Caller Authentication vs. Voice Traffic Filtering: Better Together?

Despite the growing popularity of text, webchat, and email for contact center interactions, when it comes to sensitive or complex issues, voice still dominates as the channel of choice for inbound customer contacts.  

Digital transformation of the common phone call has assured voice’s continued place as the most essential component in the modern, omni-channel contact center ecosystem, while the data contained in those calls enables more efficient call routing, more accurate KPI / CX measures, and more effective resource management.

Unfortunately, the digital voice channel also provides a convenient pathway for spammers, scammers, vishers and other unwanted intrusions. Hiding behind the anonymity of Voice over Internet (VoIP) calling, spoofed numbers and untraceable overseas call centers, these calls are invasive, disruptive to performance measurements, and endangering both to agents and the organizations they represent.

Clearly, it’s imperative that contact centers take protective measures against this growing problem. The question is, what is the best approach?

Many organizations already deploy some form of Caller Authentication to help separate good callers from bad, However, reliance on these practices and technologies alone is simply not enough to diminish the KPI-disrupting, resources-wasting impact of robocalls, scammers, spam storms, and threat actors once they have entered the agent call flow. Securing the voice channel from the ever-evolving threats of unwanted and nefarious callers requires establishing multiple safeguards all along a call’s path. That is where Voice Traffic Filtering can make a significant difference by assuring the integrity and security of incoming calls from the onset.

To better understand, following is a brief discussion of the differences between Voice Traffic Filtering and Caller Authentication. Each has a distinct and critical role and, when working together, can create a powerful shield of defense against the damaging effects of unwanted calls while enhancing the overall integrity of voice network, agent performance, resources management, and customer experience.

Understanding the Call Flow

Diagram 1, below, presents a simplified standard inbound call flow.  Note the linear sequence and how Voice Traffic Filtering occurs at the inception of the call flow, prior to both CRM lookup and IVR routing.  Additionally, note how Caller Authentication occurs just prior to a call being placed into the Agent Queue.  Lastly, note that the Agent at the end of the call flow is the last line of defense for Fraud Detection which occurs only after engaging with the caller.

Voice Traffic Filtering

Voice Traffic Filters form a broad front-line firewall for the voice channel that detects and removes the majority of unwanted inbound calls, including robocalls, spoof calls, vishers, voice spam, spam storms, and social engineering calls.  In the Contact Center, Voice Traffic Filters play a critical role in reducing the negative impact of unwanted calls in the voice channel as they do their work at the front end of the call flow, before those calls ever make it into the IVR.

Voice Traffic Filters are relatively new to the technology landscape but have seen a steep rise in adoption in enterprise-class organizations, specifically among forward-looking IT departments, cybersecurity teams and Contact Centers.  While many of the burgeoning Voice Traffic Filters provide one or two layers of protection, Mutare’s industry-leading Voice Traffic Filter provides the most comprehensive solution on the market, boasting five technical controls, or layers of protection.  Following is a simplified explanation of each of these five layers:

Layer 1:  STIR / SHAKEN

This layer examines incoming call SIP header data for evidence of STIR / SHAKEN attestation scoring.

STIR / SHAKEN is a Congressionally-mandated set of protocols and procedures developed to combat caller ID spoofing (manipulation of the caller ID) on public telephone networks. Carriers are required to add a confidence score obtained from a trusted authentication service attesting to their level of confidence that the caller ID matches the owner of the number before passing the call along. Those scores range from full attestation (number is valid and belongs to the caller) through partial attestation/no verification status available.

Voice Traffic Filter settings for STIR / SHAKEN allow administrators to determine how the system should handle calls flagged as suspicious based on their STIR / SHAKEN attestation scores. For example, calls that pass attestation may be allowed, those that fail validation may be dropped, and those with incomplete verification status can be sent to the Voice CAPTCHA for additional testing.

STIR / SHAKEN scores, when available, provide another data point used in combination with other Mutare Voice Traffic Filter features and algorithms to help identify unwanted calls.

Layer 2:  Proprietary Dynamic Database

Mutare’s Proprietary Dynamic Database is a powerful and continuously-evolving broad line of defense against unwanted intrusions from phone numbers that are spoofed or known to have poor calling reputations. The proprietary dynamic database taps into multiple worldwide resources dedicated to tracking, verifying, and reporting tens of millions of nuisance, Do Not Originate, and nefarious phone numbers behind most spam, scam, vishing, and robocall campaigns. As bad actors, scammers, and unwanted callers are constantly changing numbers and attack plans, so too, is the dynamic database continuously adjusting and updating in real time to stay ahead of their intrusions.

