Cybersecurity

AT&T, TransUnion Launch Initiative To Combat Business Call Spoofing

smartphone user checking branded caller ID
AT&T wireless customers will see the brand name and logo of participating businesses on verified incoming calls without the need for an app.

In an effort to protect companies from phone call spoofing, AT&T and TransUnion announced a program Tuesday to allow businesses to tag outgoing calls so a brand name and logo will appear on the wireless phone of the person who receives the call.

The calls are verified with STIR/SHAKEN, a framework of interconnected standards used to confirm a number hasn’t been illegally spoofed.

According to AT&T, if a business is participating in the program, the telecom’s wireless customers will be able to easily recognize and have more confidence in the identity of the caller, which helps those customers decide more accurately which calls they want to answer.

“We’re obsessed with giving our customers secure and trusted calls, so we’re excited to work with TransUnion for a richer, more helpful visual experience,” AT&T Senior Vice President of Mass Markets Product Management Erin Scarborough said in a statement.

“And since we use STIR/SHAKEN verification,” she continued, “our customers will be able to connect with greater confidence to the brands they may want or need to connect with.”

Restoring Trust in Phone Calls

On its website, the FCC explained that STIR/SHAKEN are acronyms for the Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) standards. That means that calls traveling through interconnected phone networks can have their caller ID “signed” as legitimate by originating carriers and validated by other carriers before reaching consumers.

STIR/SHAKEN digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify that a call is from the number displayed on the caller ID.

Businesses that participate in the anti-spoofing program will have their logos displayed on consumers’ phones using TruContact Branded Call Display technology developed by Neustar.

“The delivery of Branded Call Display logos represents the culmination of years of collaboration between AT&T and Neustar, now part of TransUnion,” TransUnion Senior Vice President and General Manager for TruContact Communications Solutions James Garvert said in a statement.

“We have delivered caller ID for landlines, evolved to the first generation of branded calling, and now we’ve set the stage for Branded Calls Display logos,” he continued. “This is helping restore trust in the phone to protect enterprises and consumers alike.”

Great TransUnion Acquisition

This is a great integration of TransUnion’s billion-dollar buy of Neustar in 2021, added Liz Miller, vice president and a principal analyst with Constellation Research, a technology research and advisory firm in Cupertino, Calif.

“This is exactly where Neustar played — at the intersection of security and brand security, looking to turn brand security into a conversation point,” she told TechNewsWorld.

“Brands are looking at the silent damage a shaky security posture can have on their value proposition and brand trust,” she said. “So expect to see more services and solutions like this, as the Neustar thought leadership and capabilities are more fully turned into TransUnion product offerings.”

Jack E. Gold, founder and principal analyst with J.Gold Associates, an IT advisory company in Northborough, Mass., pointed out that the program will be limited to companies that want to be identified with it.

“The reason they want to be identified is because maybe then people will actually pick up the phone when they call,” he told TechNewsWorld. “If I get a call with a caller ID I don’t know, I don’t even pick it up anymore. It’s gotten that bad.”

Wily Adversaries

The problem of call spoofing has a long history, noted Jeff Kagan, a technology analyst based in Marietta, Ga. “We have seen this problem for decades with various technologies and to various degrees,” he told TechNewsWorld.

“It really went into high gear with new technologies like wireless and VoIP — Voice Over Internet Protocol,” he said. “When someone can use any phone number they want on VoIP or wireless, they can trick anyone.”

“New technology can do amazing things, but it can also do bad things as well,” he added.

Those “bad things” were why the FCC announced STIR/SHAKEN in March 2020, but adoption of the technology has been slow. “STIR/SHAKEN requires upgrading phone systems,” Gold explained. “There’s a lot of legacy equipment still around, and that’s especially true outside the U.S., where the FCC can’t regulate the equipment.”

“It’s not something you can just upgrade overnight,” he added.

In addition, regulators and carriers are dealing with a wily adversary. “Bad actors are a lot better at this than anyone ever gives them credit for,” Miller maintained.

“They are exceptionally good at leveraging technology to do everything from setting up fake numbers faster than they can be taken down, impersonating people, using fake numbers, faking local numbers, and hopping into gaps in security measures globally,” she continued.

“For every good thing like STIR/SHAKEN technology, these fraudsters can make 10 more bad ones,” she said.

Mexican Prison Telephone Scam

Nevertheless, U.S. initiatives to battle call spoofing are outpacing the rest of the world. “The efforts being made by the FCC and American carriers in this area are light years ahead of what we are seeing in the rest of the world,” declared John Strand of Strand Consult, a consulting firm in Denmark with a focus on telecom.

“I work globally, and I must say that the responsibility shown by the FCC and the American carriers — with few exceptions — is unique,” he told TechNewsWorld. “In most countries around the world, operators do nothing. We are talking about absolutely nothing.”

“Spoofing is a much bigger problem than people realize, a problem that costs serious companies a lot of money,” he said. “It makes their communication with their customers more expensive and complex. Spoof calls are email spam on steroids.”

“In today’s world, every user, whether business or consumer, must suspect every contact,” Kagan added. “Always assume it’s a crook trying to break in.”

A retired member of his family, he recalled, received a call from their grandson saying they were being held in a Mexican jail and needed cash to get out. They transferred thousands of dollars to the caller, only to find out later that their grandson had been safe at home the whole while.

“There may be times when some of these calls are legit,” Kagan said, “but it’s not worth trusting and getting burned.”

John P. Mello Jr.

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Cybersecurity

Technewsworld Channels