Rebekah Johnson: Welcome to Tuesday Talks, a live discussion series where we shed light and bring truth to emerging topics in the communications industry. I'm Rebecca Johnson, Founder and CEO of Numeracle and I'll be co-hosting today's session with Anis Jaffer.
Anis Jaffer: Hi everyone, I am Anis Jaffer, Chief Product Officer for Numeracle.
Rebekah Johnson: Today’s topic is Leveraging Trust in the Network with Rich Call Data. First, let’s cover what Rich Call Data (RCD) is before diving into the network and the trust aspects of this data.
The most widely accepted description of RCD includes logo, name, and call reason. The STIR PASSporT document in the Internet Engineering Task Force (IETF) framework standardizes how this information can be captured and delivered. When we hear “branded calls,” or see calls that land on devices that have a brand name or a logo, there's actually an app or a service that's pulling the information for that call and rendering through a presentation layer.
In our last Tuesday Talk, we touched on two different ways in which the RCD information is delivered. One is via the RCD PASSporT as part of delegated certificates, which allows us to deliver information within the telecom network, which is key to understand. The other option is out-of-band such as the Google Verified calls. What is the same for both paths, whether in the network or out of the network, is the core of the data, the data itself is the same with regards to the logo, the brand, name, and call reason.
Unfortunately, we do have limitations on delivery specifically, and also limitations on presentation. We're going to dive into the presentation layer for a moment and, Anis, the presentation layer sadly is in and of itself, also multi-layered in its challenges from the device to the reach and supportability. I'd like to get a current status in the ecosystem with regards to logo display, but before I let you talk, I think we should pause and take a moment:
I always make this statement when we are looking at technology and why we have challenges, we’ll be talking about RCD challenges. I always say, “If we can get a man on the moon, we should be able to do something in technology.” I am honored, I called my buddy Elon Musk and I said, “Hey I got a Tuesday Talk at 3 p.m. on May 4th, can you just push back the Falcon launch for the satellite, the Starlink? May 4th sounds better anyway. So it’s actually happening right now at the same time that we're doing this Tuesday Talk. SpaceX is launching Starlink satellites, so Anis, let's keep that in mind as we talk about the challenges of launching RCD in the telecom network
Anis Jaffer: Yeah, launching rockets to Mars is going to be easier than launching Rich Call Data.
For logos to be displayed, as you said, we need to have a presentation layer, like a device that has a visual display interface, such as a smartphone. Analog devices without the display will not be able to actually display the logo. So in the smartphone world, currently some of the apps that are running on mobile devices do the logo presentation. These apps could be carrier-specific OEM-deployed apps or they could be a subscriber-installed app on the device. In some cases, you would have to probably get a premium service to get the logo display.
Natively there are some solutions like Google, that you mentioned, they have implemented a Google Verified solution, which is currently available on pure Android-version devices such as Google Pixel as well as some other brands that support it. Other than smartphones, that are some providers who are also looking at displaying information on other devices that have a visual interface. For example, we know there is an ISP who provides cable, internet, and voice services and they're looking at displaying RCD on TV sets, which are connected to their set-top boxes. But this is still very early, there are a lot of things that are currently in testing.
Rebekah Johnson: It feels like it’s really sporadic, with regards to the delivery, and there's a lot of variability in exactly how you implement this not only for the one who is supporting the delivery channel but consumer options too. There's a lot of variability there. When do you think this will become more widespread? When are the various different delivery channels going to do something with RCD?
Anis Jaffer: It's not widespread at this point, it will increase for sure but the ramp-up is taking some time. Right now, most carriers are focused on getting STIR/SHAKEN implemented in time for the deadline. There are solutions, like Google Verified, that have become available but this is not the norm, these are more of an exception. We also have to remember that the RCD data needs to be handled at termination. STIR/SHAKEN needs to get implemented, the originating carrier needs to attach the RCD, and then the terminating carrier needs to consume that RCD and display. From a technical standpoint, solutions are there, models are there, there's a standard, but it needs implementation and execution.
Rebekah Johnson: From our perspective of trying to support the presentation layer, one of the challenges, and I think you're more experienced with it, is looking at the logo itself. Each one of these presentation layers has a different way that they present the information, so the reality is that we also have to manage all the different logos. What has been your experience in that as well?
Anis Jaffer : There are few models that have been discussed and that are available. The most widely discussed and elegant way would be the Delegated Certificate Model. We've discussed this model in some of our previous sessions.
The delegate model allows the originating enterprise to add a certificate for any given call and as part of that, they can add an RCD claim. The RCD claim would include the logo and a call reason. It's elegant because the control is in the originator and they can attach this information when the call is originated. Since the data gets transmitted with the call, at termination the data would be received and if per-standard, then you can display it. So that's one model but it needs adoption.
