fundamentally.
Use cases, there are plenty of them. You may have a PBX, a private brand exchange with multiple circuits into the voice network on different operators for say for perhaps a resilience, if there was an outage, or perhaps for economic leverage, procurement leverage, but in any case, it's common practice and if you make that call on one circuit using the telephone number, given by a different carrier, there is no automatic verified association that one could use as a service provider to a test fully. So supplementary information is required. It has to be considered rigorous and sufficiently sound to be a source of truth of this verified association and then a carrier can use that to elevate a lesser attestation to full attestation A. Contact centers, or any time that an enterprise outsources their voice calling to another party might be a cloud communication provider, C pass, maybe a contact center, maybe something else that could be using a circuit, which is not the same carrier that assigned the number used as the caller ID. So these are some of the use cases which there are plenty of them that would cause the problem.
Linda: If I can add an example, a real simple example would be an AT&T customer who makes their outgoing calls from AT&T's network and they want the customer to call back to a call center on another carrier's network. So the caller ID shows a number that we did not assign that customer. So with a trusted source, a trusted database, we can look up and say, oh, yes, that's been vetted and we know this customer is legally authorized to use this number and so we can put an attestation on it.
Host: John with CTIA, the impetus behind registered caller that we've already kind of gone over if you want to add something but more so, these use case examples for the registered caller as well.
John: What I will say is, is that it really was driven by the vision that our members had around putting in place a trust model that you heard Chris and Linda talk about and making sure that that information is properly validated and vetted and provided downstream to the carrier so that indeed the carrier can with confidence provide for that level of attestation because they know that it's coming from a trusted source. We also heard from many of the enterprises that we worked with, that they wanted a common industry resource. They did not want to look at having to register their numbers, their resources, three, four, or five different times with was four different organizations or four different vendors, but actually to have one common industry resource that they can use and rely upon to provide that trust model downstream. We heard that directly from very large enterprises, we heard that from call centers. We heard that from across the entire ecosystem because they have a diversity of use cases. They have the need for a great deal of flexibility, but again, they want to leverage that common resource, which is registered calling.
Host: So Andrew, back to you, so what is involved and maybe get a little more granular on this one. What's involved in this initiative from the telco and solution provider sectors?
Andrew: So the general issue or the technology that the service providers need to perform as John and Chris mentioned, what the enterprises really want is they want their calls to be answered and one of the ways with STIR/SHAKEN, STIR/SHAKEN has the attestation information we've all been talking about, but STIR/SHAKEN allows different levels of attestation and we've been talking about the AA or the full level, and that is the level, that means basically the calling number can affect the trust number, that the number's not spooked is coming from the correct place. So everybody wants that A-level of attestation. As was mentioned earlier, enterprises present a certain challenge to of service providers, because they can signal arbitrary calling numbers. So when a call originates on AT&T's network from our enterprise, the first thing we have to do is to establish is that calling number, that signal legitimate for that caller.
So in cases where AT&T has provided the numbers to that customer, we, of course, know those numbers and we know the customer and we can give it A-level attestation. But as was mentioned, there are many use cases where an enterprise might've paid telephone numbers from two different carriers, two different service providers and they may send an AT&T a calling number that they have paid from somebody else. On the surface, we would have no way to know what that does a legitimate number for that customer. So that's where ATN registry or such as registered caller comes in. If that call comes into us and we don't know if that number is good, we can then get the information from the registered caller database, if that indicates to us that yes, that number is valid and AT&T you can believe that that is a good number as a result of which we can put full level attestation on that call and send it to the terminating provider.
I would just want to say one of the real benefits or beauties of the TN registry, a registered caller approach really is its simplicity. One of the key benefits to this is enterprises don't need to make any changes to their infrastructure. As mentioned, the industry has a lot of different mechanisms, different ways for dealing with this attestation elevation issue, but a registered caller database, the enterprise just needs to originate the call. They have to sign up with the registry, of course, but they have no changes to their infrastructure. To the service provider, we know that the vetting is performed by the registered caller system. We can then trust and we pull down that information, we know it has been vetted, we know we can believe it and therefore we are very competent to put the A-level attestation on those calls.
Host: Chris, back to you, what do you think about multiple brand registration vehicles in the industry and what types of services and information should a common authoritative industry resource provide?
Chris: Well, so a very quick internet search would find no less than say eight analytic engines that say come and register your business with me, tell me your telephone numbers, I will have the information I share with the industry to treat your call better. Of course, that depends upon which networks a given analytic engine serves. So you end up having to go to potentially all of them. If you're a large enterprise, you called nationwide on all the networks, you would have to find all of those suppliers for all of the networks and get registered. Also, there's a handful just on a quick internet search of other databases or registries claiming the same and saying, come to me and register your business and your phone numbers. So you end up with that fragmentation that John talked about, and the very thing that enterprises don't want is this complexity. But I think I would also say feedback from the carrier community is, well, I don't want to have to integrate all those different sources, either, even if an enterprise was willing to register in every one of them, I don't really want to do this twice, if not 5, 6, 10 times.
