Caller ID Under Attack: Bridging the Attestation Gap to Combat Phone Fraud
When your customers receive an incoming call, they often rely on Caller ID verification to assess its authenticity. A “verified caller” identity label provides them the confidence that the call is indeed from a reputable source.
That label is part of the SHAKEN (Signature-based Handling of Asserted information using toKENs) framework, which aims to combat fraudulent calls and spoofing.
Under SHAKEN, calls receive three different attestations or labels: A (Full), B (Partial) or C (Gateway).
- "A" or “Full” attestation denotes a caller identity that has undergone complete verification. In this case, the service provider possesses full knowledge of the sender and that they have the rightful authorization to use the associated phone number.
- "B" or “Partial” attestation signifies a partially authenticated call. The service provider recognizes the sender’s identity but lacks information about the origin of the specific phone number being used for the call.
- "C" or “Gateway” attestation indicates that the Caller ID hasn't undergone full verification. Although the service provider initiated the call onto the network, they are unable to authenticate the precise source of the call.
Here's where the attestation gap comes into play:
Legitimate businesses sometimes end up with B or C attestations. This means a call may very well be genuine, but it may not receive the highest level of attestation. Consequently, the info displayed on the Caller ID may create doubts in the minds of the recipient.
So, why should legitimate businesses care about the attestation gap? Because it directly affects the perception of authenticity of incoming phone calls!
When a call doesn't have the "verified caller" label, even if it's from a legitimate business, it may be perceived as less trustworthy or potentially fraudulent, which can lead to call blocking or hesitation to answer incoming calls. This ultimately impacts legitimate businesses that rely on phone communication with their customers.
The SHAKEN framework was created to protect legitimate businesses by ensuring the Caller ID presented to the recipient of their calls has been authenticated. This helps legitimate businesses reach consumers who actually want to hear from them while keeping suspicious or nefarious callers at bay.
To avoid the attestation gap, legitimate businesses should ensure that their communication service provider meets the requirements of the SHAKEN framework so that the call receives an "A" attestation. In doing so, the risk of a call being blocked is reduced and authenticated Caller IDs will be presented to the recipient.