Another model would be to leverage a Centralized Database, but this is going to be static. A number and its corresponding enterprise, the logo, the call reason...all of this information is populated in a database ahead of time. Regardless of when or who originates the call the number will show up at termination with the name and logo. This is kind of like CNAM, which we use today, where it displays the name but then you would have the logo and call reason attached. The challenge is it is static and it opens up a possibility for spoofing.
Then you have the out-of-band solution model, which is what Google has implemented. In this model, an enterprise, the RCD logo, and the numbers that they use are all verified and registered with Google ahead of time. However, the data gets pushed to the end device only if and when the originator actually registered the call. Typically this would be done right before they make a call to a subscriber and it'll be using an API. Since the originating service has a secure token to access that API, it can be extremely difficult to spoof. The same approach has been taken by analytics providers as well for their out-of-band branded solutions. Right now, we can see that Google Verified and some of the branded solutions from analytics providers are taking this approach. Apple could possibly do something similar, we do not know that yet and are keeping an eye on that.
But regardless of the model, the challenge is: how do you authenticate the validity of the image that is used as a logo? How do you make sure that the enterprise that is originating the call has the right to use the logo? Sometimes you have to verify if the logo is even real.
I mean, you are an expert in compliance and have very strong opinions in making sure that good actors and legal entities should be able to say who they are when they're making calls. In your view, how do you authenticate the brand is legitimate and they have the consent for using that logo? What do you think?
Rebekah Johnson: I have been pondering and thinking about this since 2016 when I first got introduced to RCD while working for somebody else. I love this idea, the companies and brands that I represented were on the financial and banking side, also in retail, pharmacy, and lots of hospitals. I was very protective of their identity and how it was going to be used with the new RCD solutions that were coming into the market. My first concern was, what if somebody spoofs this number and this hospital’s logo is being presented to the consumer? What we're doing is actually equipping the fraudulent actors to do a better job and be effective while also getting to do it for free because they're not going to foot the bill on it.
Spoofing is a very real issue and something to consider, which is why Numeracle is so supportive of the delegated certificate for that, that is a great way to counter that. Also the out-of-band solutions in the way that Google has implemented with regards to registering the call just seconds before you actually deliver the call. It would require someone sophisticated enough to know when you're going to be calling the called party to be able to take advantage of the logo.
That's one element of you know protecting the brand, but on the flip side, let's say we put all those mechanisms in place. To your point, the next step that a fraudulent actor would do is say, “fine I'll play the game and I'll follow the rules and I’ll register my numbers that I'm using with anybody's name and anybody's logo.” That's where the verification and authenticating comes into play, specific to the entity who's delivering calls and their identity assets that they're using. From Numeracle’s perspective, we do have this implemented, we have some experience with it.
But we're going to have call centers who are going to want to leverage the branded calling, enterprises are going to want to leverage the branded calling, and CPaaS providers who want to leverage branded calling. Everyone will have to implement their own strategy to make sure that the clients that they are onboarding and allowing to use this very powerful tool, to present an identity. We sometimes get lost in how cool it is to have the logo. We're creating a mechanism for an identity to be presented, dang right you better have that correct because I'm going to put the liability on the entity who is just opening the doors long anybody to use it and we cannot have that. What we’re seeing, naturally, is we're getting to that point where there are even some standards that might get proposed around how to protect RCD. What's the process to ensure?
The other flip side of it, and I'm going to throw this out there because it's something to noodle on, more for the lawyers who listen in on our podcast is, does the logo change a call? Depending on what I put in it, I could maybe change the logo to be more of an ad, potentially. I could have some advertisements on like a coupon or discount, whatever it may be. If I'm delivering an informational call via the use of an autodialer with a pre-recorded voice and I'm presenting an ad, does that change my call to a telemarketing call? It’s going to be really interesting, I think we're going to be debating this, which I've got a coalition to cover this topic. This opens up so many other avenues.
With all that said, there's a lot of power in the use of this particular tool, so I would like to see more adoption but I think it's really up to those who are building the delivery mechanism and the presentation layer who have the challenges that they must solve for there to be mass adoption on the Enterprise side. You may have some other thoughts on that too, but that's what I feel very strongly about.
Anis Jaffer: I agree with what you’re saying. Basically, you have to verify and vet the enterprise and make sure that they have the right logo, in case a call center is making calls on behalf of another entity where they would need consent from the brand for using that logo. That's one piece of the authentication. The other part is, what kind of logos are even allowed? You have to validate and verify that the brand is legitimate and doesn't have any inappropriate images, for example, or the example that you highlighted, which I think is way further down than where we are today. Using dynamic images to convey additional details about the call, whether that is a coupon, or whatever it could be, I’m sure there will be some creative ways that people would want to use these logos and communicate. The bottom line is, we should be able to validate and authenticate that that information is legit. I absolutely agree with you on that.