Layer 3:  Threat Radar

The Threat Radar filtering layer is designed to recognize the specific characteristics of a call surge indicating that a potential spam storm or spoof attack underway. Threat Radar applies a combination of analytic processes, machine learning, and AI to detect and, when warranted, deflect these disrupting or potentially malicious calls based on specific behaviors and number patterns that are outside of the organization’s normal voice traffic activity. Administrators configure what action the system will apply to calls matching a suspicious pattern – drop, route to another resource, or send to Voice CAPTCHA, to separate live callers from bots.

Layer 4:  Custom Rules

Custom Rules is an organization-specific blocklist and allow list builder that adds a customized set of filtering and call handling rules for specified numbers/number types. Rules can be built around a combination of Caller and Called party IDs and applied to both incoming and outgoing calls.

Layer 5:  Voice CAPTCHA

Voice CAPTCHA provides an extra layer of vetting for calls suspected as potential spam but not confirmed as such by other filtering layers. When routed through Voice CAPTCHA, suspect callers are challenged to enter a set of random digits before the call can be passed through which effectively filters human callers from bots.

Caller Authentication

Caller Authentication is a general term for various practices and technologies used to assure that the person calling into a contact center is actually who they say they are. Caller Authentication may combine use of technology to analyze call data and caller behavior at various points in the call path (post-IVR), along with active human intervention either at the agent desktop or through call routing to a live resource when additional call vetting is warranted.

The application of Caller Authentication technologies and practices has two distinct purposes:

• To maximize effective call flow with minimal caller friction (optimal CX)
• To detect and prevent fraud (reduce risk, increase cybersecurity)

Following are some of the more common caller authentication technologies and practices:

Automatic Number Identification (ANI) Validation

Often a first step in the Caller Authentication process, ANI Validation software executes a database lookup of device numbers associated with current customer accounts. It is mostly used to streamline the process of identifying the caller. If the caller’s ANI does not match what’s on record for the account they are claiming, that could indicate the call is spoofed (the ANI has been digitally manipulated) and requires routing to a specialized system or resource for further caller vetting.

Caller ID Authentication with STIR / SHAKEN

STIR / SHAKEN attestation scoring is an industry-standard caller ID authentication technology mandated by Congress and carried out by carriers to combat call spoofing. Also included in Voice Traffic Filtering, integration of STIR / SHAKEN verification scoring into the contact center caller authentication system adds an additional layer of information to help agents discern the trust level of a caller. Note that STIR / SHAKEN only provides additional data and is not, in itself, a complete caller authentication solution as it only addresses spoofed calls and, until implementation by phone service providers and enforced for all domestic and international carriers, will deliver inconsistent results.

CRM Validation

In a cloud contact center setting, the CRM system may be integrated with the CCaaS platform enabling known callers and their related information to appear on the agent desktop for swifter, more informed handling.

Voice Biometrics

With the advent of AI (Artificial Intelligence), contact centers can now reinforce their caller authentication practices with sophisticated voice biometrics technology. These applications create “voiceprints” from customer voice recordings that identify specific voice qualities related to that person, and then match their voice in future calls against their voice print to quickly and seamlessly confirm their identity without the annoyance and disruption of extensive agent questioning (see Knowledge-Based Authentication, below).

Voice Biometrics can also be used for fraud detection when a caller’s voiceprint does not match that of the customer they claim to be. Third-party vendors offer access to databases of known criminal agent voiceprints that can be used as a caller blocklist in conjunction with the organization’s own data of verified customer voiceprints. As with ANI Validation, suspect callers can then be routed to a specialized resource for further analysis. Note, the same AI technology used to read voice characteristics can also be used by criminal agents to alter their voice or even clone the voice of a trusted source or customer to advance their deceptions. Voice biometrics is a powerful tool but best used in conjunction with additional vetting processes.

Knowledge-Based Authentication (KBA)

At the agent desktop, call center security practices typically include the application of knowledge-based authentication (KBA) questions posed by the agent to verify the identity of the caller – questions such as home address, last four digits of a social security number, or birth date. However, the growing number of data breaches and social engineering phishing and vishing (voice phishing) schemes has led to massive amounts of Personal Identifiable Information (PII) – 24+ Billion records and counting – now available to fraudsters through the Dark Web marketplace. Armed with just enough information to give themselves credibility, it is now easy for a skilled visher to circumvent KBA guardrails and deliver a credible impersonation of a real customer or trusted source. For that reason, organizations may require customers to identify themselves through a unique password or one-time number code sent to their phone or email. While reinforcing security, these practices increase call handle time and add significant friction to the overall customer experience.

