Understanding the real perception of consumer trust in communications these days is hard to know exactly because so many factors play into it, writes Michael O’Brien, the chief product officer of iconectiv. We do know that 76% of consumers no longer answer calls from unfamiliar and unidentified numbers, letting them drop into voice mail instead. Some contact centre operators say that outbound call answer rates are down 30%.
The global deluge in illegal robocalls, spam and fraud
It’s not hard to see why. In the UK, for example, consumers receive five billion nuisance calls each year, according to Ofcom. Meanwhile, US consumers receive 4.5 billion spam text messages annually. Text spam often includes SMS phishing attacks – called smishing – which has tripled worldwide over the past five years.
Calling line identity (CLI) spoofing enables many of those robocalls and other nuisance calls by exploiting consumer trust in caller ID information. “As well as direct harm from scams, the misuse or spoofing of CLI data can also reduce consumer trust in the system as the CLI is no longer effective as an identifier about the source of the call,” UK regulator Ofcom says. “Without this trust, there is a greater risk of harm, as consumers may be reluctant to accept calls undermining the general utility of the phone service.”
This global deluge of illegal robocalls, spam and fraud ripples into the bottom lines of service providers and their enterprise customers, as well as contact centre operators. For example, US service providers spend over US$10 on each customer service call.
Meanwhile, banks, schools, government agencies and other legitimate organisations waste countless hours of productivity playing phone and message tag with people wary of unfamiliar numbers. There’s also the cost of investigating fraud, such as for customers whose accounts have been hacked after they have clicked on a link in a smishing text.
Illegal robocalls and text spam also can put lives in jeopardy. For example, COVID-19 contact tracers are struggling to reach people who ignore repeated calls and texts from numbers they don’t recognise. That means people who have been infected don’t know, so they continue to expose even more people to the virus. Even during normal times, this distrust can mean a doctor’s office or hospital can’t reach a patient’s family in a timely manner.
Analytics engines and apps help screen legitimate calls
Caught in the net, communications service providers (CSPs), regulators, vendors and other members of the telecoms ecosystem have spent the past several years developing and deploying technologies to mitigate illegal robocallers and SMS fraudsters. One example is use of analytics engines, which look for high volumes of calls originating from a single source.
Voice service providers increasingly rely on analytics engines for guidance about how to treat calls. Another example is smartphone apps that screen calls. But sometimes these apps and engines mistakenly label outbound calls from legitimate enterprises and contact centres as spam.
In fact, some contact centre experts say this erroneous blocking is a major reason for the 30% drop in outbound call answer rates in 2019.
Legitimate calls also are getting caught in the widening regulatory net. For example, in July 2020, France revised its Postal and Electronic Communications Code to require CSPs to ensure the authenticity of numbers used as caller ID for calls and messages. When they can’t verify a number, service providers must terminate routing of that call or message.
Finally, even when legitimate calls manage to get through, many still hit the barrier of consumer distrust. The 76% who let calls from unfamiliar and unidentified numbers drop into voice mail may never hear those messages if they have full mailboxes. And that’s assuming they even set up their voicemail.
How RCS helps telcos nip chatbot fraud in the bud
Fraudsters are always on the hunt for new opportunities, which is why they target emerging technologies. One example is rich business messaging (RBM), the rich communications services (RCS) technology for business-to-consumer (B2C) communications.
In September 2020, more than 473 million people worldwide were active RCS users, according to the GSMA. That broad, rapidly growing adoption makes RBM chatbots an ideal way for businesses to engage consumers. Juniper Research estimates retailers will save US$439 million annually in customer service expenses and drive US$112 billion in retail sales by 2023.
But as the number of RCS users grows, so does fraudsters’ interest in exploiting them. Fraudsters use CLI spoofing to impersonate government agencies and legitimate businesses in text messages, and similar tactics with social media chatbots. They’ll inevitably apply those proven tactics to RBM chatbots, tricking people into believing that, for instance, their bank needs to confirm their date of birth, or handing over their credit card number to what appears to be a major retailer.