Rebekah Johnson: Going back to the adoption side of this, why have I been talking about RCD for five years? We can somehow build a spaceship and get it up into space in five years back in the ’60s, but we struggle with launching the platform for RCD.
Unfortunately, the path that the ecosystem has taken in and of itself has created challenges for just the enterprise adoption alone. You have to connect with the various delivery methods, the various presentation layers, understanding what's the reach of my rich call data, gathering metrics off of the effectiveness of it... I don't believe companies have money laying around to just throw at “that's cool.” I don't have that budget line item for “that's cool,” so with this functionality, the RCD must have a return on the investment and bring value back to the enterprise.
You've already seen some of those challenges, I don’t know if you have any other additional feedback on the future here because what I see is just more options that keep getting added for the display.
Anis Jaffer: At least, in my opinion, there are standards and there are models that have been published for carriers to leverage RCD. However, given where they are in the STIR/SHAKEN implementation as well as a preference of which model they want to use, there is no universal concurrence on what needs to be done. Even if an originating carrier uses a delegated cert and RCD PASSporT, how do we make sure that the terminating side is able to handle it? That's not implemented yet, but while that is taking some time to get implemented, we are seeing out-of-solutions coming out. Google Verified was the first and we know that there are other branded calling solutions that are already being implemented. To me, it says that the market will move towards what is available and would get implemented first. I think that's where this is going.
We already see some adoption on the Google side and expect that others would also have some success in getting enterprises to use that. Now, if that solves the problem for everyone, we're going to live in this world of multiple branded calling solutions out-of-band. However, there is also a chance that once STIR/SHAKEN gets implemented, all carriers agree on the standard, everybody is able to send certs with RCD PASSporTs, terminating carriers are using it, and then out-of-band solutions will go away. Then we don't need them and it could be as simple as how we use today just by dialing a number and the call getting there with the data gets presented.
Rebekah Johnson: It’s an interesting fluid market and even though telecom seems to go very slow, the innovation around it goes really fast. With this out-of-band that you're mentioning, it's incredible how rapid fast it seems like that's moving along and there's already value that's coming through it. I think it's really up to the terminating carriers, the wireless carrier providers, because they have what is the end result of what RCD is going to be. That's the majority of the consumers, patients, members, whatever it may be, have their wireless device and they hold the ad space on that terminating side.
If we can get the industry to move a little bit quicker on the delegate certificates side, I think we'll see more of that adoption. It offers security, it's in line with the network, it's a standard, but the telecom industry does not move fast whatsoever. I think we’re to be in this state for a while, I think it’s going to be years that we’re sitting in this state because the carriers also have to contend with the device-makers as well and what they will allow. With regard to the out-of-band, it’s consumer-driven, it's their choice. When they download they make a choice of wanting this set up to take their call, it has features for presenting logos that they can turn on.
Anis Jaffer: What we have to be watchful about is what kind of logos are being sent by originating enterprises. Let’s assume that delegated certs take a little bit of time to get adopted. In the meanwhile, we are using all the out-of-band solutions, but if those logos cannot be trusted or if you are seeing a lot of fake and spam images show up, then regardless of adoption that's going to be a problem. So we also have to make sure that whoever is originating the calls are authenticated and verified and that we check the image before we enable it. We do that and I'm hopeful that others are doing the same.
Rebekah Johnson: Anis, I didn’t really even think about that. But the out-of-band solution could be the driver of regulation. It’s actually so complicated because the out-of-band solution providers are not under at least the FCC’s authority, so it might have to be an FTC issue for unfair and deceptive practices. I don't know, but man, that's one to watch, something will happen. A consumer group is going to say something if all of a sudden there are children getting inappropriate logos for whatever it may be. We as a collective industry, enterprise, carrier, and everybody else in between, have to work together to protect this environment or this whole thing goes up in smoke.
Anis Jaffer: Absolutely, it could go both ways. It could drive adoption because people are used to seeing images when out-of-band logos show up, so it could drive massive user adoption. On the other side, it could kill it if we start seeing Spam logos and images, so we have to be very watchful of that.
Rebekah Johnson: So Anis, at this time I think we'd like to welcome our audience to ask some live questions, either on-screen or through the chat window. So, Molly, do we have any questions?
Molly Weis: I do have one so far. The question is: Is RCD branded calling already available out there? If so, are you aware of any brands out there currently using branded calling who are seeing an impact on improvements to contact rates or callbacks? Or is the adoption rate just too low to see improvement yet?
