Restoring Trust to the Phone

[00:00]

Abe: And restoring trusted communications and especially in today's challenging and often remote environment, a phone channel is critical. Robocalls and scams are an epidemic as 88% of business calls to consumers go unanswered. It's no longer just a nuisance; there's a threat to public health and safety and some say have destroyed trust in the phone. So, what are the critical steps in the process of restoring trust to the phone like vetting services, robocalling mitigation, and branded call display? Joining this executive broadcast that will delve into the latest on robo-calling and what industry is doing about it are Linda Vandeloop, she's Assistant Vice President External Affairs Regulatory at AT&T. And next to her is Jimmy Garvert, he's Senior Vice President and General Manager of Caller Identification Solutions, that at Neustar, and welcome.

Linda: Thank you.

Abe: Thanks for being here—again, Linda with AT&T and Jimmy with Neustar—thanks for your time today. So, Linda, I’m going to start with you, if you can give us the current state of STIR/SHAKEN—and again, for our audience, if you can just give us a brief overview of what that is, and then more so the current climate behind or around trusted communications.

Linda: Okay, so to start out, it's really important to note that STIR/SHAKEN will only confirm that a call is not spoofed. So, scammers have already started to use blocks of numbers to make the calls directly, the unspoofed calls. So, we need other tools in addition to the STIR/SHAKEN like analytics to confirm or enable blocking and labeling, traceback to find the source of the calls, and also enforcement to get them to stop. But, for STIR/SHAKEN, the industry is well on its way to implementing STIR/SHAKEN in their own networks. And we've had to develop a process so that we could securely exchange the STIR/SHAKEN enabled data. And so what we needed to do is set up an industry-run governance board. And this governance authority is made up of a board of service providers representing all segments of the service provider industry, an administrator, and a technical committee. And so that board sets the policy and this is a group of people who've worked very hard together. And as I said, it's all segments of the industry. And you know, it can be a contentious industry. And some of the some of the members of the board have never agreed on any issue. But, this has been such an amazing, committed, dedicated, collaborative process. We've made a lot of progress in setting the policy and setting up the policy administrator that handles the day-to-day operations that authorizes or approves the service providers' ability to get a token and also approves a certificate authority that works with the service providers to make sure that the calls are authenticated and exchanged with other service providers. So, there now is 54 approved service providers and, seven certificate authorities. And so the process is well on its way. And the traffic is starting to be SHAKEN STIR enabled.

Abe: Hmm. Interesting, Jimmy?

Jimmy: Yes, from Neustar perspective, we've been honored to be the exclusive provider of the NS Testbed which enables basically testing of any carriers or service provider solution in a STIR/SHAKEN environment. And so what we've seen is well over 60 participants that have shown up to start testing and trialing out their services. And now Neustar is the largest provider of this call authentication software in the marketplace today. And so, through that angle, we've been able to see now billions of calls a month are now STIR/SHAKEN enabled. So, there's been a significant amount of progress being made on getting this foundational call authentication framework in place.

Abe: Of course, CSPs, communication service providers are really tasked with meeting these regulatory requirements and implementing STIR/SHAKEN as you mentioned. There's a sort of a deadline actually around June of 2021. How are you working towards that?

Linda: Well, AT&T has started working on implementation years and years ago with the development of standards. We've been exchanging testing and exchanging traffic with others since 2018, I believe. It was a big infrastructure commitment, we had to make some changes to our infrastructure, to the software. And so we've already started exchanging the traffic.

Abe: So, Jim, you're saying CSPs really help empower enterprises and also protecting consumers clearly.

Jimmy: That's right. And so when it comes to STIR/SHAKEN, it is a framework that works incredibly well at the consumer level, being able to have that one-to-one relationship between a carrier and that consumer. And then there are more difficult challenges to solve, the enterprise marketplace. Because enterprises can have multiple lines, utilize multiple carriers, and creates a more complex situation. But, what we've seen is the carriers really taking on that challenge. And they have multiple ways to enable these enterprises to be able to attest to their calls at the highest level, to have that kind of, enable that framework that is there. And so ultimately, that helps the end consumer because the end consumer wants to know who's calling them and then ultimately, why they're calling them. And so we have really seen over these past couple of years, the focus of the carrier community work on establishing the framework, get these calls, especially consumer calls' side, and then enable different capabilities to solve for it in the enterprise marketplace.

