This article is part of the iA Think Differently series. Written by or recorded with members of the iA Innovation Council, the series of articles and videos showcases thought leadership in analytics, communications, payments, and compliance technology for the accounts receivable management industry.
As timelines for STIR/SHAKEN implementation, mandated by the TRACED Act, move closer and closer, conversations about call authentication through STIR/SHAKEN have started to trump conversations about call blocking and labeling analytics. There is a lot of information published online about STIR/SHAKEN, some technical, some hypothetical, but our purpose here is to discuss the challenges associated with STIR/SHAKEN call authentication and the enterprise caller.
Let’s start with some definitions. In the STIR/SHAKEN standard, “Verified Caller” is the end result to be presented at the terminating side of the call. This verified status will be visually depicted on the called party’s mobile device with a graphic icon such as a green checkmark, which will let you know the calling party (ex. USA Hospital via the phone number 111–222–444) has been verified through STIR/SHAKEN.
There are data checks necessary to present Verified Caller to the called party. There are also various parties involved in the data checks, as well as two competing solutions proposed by the industry to capture and elevate those data checks to the point of entry where verified calling entities enter the STIR/SHAKEN framework (i.e. the Delegated Certificates Solution vs. the Central Repository Solution).
STIR/SHAKEN KYC ‘data checks’ validate the relationship between who you are and what number you’re using.
To achieve Verified Caller, the STIR/SHAKEN standards define two data checks to be performed by the originating service provider. These involve vetting and verifying the enterprise through a ‘Know Your Customer’ (KYC) process as well as a verification process to ensure the entity is authorized to use the phone number. This may sound straight forward as a concept, but when put to practice in real-world call center examples, it becomes way more complex.
The challenges faced when no one has verified who you are and what number you’re using.
The majority of originating service providers cannot actually attest to the authorized number + verified identity of the call originating on their network for enterprise callers such as hospitals, schools, utility, government entities, and more. This is because the originating service provider does not have a direct relationship with the calling enterprise — the enterprise may be nested a few levels down, behind a BPO and a CPaaS provider, for example. Therein lies the complexity of the originating service provider “vouching for” a business they don’t actually know and have never directly interacted with. This is where the KYC process is required to connect the dots between the originating service provider, and the brand actually represented in the call (the enterprise caller) and its associated phone number to be displayed to a called party.
Point of Entry to Endpoint — The Call Journey
So where does all of this magic happen?
Through STIR/SHAKEN, the entry point for the verified calling enterprise (number + identity) sits on the originating carrier side. The identity of the enterprise needs to be elevated up to the originating service provider (OSP) in order for the OSP to pass the Verified Call through the network over to the terminating side. Without the elevation of the caller’s identity (plus phone number), the OSP will not be sure who is actually behind the content of the call, and will not be able to fully attest to the verified (or not) status of the call. This is a gap that can be filled with a KYC process to verify the relationship between the various parties.
The STIR/SHAKEN Verified Caller endpoint, where the depiction of a Verified Call visually takes place, happens on the terminating carrier side. This carrier is oftentimes different than the originating carrier and thus relies on the authenticated information passed from call origination to call termination.
The challenge in the standards and in the industry is how to securely and reliably identify the calling enterprise alongside the appropriate phone number and elevate this trusted relationship to the point of entry for STIR/SHAKEN call signing at the terminating side.
Whether you are an enterprise caller, BPO, CPaaS, RespOrg, or service provider, multiple stakeholders play a role to coalesce the enterprise identity and phone number and elevate it to the entry point. There is no one solution, and no one organization is responsible to make this happen; it is collaborative.
To facilitate this collaboration and open, transparent discussion, Numeracle brought a panel of STIR/SHAKEN subject matter experts together on June 18, 2020 for a virtual event titled: “How to Become a Verified Calling Enterprise in STIR/SHAKEN.” To view the video introduction to this event, as presented by Numeracle Founder and CEO, Rebekah Johnson, inclusive of topics we’re covered here in this article, see below.
Introduction to Becoming a Verified Calling Enterprise in STIR/SHAKEN, presented by Numeracle
Rebekah Johnson is CEO of Numeracle, a technology company that provides a path for legal callers to prevent the improper blocking and labeling of their calls, and ensures trusted callers are vetted, verified, and properly identified across the calling ecosystem.
The iA Innovation Council is a collaborative working group of product, tech, strategy, and operations thought leaders at the forefront of analytics, communications, payments, and compliance technology. Group members meet in person (and lately, virtually) several times each year to engage in substantive dialogue and whiteboard sessions with the creative thinkers behind the latest innovations for the industry, the regulators who audit and establish guardrails for new technology, and educators, entrepreneurs and innovators from outside the industry who inspire different thinking.
2020 members include:
Absolute Resolutions Corp.
AllianceOne Receivables Management
Capital Collection Management
Crown Asset Management
Enhanced Recovery Company
Healthcare Revenue Recovery Group
NCB Management Services
Phillips & Cohen
Professional Finance Company
Radius Global Solutions
Spring Oaks Capital
State Collection Service
The CMI Group