Rebekah Johnson: Yes, branding is available. There are some great solutions out there but they too face the same challenges we just covered, but they work and thrive within those challenges. I'm going to focus on the improvements. Yes, we are actually hearing back as we are evaluating metrics on the branded calling almost immediately, right away. People are tickled pink over the results that they're getting which are quite shocking. That's a positive with regards to the improvement with regards to the adoption rate on the consumer side which is probably what this question is focused on. That is still somewhat low, but when you're running your metrics and you're looking at your KPI’s, there is a certain percentage within your reach that will be received as displayed depending upon the partners that you push data out to.
It's creating an improvement within that group, so you either had value or you didn't have value. This is literally one of the things that’s either on, or it's off. When it's on it's good, when it's off then it's the status quo. Even if the adoption rate is low, any improvement that returns in a dollar value back to your company, I deem a positive, so I don't understand why enterprises don't start now managing what this impact does and changes for your call strategy. It's actually better to start while it's small then as the reach and the adoption grows, you’re prepared and can make better projections on what the value of the solution is. That’s my feedback from the improvement side.
Anis Jaffer: To add a little bit to that, definitely, the solutions are available and we are seeing contact rate improvement as well as call-back, I think people don't also measure that. We have seen with our early-adopter clients that they have seen an increase in contact rate as well as call back rate. My opinion, at this point based on the data that we are seeing, is when people see logos in missed calls from a branded logo, they are more likely to call back. So we are seeing that. It’s still early in collecting statistics but we’re going to keep monitoring that and also planning to add a couple of other branded solutions and other metrics. Maybe in a few weeks, we should have more details on this, but early results have been extremely positive.
Rebekah Johnson: Anis, I didn’t even think about that. We’re always talking about the call presentation at the time of call, but again, depending upon the device and depending upon the solution that's presenting the branded data, you could have the logo show up in the call log. That's where we're seeing that callback improvement because as a subscriber is scrolling through their call log of missed calls, they’ll see that logo.
It's just giving off that impression of being able to trust it, but it also goes back to what we were talking about that as an entire ecosystem, we have to hold each other accountable that this information is accurate and can be trusted. The moment somebody in our group uses this technology in a nefarious or bad way, the consumer will lose trust. In order for us to continue to take advantage of these solutions, we all have to be cautious of how we’re deploying it.
Molly Weis: Can anyone send branded calls to the Verizon network?
Anis Jaffer: It's in the works.
Rebekah Johnson: From what I know, it’s in the works.
Anis Jaffer: We’re not there yet, but we’re in the process of getting that integration done.
Rebekah Johnson: But a Verizon subscriber could have an app that allows for the out-of-band solution. To me, when you say “in the network,” I’m actually thinking delegated certificates or maybe something that Verizon as a carrier has flipped a switch on and turned it on for Verizon customers. That switch, as far as we know, has not been flipped.
Anis Jaffer: If somebody is using a Google Verified enabled phone on the Verizon network, you can possibly get it. As a standard implementation of the network, that is still in the works.
Molly Weis: How about geography, where is this available? Is this just in the U.S. or is this a global solution?
Anis Jaffer: We are focused in the U.S., we meaning Numeracle, is focused in the U.S. Definitely STIR/SHAKEN and delegated certs, that’s all U.S.-specific at this point. Talking about out-of-band solutions, Google Verified is actually available in the U.S. and in other regions. If I remember correctly, Brazil, Mexico, and India are all covered. They probably increased their footprint recently but we’ll have to check with Google on that. So in out-of-band, Google Verified is available in more than one region outside of the U.S. where it is available as well. But STIR/SHAKEN, delegated certs, and branded solutions implemented by analytics providers are all U.S.-specific.
Rebekah Johnson: And with the end device. So we know Samsung offers branded calling in other countries but not in the U.S. due to carrier restrictions on that side. So it’s a variety. I feel like the U.S is so far behind everyone else, at least with the branded calling based on the numbers that I get sent. With regards to the reach, when it gets down to the U.S. there’s not as much adoption there but there is adoption in other countries that’s a little bit stronger.
Anis Jaffer: But on the standards side, I would say the U.S. is a little bit ahead of everyone else.
Rebekah Johnson: Well everybody else is watching what we’re doing over here.
Anis Jaffer: Exactly, everyone is following the U.S.
Rebekah Johnson: It'll be interesting to watch those countries whenever we do finalize the standards here in the U.S. I mean, look at Canada, the Base SHAKEN deadline got moved. All of this has wonderful features and functionality built on top of another standard so you have to implement in order to be able to leverage RCD PASSporTs when it comes to STIR/SHAKEN, actually have to get yourself set up with your authentication verification service, signing calls, and receiving the signed calls. It’s a lot of work which is why I think that’s the one that’s going to take the longest.
It's time to wrap up today's session, so thanks again for joining us and another Tuesday Talks! You'll see us again Tuesday, May 18th, where we will continue to shed light on the most important topics impacting the call delivery space today and tomorrow, so we will see you then.