Linda: Just wanted to say that one of the challenges, too, is we need to evaluate every process that we implement, because we don't want to open the door to the scammers and because they're always looking for that crack in the door to open it up. So, we want to make sure that anything new that we implement has the same security that we've implemented with the STIR/SHAKEN.

Abe: So, another critical step towards restoring trust to the phone is something called robo call mitigation. Certainly a number of solutions around that. Linda, I'll start with you. What are some of those solutions?

Linda: So, robo call mitigation is based on the tray stacked where that establishes your process for providers to get an extension for the non-IP portions of their network, as STIR/SHAKEN only works on the IP portions. And in order to get that extension, the service provider must implement a robo call mitigation program to prevent robo calls from originating on the network. And so that involves vetting of customers before they establish service, making sure they're reputable, monitoring the traffic and looking for suspicious traffic patterns. And when those are identified, then do some investigation and take action as appropriate.

Abe: Jimmy, robo call mitigation, what does that mean to Neustar.?

Jimmy: Yeah, from a Neustar perspective we help enable carriers with the analytics that Linda was referencing is that you want to be able to understand the traffic that is originating off of your network and making certain that you're participating in the appropriate actions to prevent any illegal phone calling that is happening. And one of the other capabilities, though, that is out there is the ability then to upgrade those services to actually inform your customer as well on the inbound traffic to them, where you can pre label the call in the base caller ID field that's been out there for 30 years, carriers are not implementing solutions where they will better inform with a spam question mark or some sort of identifier down to the end consumer. So, on an inbound level as well, they can have better understanding and better trust associated with those phone calls.

Linda: And just want to say there's lots of options for the analytics. AT&T does a good deal of their own analytics, as well as using other service providers or other analytics companies.

Abe: I want to get to another critical step towards, again, restoring trust to the phone: vetting services. Jimmy, will start with you on this one. Kind of walk us through how CSPs and also enterprises can really keep legitimate calls legitimate or identified, rather, and keep the bad actors out as well.

Jimmy: That's right, this is something that is a critical component. So, now that the framework is in place, and the sharing of this information that's signing in the calls, one of the first steps is making certain that you validate the entity they are, that they have the ability to utilize those phone numbers that they have. And then what are the types of calling call campaigns that they will be utilizing. And then ultimately, as well having the follow up capability and analysis of the bets. So, when a number starts to look bad, how do you pull that out, not give it the highest level out of station, and then make certain that you do a review of those respective numbers. So, vetting is a key, key, component to make certain that all the actors are playing in this ecosystem the right way and making certain that trust is restored in this STIR/SHAKEN ecosystem.

Linda: So, that the most important aspect of the vetting services is, as Jimmy had mentioned, that enterprises have different several different companies often. And so AT&T may have a customer who is using a number that they got from another provider. So, we want to be able to give that customer, it's a trusted customer, and a attestation. So, if we have a source that can tell us, yes, that customer has the right to use that number, then we can give that enterprise and a attestation. And that helps with the trust of the telephone call.

Abe: Jimmy, I want to go back to you. Let's talk about branded call display, really leveraging the valuable real estate on the smartphone screen, to provide context and identity. Can you expand on that a little bit?

Jimmy: Absolutely. And so, as this framework is being put in place, and call authentication is coming in, it's an opportunity, unique opportunity to revolutionize voice calling. So, the phone app on a smartphone is the least updated app in the history of the smartphones, ironically. And now call authentication provides that opportunity to leverage the real estate to provide more information, identity, and context. But, the important aspect is call authentication has to be there because, if not, you're just providing better scams to the end user. And so, what we've seen over the past few months is, with an example, is the contact tracing. So, we're working with over 30 states today, helping them with their contact tracing needs. And that means we're now able to help authenticate some calls for them and making certain that their names show up on mobile devices, where historically it would just be a number. So, what we've been able to see in some of these examples is a significant increase in the answer rates. So, it's very important to be able to have kind of that new capability to get these critical calls answered. And so, what we'll see over this next year or more, is an increase of enterprises using this manner of getting their calls authenticated and then presenting more information down to the end consumers, just starting to create that trust back in the voice calling channel. And we've seen this across multiple operators as well as Google. So, in September, Google announced their ability to support enhanced displays on Android devices. And they will be looking to continue to expand that type of feature functionality over the next couple of years.

