If you have a function in the call center industry, and especially if you have any ties to a call center that makes outbound phone calls using an autodialer, you may have heard of STIR/SHAKEN. This blog takes a stab at explaining with as little jargon as possible what STIR/SHAKEN is, how it works, why it is important, how it may relate to your call center operation, and why you might want to know about it. For companies that offer solutions focusing on protecting consumers from spam and fraudulent calls and/or that aid carriers to secure their networks, the introduction of STIR/SHAKEN is a huge opportunity. STIR/SHAKEN also impacts call center providers and any other business that relies on auto-dialers to make outbound phone calls to customers or prospects. Currently, STIR/SHAKEN applies to the US only as it addresses the TRACED Act that passed Congress in 2019. However, Ofcom, the UK communications regulator, and the UK’s Information Commissioner’s Office (ICO), have shown increased willingness to consider the adoption of STIR/SHAKEN. What will happen remains to be seen.
We all know first-hand that bad calls and spam are a real nuisance, regardless of the device you receive them on. But let’s look at some hard numbers – spoiler alert: the numbers will confirm all your suspicions.
Bad Calls by the Numbers: Robocalls, Spam and Outright Fraud
In their yearly State of the Call report, Hiya reports scary numbers around spam calls. According to Hiya,
- there were an estimated total of 157 billion spam and fraud calls in North America (US, Canada, Mexico) and Europe (Germany, Spain, France, Italy) in 2020.
- on average, mobile users received 144 spam calls in 2020, with 58% of these calls determined to be fraudulent.
- phone scams are going global: the most targeted country in Europe was France, with an average of 9 fraud calls per user per month, which is 3X the fraud rate in the US.
The top target group for spam calls was millennials (25-34 years). And unfortunately, spam created by dialers with fraudulent intent is much more than a nuisance and inconvenience (which it definitely is as well). Last year, the victims of spam calls lost on average US $182, with men (average loss: US $297) apparently being more lucrative to trick, than women (average loss: US $109).
Spam calls are often made using a tactic called spoofing. Sounds a little goofy, but the effects of spoofers taking over a company’s phone number and using it for spam or even worse fraudulent calls can be anything but funny. When a business phone number is hijacked and used to make nefarious calls, it is very tricky for the company that is being spoofed to even find out, and even more difficult to do something about it. That is bad, but what is worse is that customers do notice; they may know your phone number has been spoofed and that this can be illegal and is not your fault. But over time, it nevertheless can have negative effects on customer perception, severely damage trust and tarnish the brand of the company that is being spoofed.
The state of affairs has gotten worse over the years even though a number of measures had been taken to reduce or even eliminate fraudulent and scam calls originating with auto-dialers – the most well-known probably being the “Do Not Call” list, supported by other approaches such as call blocking and labeling.
The Federal Trade Commission (FTC; their mandate is to protect consumers and promote competition) and the Federal Communications Commission (FCC; responsible for implementing and enforcing America’s communications law and regulations) play key roles in researching, developing and enforcing laws and policies to improve the situation.
The commissions are widely supported in their objective to improve the customer experience by way of uncovering and reducing dishonest business practices using auto-dialers to the best of their abilities. Businesses that provide solutions that help companies to legitimately reach more consumers include companies like Hiya, TNS, or First Orion. Carriers and wireless providers such as AT&T, Verizon, and T-Mobile – to name just a few of the largest– also have a vested interest in “keeping the network clean”. And, last but not least, contact center providers that offer outbound calling products such as NICE CXone Personal Connection will also support their activities.
So far, the measures taken have not brought the desired results – the estimated number of robocalls per year executed using auto-dialers has gone from 30.5 billion in 2017 to around 46 billion in 2020. According to research from First Orion in 2020, over 95% of participants in a survey said they had received a phone call they believed to be a scam.
Billions of Robocalls and their Unfortunate Results
Given all this, it’s really no wonder that consumers have gotten wary of answering their phones. Hiya’s “State of the Phone Call” report indicates that last year, less than half (48%) of all phone calls received were actually answered.
While perfectly understandable, this situation is a challenge for companies that have an actual reason to use a dialer to make outbound calls to their customers, and for cases where customers would profit from answering those calls. Here are some examples where proactive outbound communication will help both consumers and companies – if consumers picked up their phone and started answering outbound calls again:
- Your financial institution suspects your credit card may have been hacked – they use a dialer to give you a call to confirm whether or not a suspicious charge is legitimate. If it is, then picking up the phone will save you the hassle of having to work thru the process of getting a new card – anyone that has gone thru this will appreciate that avoiding it is a good thing.