So the industry really called for this single source of truth industry-backed subject to governance by the industry and so that's what registered caller does. What should a registered caller TN database do? Well, it should allow a business applicant to register itself and prove its authenticity so an imposter cannot do this registration and claim kind of that record as the enterprise and they should register their phone numbers, which need to be vetted and confirmed to be associated with that enterprise. Frankly it should record what methodology or reasoning for believing that's authentic was done, so there's some traceability about that. It should be available locally to the service providers or their authorized suppliers, agents in order to minimize any postal delay from having to look a number up. And I'd say, lastly, it needs to recognize that enterprises have these complex relationships where they may outsource their calling. They may use a number provided by the outsourced call center, contact center. They may bring their number to the contact center. They may have a C pass. They may have multi-home PBXs. You're going to see this number, show up more than one place in a database and you need to be able to recognize these associations and allow for them when you download the data to the carrier, or even when you're supporting the business rules of such a database to make sure that it's sound, so these are kind of the not exhausted, but the key points, I would say.
Host: John, multiple brand registration vehicles, anything to add?
John: Yes, I would add that one of the key things that we learned from all the work that we've done with large enterprises is that we have to be flexible because every enterprise has a series of requirements in terms of how they're structured internally, how different subsidiary is used, resources that are numbers associated with different divisions, different subsidiaries, there's M and A activities that go on within large corporations all the time and we have to have a platform that accommodates that, that it's flexible, that allows them to, in some sense, accomplish the simplicity that you heard from Andy so that that information is trusted. That information can be delivered consistently with high degree of reliability, but also on the front end, we provide enterprises or agents on their behalf, the flexibility that they need so that it maps to their business needs and maps to how they want to use those numbers in their business to reach their customers in a way that they can achieve the highest level of attestation. Then really, I think those are sort of the key elements that I would add to what you heard from Chris, which is indeed it has to be something that is trusted and a common resource for the entire ecosystem and not something that, again, it's fragmented given the situation that we've seen.
Host: Yes, Andrew, I wanted to go back to you and again, from a technical vantage point, but then really kind of go around the room and get everyone's comment and as well. So again, kind of going granular, drilling down a little bit more, how does the centralized telephone number registry help service providers mitigate robocalls, such as streamlining phone number registration, vetting enterprise customer data to better inform service providers, and to also legitimize callers more easily. And again, we've touched on this a little bit, but if you could just go a little bit deeper on that for us.
Andrew: Sure. So the previous discussion I had really started from the enterprise point of view, so the origination side, but now you're asking about on the terminating side, when we perform analytics and try to determine if a call is a real call. So again, all this really comes back to the A-level of attestation, it's giving as many calls as possible the A-level attestation, such that when those calls arrive at the terminating network and they invoke their analytics to try to determine if that call is legitimate or may possibly be robocall or scam that they have the A-level of attestation. And I think the other key area that had a registered caller type system again provides, and this has been mentioned several times, but it is the trust, it really helps us, the originating a service provider I'm going back now, but to know that the numbers and the information that is in that database, has in fact been vetted thoroughly by a third party. We, the regional service provider, we just have to trust the source of the registered caller. We don't have to trust every single individual customer and every piece of information, we know that that trust and that vetting has already been done on our behalf.
Host: And Linda from AT&T's perspective, anything to add to that?
Linda: Yes, I think what Andy said that makes a good point. I mean, the simplicity and the trust, the standards bodies have come up with several different options for addressing the enterprise, the multihoming issue. We believe that having a bedded central database is probably the easiest way to ensure the security to make sure that those numbers are vetted and so that we can trust, because it's ultimately our responsibility when we put an attestation and give that green checkmark, it's our responsibility. We are saying that you can trust this call. So we really need to make sure that our sources are trusted.
Host: Chris, anything to add as well?
Chris: Yes, I'd love to build on what Linda just said. So this is a source of truth. Now there are many mechanisms you might use to make a call and assert the caller ID, and maybe even more information like the business name and the intent of their call. But the carrier who receives that has to trust it, so we were quickly asked to be the source of truth for delegates certificates, where you can allow an enterprise who makes a call to attest themselves, like self-attestation of what is their number and what is their name, and why are they calling and the carrier who thinks they will trust in that and put their name on the attestation wants a source of truth behind that correlates that what was delegated and used by that enterprise is correct, is truthful. So we did that, we did a very quick proof of concept that proved that use case and shows registered callers as a technology-neutral platform. Truth matters no matter what technical methodology you will use to convey a caller ID and its authenticity and that is the source of truth the industry as chosen and governance in fact. So I wanted to add that.
Host: And John, if you wanted to add anything, but in addition, how can enterprises reach the registered caller in centralized telephone number registry?
