We’ve all been there: the phone rings, we don’t recognize the number, and we decide to take the call anyway. As soon as we pick it up, we realize the robotic voice on the other end of the line wants to sell us something—or even worse, claims we’ve fallen afoul of a regulation and need to pay up to make it right.
If we’re lucky, we see these scam attempts for what they are and hang up. Unfortunately, the experience makes us not want to answer our phones anymore. You might wonder: in this day and age, how is this all still possible? Before we look into that, let’s define the problem—robocalling.
Robocalls have become increasingly popular over the past several decades, particularly in areas such as politics or sales. A robocall is a call generated by an automatic dialer and that uses a pre-recorded voice. Regulations have been created in the United States to limit the use of robocalls. In particular, the Telephone Consumer Protection Act of 1991 (TCPA) and Federal Communications Commission (FCC) were created to stop anyone from making robocalls to cell phone numbers without the recipient’s prior consent. Further regulation was created in 2019 by the US Congress to limit the use of robocalls. Dubbed the TRACED Act, it requires the FCC to do several things:
Despite regulations, robocalling still exists. Why? One reason is that bad actors can impersonate a legitimate organization or business. They use special software to substitute their Caller ID with that of, say, the IRS or Apple Support or a number that closely resembles your own. This practice, commonly known as “spoofing,” increases the chance that someone will answer the call.
While it might seem like a simple strategy to ignore calls from IDs you don’t recognize, there can be serious consequences to that in some instances. In particular, medical professionals have raised concerns about the impact of robocalling on reaching patients. For example, when patients get referred to specialists, who then try to call the patient, those calls could get ignored because the patient doesn’t recognize the number. When doctors can’t reach patients in a timely manner, potentially life-threatening issues could occur.
To counter this, carriers in the US have come together to define a framework known as STIR/SHAKEN. This will allow the carriers that send and receive calls to work together. For a given phone call, for example, they can vouch for the end-to-end authenticity of the Caller ID. Once fully implemented in 2021, you as a RingCentral customer won’t receive any calls that fail this spoofing test.
Not all actors manipulate their Caller IDs, however, but using the collective feedback of multiple called parties, they can develop a bad reputation as their bad intentions become clear. When this happens, their phone numbers typically get added to a blacklist. RingCentral began offering call analytics based on such blacklists in late 2019. Since then, we’ve further evolved the capability. In addition to labeling incoming calls as “suspected robocalls” to help you decide if you should answer or not, customers now have the option to block suspected robocalls completely.
RingCentral users who receive unsolicited phone calls get additional information with the call to help them decide whether to answer it or not. Incoming calls are labeled with “Suspected Robocall” if the caller ID is found to be present in a blacklist.
This feature is currently available in the United States and Canada, and can be enabled by your company admin.
With the new STIR/SHAKEN framework, tracing calls is possible. The STIR/SHAKEN authentication system uses a kind of digital fingerprint that can recognize both the number where the call originates and the number that appears on Caller ID. If they’re different, the recipient could get notified of this. As carriers have rolled this out, you may have noticed that you now receive calls that say “possible spam” in your Caller ID (As we mentioned earlier, in 2021, RingCentral customers won’t receive any calls where the original number and the caller ID don’t match).
As with any product that seeks to automatically classify something, analytics aren’t always perfect. Sometimes bad actors slip through (we call these “false negatives”) or a legitimate number gets misclassified as a robocall (a “false positive”). Strong analytics, however, can navigate this landscape effectively, relying on crowd-sourced data for inputs but not basing final decisions solely on that data.
Because any legitimate business should be able to make calls to solicit potential customers, it remains important that the crowd-sourced model of recording objections to such calls doesn’t become the only standard of classification. Best practices suggest that STIR/SHAKEN and call analytics should be used together for an optimal mitigation strategy.