- Appointment reminder calls that are usually made using a dialer – especially for medical appointments – are very convenient. We’re all busy and keeping track of work and private activities can be challenging. I actually appreciate a reminder and – even better – the opportunity to change things around should something have come up since the appointment was scheduled. Another use case is when I am waiting for an appointment to be scheduled. The auto-dialer call comes in on a number I have not saved in my contacts and I miss it, assuming that an unknown caller trying to reach me is spam. Then I have to wait for the next available appointment and related phone call that I will - hopefully - answer…
- I am currently waiting for my new glasses – my optometrist will give me a call when they are done so I can pick them up. This is really helpful, especially in the aftermath of the pandemic, where supply chains are still less reliable than they used to be, which can lead to unexpected delays.
- Reaching out proactively using a dialer if delivering an order takes longer than anticipated is simply good customer service. When the person you are trying to reach picks up the phone they will be glad they did.
There are many other cases where consumers will profit from answering an outbound call that originated with an autodialer – while I am definitely not interested in receiving an almost daily call pestering me to schedule a duct cleaning or inform me of something I will never grasp (the IVR used for message laydown speaks a language I cannot even identify, much less understand), there are cases where answering the phone even if it is a dialer-initiated call is actually a good thing. So what needs to be done to separate legitimate outbound calls from an autodialer from robocalls and spam?
STIR/SHAKEN to the Rescue
Some legal background: the TRACED (Telephone Robocall Abuse Criminal Enforcement and Deterrence) Act gave the FCC new tools to fight unwanted and illegal robocalls. It also required the FCC to look into ways and tools to authenticate Caller ID in the voice network. When voice service providers can verify that the caller ID transmitted with a call initiated by a dialer matches the caller’s real number, they can use this information as a data point to decide whether that call should be blocked (if it’s spoofed) or labeled. Widespread deployment of caller ID authentication makes illegal spoofing less effective and enables law enforcement to identify “the bad guys” more easily. In short: STIR/SHAKEN are parts of the framework the FCC needed to better fight robocalls generated by auto dialers.
STIR and SHAKEN are often referred to like being almost one and the same thing. However, they are two different parts of the approach to resolve the growing robo- and spam call issue in the US and Canada. Both are related to dialers and each other, but separate. STIR/SHAKEN requires that a certificate of authenticity be attached to every SIP-signaled call so that, based on this certificate, service providers can recognize whether a call is legitimate or spam, enabling them to handle the call accordingly. In that approach, STIR and SHAKEN play different roles.
STIR is a set of protocols used to create a digital signature for a call. The signature provides information about the calling party and enables the terminating provider to verify the call.
SHAKEN is the framework for carriers to use when they implement IP networks that use STIR. It provides the standards for how STIR is to be deployed by service providers within their networks.
Putting the pieces together, here’s how it works:
- When a call is first initiated by a dialer, the originating service provider receives a request to make a call.
- The originating service provider verifies the source and number of the call and with this information confirms the validity of the call (Full/A, Partial/B, or Gateway/C attestation). For NICE CXone customers, NICE is the originating service provider and will always sign the call at a minimum of B. Signing will be elevated to an A if using a validated CallerID value. CallerID’s are considered validated under the following conditions.
A) Purchased through NICE
B) Ported to NICE
C) Business provides NICE with evidence of ownership or LOA for the number and confirmed by our independent 3rd party validation.
- Next, the originating service provider creates a SIP Identity header that includes a certificate containing information on the calling number (calling number, called number, attestation level, and call origin). For NICE customers, NICE will sign all calls originating on our network.
- When the destination service provider receives the call, they verify the identity of the header and certificate.
- Based on that verification, the destination service provider determines how to handle the call (block or verify).
- Targeting the second quarter in 2022, we are planning to be able to also consume STIR/SHAKEN information we receive to identify calls coming into the NICE CXone platform as signed or unsigned. We will then be able to handle calls of a suspicious nature in scripting to protect contact center resources from illegal robocalls and identifying the perpetrators.
The above-mentioned attestation levels influence the way a call will be displayed on the recipient’s device.
Full (or A-level) attestation means that the service provider has authenticated the calling party and they can confirm that the calling party is authorized to use this number.
Partial (B-level) attestation means that the service provider has authenticated the origin of the call but cannot verify whether the call source is authorized to use this number for making calls.
