All articles

Basics to Know About Call Authentication

The massive amount of robocalls are frustrating for everyone involved — customers and contact centers alike. Customers don’t want to answer their phone for robocalls and contact centers are having a difficult time reaching customers because they aren’t picking up the phone. In fact, 94% of people don’t answer the phone unless they know who’s calling. Even worse, illegal spoofing allows bad actors to pose as a business or customer with the intent to gain sensitive information.

Fortunately, call authentication is in place with the STIR/SHAKEN framework  to protect both customers and contact centers.

What Is Call Authentication?

Call authentication is a process that verifies the identity of a caller and makes illegal spoofing more difficult. As denoted in the  STIR/SHAKEN framework, a certificate of authenticity needs to be attached to every call so that service providers can differentiate legitimate calls from fraudulent calls like illegal spoofing, robocalls, or spam calls. If the call doesn’t match the certificate, then the customer will see a “spam risk” warning on the caller ID.

How Does Call Authentication Work?

Once your contact center makes a call, your service provider receives a request to place that call. From there, the provider verifies the source of the call and assigns it an attestation level. Next, the provider creates a SIP Identity header that confirms the information from the number that placed the call. Then when the service provider of the customer you’re calling receives the call, they verify the identity of the header and certificate. Based on this information, the destination provider determines how the call will be displayed (or even blocked).

Attestation levels play an important role in deciding how a call will be displayed on a customer’s phone.

  • Full (A-level) attestation means that the provider can confirm that the caller is authorized to use the number and that no spoofing has occurred.
  • Partial (B-level) attestation means that the provider has authenticated the origin of the call but can’t verify if the caller is authorized to use the number.
  • Gateway (C-level) attestation means that the provider has authenticated the location of the call but can’t authenticate the call source.

Calls with A-level attestation are seen as the most trustworthy and least likely to be spam. The display will look different on every customer’s phone, but carriers will try to make it apparent that A-level calls can be trusted.

If you want to display your business name on your caller ID and have complete control over how your call is displayed, Hiya Connect can help. Our Branded Call feature allows you to display your company name, logo, reason for calling, and more.

Call Center Authentication Best Practices

Under the STIR/SHAKEN framework, there are a few best practices that your contact center should follow to get a high attestation level.

  • Use a reputable service provider
  • Register the phone numbers you call from
  • Avoid using least call routing
  • Monitor the reputation of your numbers

To check if any of your numbers are displaying spam warning labels, contact us for a reputation analysis.

Protect Your Contact Center from Spoofing

If a bad actor knows your business number and can find the numbers of your customers, then the groundwork is laid for a scam. By spoofing your number, a scammer can pose as your business and ask customers for sensitive information. If a customer falls for the scam, it can damage the trust that the public has in your organization.

Beyond call authentication, there isn’t much the industry can do to prevent spoofing. So instead of waiting on government or carrier action, put a permanent end to your spoofing risk by taking action on your own. Download our Stop Spoofing eBook to learn how you can protect your customers and business reputation.

Download stop spoofing ebook


Author Alicia Marie Beatty

Content Marketing Manager at Hiya