Abe: Anything on branded call display?

Linda: Yeah, it's just we again, want to make sure that any additional information that we provide to the consumers has the same security as we have implemented with the numbers. We want to make sure that the next the next big scam is not the name spoofing. And so, we want to make sure as we roll it out that customers trust it.

Abe: Yeah. Linda, I want to wrap with you and then, Jimmy, if you could sort of piggy-back on this. I'm going to read this off my sheet because it's a long acronym. The FCC recently engaged the North American Numbering Council's Call Authentication Trust Anchor Working Group, they suggested some best practices. Can you just expand a little bit on what those best practices are, and what will be the impact of those?

Linda: Well, it's basically what we've been talking about. So, it was best practices to give some guidance to all service providers. We've all had different levels of experience in implementing and developing tools to stop the bad robo calls. And so what the best practices are, they're best practices for vetting or robo call mitigation, which would be vetting a customer and it goes into detail about the type of vetting you would do for each type of customer. So, a residential customer you may not need to gather as much information. And the best practices for monitoring the network and taking action. Also looked at best practices for vetting the enterprise customer to make sure they are authorized to use the number and the different types of vetting that's available there. As well as best practices for caller ID authentication, implementing STIR/SHAKEN and authenticating the number and verifying that the number that was passed to the service provider has been verified has been authenticated.

Abe: Jimmy, these best practices?

Jimmy: Right. So, it's one that from an industry perspective, Neustar been able to sit in this marketplace for many years as a neutral provider across hundreds of carriers. We also have relationships with thousands of brands and enterprises that are out there. And so, we've been able to see kind of this evolution over the past four years. It started many years ago, Neustar helped co-write the STIR standard and then worked with the likes of AT&T and multiple other carriers in developing the SHAKEN framework, to implement this call authentication that's in place. As Linda said, vetting is such a critical component now of making certain that you get the most out of this framework that's in place. And so that kind of working group has shown kind of the best practices that are there, and this is a contentious group of people that don't always see it like, but this is best practices now that they've agreed upon that helps people ultimately get to where they need to be, which is driving trust back into this marketplace. And so, what we've seen is, working with the carriers, we've vetted hundreds of enterprises now to be able to enable that across the different analytics engines, as well as starting to raise the attestation in STIR/SHAKEN. So, we're excited about the progress that's been made in this market; it really has been a true team effort and collaboration across both the government regulatory as well as the carriers and enterprises coming in. So, being able to look across this broad group of individuals, it's really nice to see kind of the focus that's been there. And trust is on its way back into this voice calling marketplace.

Abe: You hear about trusted communications and restoring trust to the phone and you know, most people would automatically think of consumers and certainly that's the most important area to focus on. But, clearly, there's a huge discussion between the CSPs and solution providers like Neustar, and that's why we wanted to have both of you on this discussion. Hopefully, a lot of people out there have a chance to watch this and sort of get the discussion started and maybe furthered, because Linda and I have done this before, about six or eight months ago. So, I'm sure that discussion will continue. Jimmy, I wanted to say thanks so much for your time, and also thanks for supporting this discussion; it wouldn't have been possible without Neustar.

Jimmy: No, I really appreciate the time today.

Abe: I appreciate it. And Linda, it’s always great to have AT&T with us, but especially good to have you with us.

Linda: Thank you.

Abe: And thank you again to our speakers on this executive broadcast called Restoring Trust to the Phone. For this broadcast on demand and all of our executive sessions, please log on to thenetworkmediagroup.com. So long.

[16:53]