For CSPs, another challenge is that RBM is an open ecosystem for businesses of all types and sizes. As a result, enormous numbers of business chatbots will be active on each service provider network at any given time. These volumes make it challenging for service providers to verify the identity of each business using RBM chatbots. But they must because as with SMS and voice calls, consumer trust is key for RBM to live up to its potential. They also must act fast because as a new technology, RBM/RCS has a window of opportunity to establish a strong foundation of trust. RBM highlights the advantages of centralised verification.
How telcos can mitigate fraud and illegal robocalls
The good news is that the telecoms ecosystem recognises all of these challenges and is working on solutions that will help restore consumer trust in communications. One common denominator is that service providers shouldn’t mitigate fraud and illegal robocalls on their own. Instead, it’s much more effective – including in terms of cost – for service providers to utilise solutions created by a coalition of vendors, service providers, regulators and other industry stakeholders.
One example is the GSMA’s RCS Verified Sender initiative, which provides a framework that service providers can use to verify the identity of each business using RBM chatbots. A key component is a verification authority, where businesses would register their information. The verification authority will digitally sign that information to mitigate spoofing, and then share that information – including the business’ logos and other enhanced caller ID information – with participating service providers. By providing the sender’s business name and logo with each RBM message, service providers can make consumers feel confident that the business is legitimate, and the content is authentic. Each fraud-free interaction also grows consumer trust in RBM as a communications channel. The alternative to RCS Verified Sender is self-attestation, where service providers trust self-signed certificates from businesses that they already have relationships with – and unfamiliar ones, too. Those service providers also have the cost of implementing and maintaining public key infrastructure (PKI).
Meanwhile, businesses will need to work with multiple service providers in order to serve all of their customers. As a result, they’ll have to accommodate a wide variety of service provider policies and procedures.
This complexity, cost and other drawbacks are why service providers and the rest of the ecosystem are gravitating toward the centralised approach of RCS Verified Sender. The verification authority reduces fraud risk by providing a neutral set of eyes to authenticate each business. It also provides the kind of comprehensive protection that a service provider can’t achieve with selfsigning. For example, a verification authority has the broad, deep resources necessary to identify fraudsters masquerading as brands that a service provider already works with. Finally, the verification authority frees service providers from the expense of implementing and operating a fully functional PKI and enforcing their own certificate policy.
3 industry approaches to stop illegal robocalls
A centralised, industry-led approach is ideal for restoring consumer trust in voice calls and text messages, too. For example, the secure telephone identity revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) framework provides originating and terminating service providers with a framework for weeding out illegal robocalls and other spam. Service providers use STIR/SHAKEN’s digital signatures to confirm that the business making a call has the legitimate right to use that phone number.
The UK is among the countries considering adopting the STIR/SHAKEN model. “We think it has the prospect of making a very significant contribution to providing assurance about the identity of the caller,” Ofcom said in a 2019 report. Canada and the US have mandated STIR/SHAKEN, which are opportunities for the UK and other countries to study the implementation and effectiveness as they seek to restore consumer trust in communications.
Another learning opportunity is Validating INtegrity of End-to-end Signalling (VINES), a new GSMA work item in the Fraud and Security Group that’s developing recommendations to prevent internetwork signalling fraud, which includes illegal spoofing, toll bypass and other frauds. VINES is exploring how elements of STIR/SHAKEN could ensure authentic internetwork and cross-border calls.
VINES also is an example of industry-led initiatives to ensure that legitimate business calls aren’t mistakenly flagged as spam. Originating service providers don’t always have all the information necessary to give a call the highest level of attestation (A). When calls are signed at lower levels (B or C), some terminating service providers will mark them as spam, while others will block those calls – even when they are from legitimate businesses. Consumers will perceive those B- and C-level calls as less trustworthy and thus not worth answering.
These challenges highlight the benefits of a centralised phone number platform, which service providers can use to get independently verified information about each phone number and the business using it. This authenticated data enables voice service providers to correctly treat each call and present caller information that their customers can trust. Service providers also can combine this trusted data with their existing call analytics tools to further ensure that only legitimate calls are reaching their customers.
Clearly there are a lot of challenges when it comes to restoring consumer trust in communications. But VINES, STIR/SHAKEN and RCS Verified Sender highlight how the industry is coming together to mitigate fraud and spam. Years from now, we may look back at 2021 as a turning point in trusted communications.
Register now to access free reports, webinars, and the quarterly digital VanillaPlus magazine.