Gateway (C-level) attestation is the lowest level of attestation and is used when the service provider has authenticated from where they received the call but cannot authenticate the call source.
Calls with an A-level attestation are the most “trustworthy” and least likely to be spam and while what exactly is displayed on a recipient’s phone display will look slightly different based on the carrier, in the end, carriers will try to make calls that have received “Full” attestation look as trustworthy as possible; this may include things like adding a checkmark or the word “verified” (or both) to the device screen for an incoming call and actually show the phone number the call came from. Take a look at an example of what a verified call might look like… (Image source: AT&T).
OK, So STIR/SHAKEN is Coming. Now What?
June 30, 2021, is the deadline for carriers to implement STIR/SHAKEN technology. The most important question for contact centers that use an autodialer to make outbound calls is obviously: is there anything I need to do to ensure outbound calls are delivered “as usual” once the implementation deadline is reached.
The not so good news: unless you are prepared, STIR/SHAKEN standards could have a significant impact on your contact center because of the increased risk of call blocking – if calls that originate in a dialer are not signed properly they may receive sub-par validation with a C-level attestation and may not reach their intended recipients due to (in that case likely incorrectly) being identified as spam.
The good news: if you are a NICE CXone customer and use our dialer, you are prepared (even though you did not have to do anything). NICE CXone has already taken all the steps needed to ensure that calls made using the auto-dialer that is part of the CXone platform are fully compliant with the new STIR/SHAKEN standard. We are making sure that outbound calls made using the NICE CXone platform dialer are correctly validated and receive the appropriate attestation level – for you, no action is required, your calls will reach the intended recipients and display as validated with whatever indicators the consumers carrier uses to confirm that status. There is no cost for you.
The even better news: CXone is working on providing the next step beyond STIR/SHAKEN compliance. While A-level attestation and display as a verified call may improve Answer Rates, a new feature, Advanced Caller ID, will provide more options. Advanced Caller ID will allow companies to be whitelisted by the analytic firms that help identify Caller IDs and their “rating” and show 16-character descriptions when delivered. Some carriers are already supporting the ability to display a logo and a tagline to describe the purpose of the call. For calls with this additional brand/content information, contact centers are finding longer talk times as customers answer the call knowing who and why they are calling. In some cases, companies have reported increased answer rates as high as 50%. It can also lead to a significant increase in conversion rates. It is more likely, however, that overall answered call rates will decrease, but the number of returned calls from customers may increase significantly as they can call back when convenient for them.
STIR/SHAKEN: The Name Explained
Without going into a lot of detail, here’s a quick excursion into the somewhat unusual name of this framework and how it came about: folklore has it that the name was in fact inspired by Ian Fleming's character James Bond, who famously prefers his martinis "shaken, not stirred." STIR (standing for Secure Telephony Identity Revisited) having been named first, when the time came to name the second part, SHAKEN, according to the Los Angeles Times (source: https://www.latimes.com/business/lazarus/la-fi-lazarus-robocalls-fcc-task-force-20170901-story.html), the creators of SHAKEN "tortured the English language until [they] came up with an acronym.” That is how SHAKEN came into existence. It stands for Signature-based Handling of Asserted information using toKENs. Who knew…?
And that’s the story for dialers and outbound voice calls, but what about digital?
Spam of the Digital Kind
Just to be fair towards auto-dialers: outbound phone calls are not the only channel that is subject to spamming. STIR/SHAKEN does not extend to digital channels, but spam has a long history whose very first beginnings involved a text-based channel that even predated the Internet and the telephone. The first spam ever recorded was a telegram with an advertisement for teeth whitening sent to a large group of British politicians in the second half of the 19th century. Unfortunately, we do not know whether it was successful.
Today, spam is present in other, digital interaction channels like email, SMS, and others. In case you are using the SMS channel to reach out to your customers: there is a solution for SMS with the CXone platform. A new feature called “Verified SMS” enables you to use the Administration interface of the CXone platform to create SMS Brand Profiles which contain the brand name, logo, and a short description. If the recipient of the SMS uses an Android phone (the iOS operating system does not currently support this yet), the SMS will display including all the additional information you added to the profile – and just like with phone calls, recent Google research found that 77% consumers prefer Verified SMS over the generic version, which lead to increased open rates – because customer like to know who’s reaching out to them, no matter the channel.
Read more about CXone Personal Connection, the proactive engagement solution that is part of the CXone platform, which ensures your outbound calls are ready for STIR/SHAKEN, generates more revenue, improves the customer, and agent experience, and increases customer connections.