Using Rich Call Data to Restore Confidence in the Origin of Calls

You do not need to read an industry journal to know there has been an increase in the number of phone calls with a calling line identification (CLI) that has been spoofed. Many of us can gauge the rise in CLI spoofing by simply thinking about the bogus calls we have personally received. Some sensible actions are being taken to address the problem, including the increased use of do not originate (DNO) lists of phone numbers that are associated with banks, government agencies and other important institutions. If you were to receive a call that shows a number on a DNO list then the CLI must have been spoofed, and this means telcos know such calls should be blocked before you receive them. But banks, governments and others will still need to make outbound calls from time to time, so what can be done to reassure recipients that those calls are genuine? One new method gives the recipient much more information about the originating party before they accept the call. Suppose your handset showed you the name of the organization calling you, the logo associated with that organization, and even presented a short description of what the call will be about. That would restore a lot of trust, and would also help to increase the number of calls connected. Such a technique now exists, and it uses Rich Call Data (RCD).

RCD is added to a call in the form of a digital signature which is passed from network to network amidst the SIP signals used to manage the call. It is built on the same technical foundation as the signatures used for STIR/SHAKEN. However, I believe it benefits from one major pragmatic advantage over STIR/SHAKEN that has nothing to do with technology. The adoption of STIR/SHAKEN in the USA, which only became mandatory a year ago, has been hugely undermined by inadequate know your customer (KYC) controls, with the result that enormous numbers of bad US calls are being ‘authenticated’ using STIR/SHAKEN. One reason why STIR/SHAKEN has failed to generate new confidence in the origin of a call is because it is an expensive industry-wide burden that offered no way for telcos to increase the value of a call to anyone. In contrast, if you run Wells Fargo Bank, or a telecoms company that provides them with services, you would have a very clear incentive to sue anybody using RCD to impersonate Wells Fargo Bank. Telcos should have the motivation to impose more stringent KYC requirements on RCD customers, for fear that a new revenue stream will otherwise be destroyed. Treating RCD as a special addition for a few selected customers, instead of an obligatory addition to all phone calls, means the customer can reasonably be asked to pay a premium, which also means more can be spent on KYC.

That is my outline evaluation of the economic argument for RCD, but many readers will also want to understand more about the technology. I cannot help much with that, but last week I learned more about RCD from a veteran telco engineer who is a passionate advocate for RCD as well as having the experience of leading the implementation of the STIR/SHAKEN technology for Sprint. It seems the first Tuesday Talks podcast involving me and Pierce Gorman, Distinguished Member of the Technical Staff at Numeracle, went so well that Pierce and Numeracle asked me back for a sequel. But as my limited knowledge was exhausted during that first show, I turned the tables by asking Pierce questions about RCD for Global Call Authentication Domination Part II. If you missed the live broadcast on Tuesday, August 30 then you can listen to the recording below. And if you are enjoying the series then Part III is coming very soon, and will also feature Jim McEachern of ATIS. That could lead to a spicy three-way debate, as Jim has previously written for Commsrisk to challenge my criticisms of STIR/SHAKEN. The show will be broadcast live on Tuesday September 13, so please register if you want to ask questions. In the meantime, be sure to enjoy the recording of Part II below, in which Pierce crams a lot of information about RCD into just half an hour.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.