John: So the simplest way is just to go to registercaller.com because there on the website, you'll find certainly information that's useful in terms of how to engage with the platform as well as certainly through CTIA as the industry trade association. Because while we look after the wireless industry, we do support registered callers for the entire ecosystem, both wireline, wireless and any carrier or enterprise that wants to leverage that because of the importance that this issue has to the industry, the importance that this issue has to our members. Because we have to bear in mind that there are 33 million enterprises in the United States. And again, we're back to the need for simplicity, the need for a one-stop shop, the need for that common resource to be available to all of the enterprises and then to provide that trusted information to the carriers, to the 30,000 carriers that you've heard Linda talk about earlier. It has to be done with a high degree of reliability, a high degree of integrity, a high degree of security, as well as a governance process that's driven by the industry, a governance process that is under the auspices of CTIA as the trade association to ensure that we're addressing all the key pain points and we're keeping pace with where the industry needs to go when it comes to mitigating illegal robocalls.
Chris: And I think just for clarity, I would say that any carrier of any type, cable, voiceover, IP, wireless wireline can join this community and participate in the governance via CTIA, regardless that they may not be a wireless carrier. So that we've been saying all along, I think it's worth just a quick note to that effect here and that is the truth of it and we are working with some notable non-wireless providers.
Host: Interesting. So I want to finish with sort of a futurist question. I'd like to start with Linda, go to Andrew and then John and then have Chris Drake finish us off there. So service providers and Chris, just mentioned this have really been doing a lot of great work for a long time on combating and mitigating robocalls, really creating another marker for protecting consumers. So what is your take on the future of this effort? Again, Linda, if you can start.
Linda: So, unfortunately as creative and innovative as the industry has been, so have the scammers and so they're always looking for ways around what we do and so we've got to continue to be creative and innovative and we have to build in the flexibility, whether a service provider chooses to use a registered database to help authenticate the calls or chooses to use the delegate cert process that Chris just mentioned, we've got to build in the flexibility and we've always got to be on guard to make sure that we are prepared for any changes that the scammers make until we can work with enforcement and get to the point where we've made it so uneconomical for them to be in business that they find another way to scam people other than using the telephone network.
Host: Yes, that's a good way to put it, Linda. Andrew, anything to add?
Linda: Yes. So I'll just say it again, STIR/SHAKEN is a tool that we're all using and the industry is using to help mitigate robocalls, but it isn't an entire solution, things change. So it's just one of several ways that other providers can work to detect robocalls. Many of us on this call are involved in standards, those standards that have defined a STIR/SHAKEN, they're continuing to evolve add a sip forum, the IPN and I task force three GPP ITF, they're all working to continue to add to that. Basically we're working to cover more and more call types. So standards have just been ratified for supporting shaken on retargeted calls, calls that are forwarded, for example. There's work being done now to continue to extend shaken as mentioned, shaken works over IP right now, but to try to cover calls that have TDM. So carriers are moving to support more calls. The IP interconnect standards are also evolving to add options for outer band shake and for TDM for establishing secure TDM connections, various technologies that again will help to cover more and more calls with shake and then finally just last point international as well. The standards bodies are beginning to develop international standards to begin to support shaken across national boundaries. So I think we'll see that continue to evolve in the industry.
Host: John?
John: So I think Andy said it well in the context, they're tools and these are the tools that we have today that we put in place STIR/SHAKEN framework, registered caller and I think the challenges that Linda raised are spot on in the sense that the scammers and the fraudsters will always try to outmaneuver around the tools and we have to be responsive. We have to continually work to improve the platforms that are being put in place and how do we respond to the threats that are out there and to ensure that we can accomplish the goal that Linda set out, which is to make them choose another mechanism outside of the telephony network to use their exploits and that's what we're really focused on. The good news is, is that we do have a lot of support from the industry across the board on the effort that we have, the governance process has been put in place in coordination with the governance authority and as well as the policy authority that industry has in place and indeed it is that collaborative effort to tackle this problem that I think puts the industry in a good stand in the future, continue to save these kinds of tools and improvements come along as the challenges associated with robocalls change over time because we have to impact with that degree of flexibility to be responsive, to have the threads change over time.
Host: And Chris Drake, we'll wrap with you, the future for service providers in this space.
Chris: I think the panelists that really covered the ground quite thoroughly leaving me very little to add, but I'll just say the federal trade commission's reports that over 70% of fraud, consumer fraud were costing billions of dollars out of the consumer's wallet begins with a phone call. There is so much money being made on this attack vector that they won't go away as Linda said, and Andy and John said, they will continue to innovate and we have to be vigilant. And I connective is committed to evolving the platform according to the changing landscape as directed by the governance process and we're going to have to do that to keep up and maybe get ahead of it in fact, if we're going to drive these attack vectors off the voice channel
Host: Well, it's nice to see iconectiv and CTIA working together on this issue. I know it's been going on for quite some time, but it's really come to a head in the last 18 months where we've been really talking about all the activity around mitigating robocalls and STIR/SHAKEN as well. Again, it's good to have all of you on this topic at the same time. Everyone has their own perspective, and it's important to have these conversations. Again thank you to our speakers on registered caller and centralized telephone number registry for this session on-demand, which will be on August 25th, please go to thenetworkmediagroup.com. So long.
For any inquiries, please email anejad@thenetworkmediagroup.com