Benefits of an Integrated Approach

Voice Traffic Filtering and Caller Authentication each provide distinct benefits for contact center operations. However, when working together, the end result is far greater than the sum of the individual parts and extends beyond simple operational efficiencies to include:

Improved Customer Experience (CX)

Caller Authentication focuses on the Caller by reducing friction points for legitimate contacts; Voice Traffic Filtering focuses on the Agent, making sure they are more effective at servicing legitimate callers by reducing time wasted tending to unwanted calls. Together, they create a customer service environment that is positive for both the service Provider and service Receiver.

Cost Efficiency

Caller Authentication applications are applied at various points along the call path to establish a trust level for each call which often triggers a redirect of suspect calls to a premium-level resource or appears with a trust rating on the agent display, prompting additional live caller vetting. Putting Voice Traffic Filtering at the front end of the call path results in:

• Reduced Burden on Authentication
  Voice Traffic Filtering systems can prevent a large portion of clearly unwanted calls from ever entering the call flow in the first place, so resources dedicated to caller authentication are tapped only when truly needed.

• Support for Resource Allocation
  While optimizing the organization’s investment in caller authentication applications by filtering unwanted calls at the front end, advanced technology solutions like the Mutare Voice Traffic Filter also deliver a significant value-add in the form of rich, detailed call history, call trust, and call activity data that is captured, processed, and made available for integration into the organization’s resource management system. This data represents all voice traffic (both inbound and outbound) traversing the highly impactful voice channel and provides administrators with deeper insights into customer behaviors and activity patterns. It also distinguishes between legitimate calls that drive revenue from those that are wasteful spam for more accurate KPI measurements and more cost-effective resource allocation.

Fraud Prevention

Caller Authentication Practices like Knowledge-Based Authentication and Voiceprint Analysis not only expedite service delivery for legitimate callers, but also help expose attempted fraud. Analyzing calls first through a robust Voice Traffic Filtering system allows legitimate callers to flow through unhindered while flagging potential fraud earlier in the process before they reach the agent desktop, resulting in:   

• Reduced Burden on KBA
  The sophisticated technologies built into a modern Voice Traffic Filtering system identify the signs of a fraudulent call through analysis of behaviors and metadata Before those calls work their way through the IVR and call routing system and land at the agent desktop. Voice Traffic Filters can be configured to deliver highly suspect calls to a voice CAPTCHA or voicemail recording system for additional call vetting without wasting agent time and attention better spent on legitimate calls.
• Reduced Agent Exposure
  While agents are well-trained to apply KBA questioning to suspect callers that reach their desktop, sophisticated vishers armed with stolen PII have proven surprising effective at deceptions once given the opportunity to reach another human. No doubt the agents and their ability to detect fraud from personal interactions with the caller is a critical (albeit vulnerable) last line of defense. As a solid First line of defense, Voice Traffic Filtering significantly reduces the number of potentially fraudulent callers from reaching that human endpoint in the first place and, in the process, diminishes threat actors’ opportunity for success.

Bottom Line

The fact is, contact centers are highly complex operations that use a combination of technology, employee training and process to turn human interactions between agents and customers into a mutually satisfying experience that drives customer satisfaction, loyalty, and positive business outcomes.

As the most personal medium for communication, the voice channel is both specifically rewarding and uniquely challenging when it comes to how agents impact customer experiences, achieve targeted KPIs, and operate at a consistent level of business unit performance.

The Contact Center is also uniquely vulnerable to the damaging impact of unwanted nuisance and nefarious inbound calls. As negative forces impacting the voice channel are growing in scale and sophistication, protection of the interconnected processes that keep them operating at optimal levels must include a multi-layered approach that taps best-in-class Voice Traffic Filtering and Caller Authentication technologies that are adaptable, responsive, and work collectively to eliminate unwanted calls to assure the best experience possible for customers, agents, and the organizations they support.

About the Author

Janet O’Brien joined the Mutare family in 2007 following 25+ years as a career writer, editor, photographer, and marketing specialist for an array of public and private organizations throughout the Chicago area. She has a passion for helping organizations tell their stories and has found in Mutare’s brilliant technology, caring people, and devoted fans, a virtual anthology of inspiration. Read more at mutare.com, or feel free to share your own stories on LinkedIn.