When was the last time you received a telephone call?
Seems like an innocuous question right? What if the call was from your bank to discuss a fraudulent transaction. How did you establish that it really was your bank calling?
Did they ask you for your details first, or did you ask them for theirs, and if you did, was there a satisfactory and undeniable answer, or was your question met with hostility?
In a bygone era there was a relationship between the number displayed on your screen and the person calling you. Today with an internet connected telephone system, where someone can pretend to be anyone, this is no longer the case but neither businesses nor regulators have kept up with the change and end users are paying the price with victims falling prey to scam artists with a significant dollar to make.
Over the past four years as tracked by the Australian Competition and Consumer Commission, the number of scam calls has sky-rocketed and with it, financial losses. In 2021, victims reported over $AU 323 million losses due to scams across 216 thousand reports, 74% of which were due to phone and SMS scams and only 9% of scams were of a financial nature. In the USA, 59.4 million victims lost $US 29.8 billion in the previous year.
In a world where an estimated 85% of email is spam, our telephone network is rapidly heading in that direction and neither the tools nor processes to handle that, exist.
In many telephone interactions there is a need to exchange private and personal information, from banking to medical details, from home addresses to passwords and everything in between. To facilitate this, most calls go through a process of authentication. Authentication is a two-way street. You need to know whom you're speaking with and they need to know your identity.
When you call your bank, half of that authentication has been completed by calling a known number. The other half happens when the bank asks you for some specific details.
However, if your bank calls you, or even if a customer service operator transfers you, the reverse is not true. Often the bank will demand that you divulge specific details before you've established who the caller is and any attempt at identifying them is met with the blanket "privacy disclaimer" spouted by a call-centre operator with no understanding of the authentication process, taught by a corporate training video produced in 1980.
This problem isn't limited to the telephone system, but it currently is the single place where no serious attempt to resolve it has been made, let alone regulated.
What could a resolution look like?
It requires a system where the caller can identify themselves to you before you are required to identify yourself to them. Banks started creating secret questions and answers, but now foolishly demand that they follow a specific format, rather than allow the combination of challenge and response to act as the method of authentication itself.
Imagine for a moment that you logged into your bank account online and set your so-called secret question to:
"What is the Violet Underground wind milling today?"
And you set the answer to:
"A loaf of stale spelt pastry with a yellow turnip."
When the bank called you, they could ask you that question and you'd immediately know that it was the bank calling and you could provide your answer and they'd know that it was you answering.
Job done. Two-way authentication complete.
Now all we need to do is educate the banks, the healthcare professionals, your car mechanic and your hair dresser. You'll also need to come up with a separate question and answer for each, but then, you already know how to speak the language.
It is critical to the welfare of society that regulators consider the impact of unauthenticated, so-called "outbound" calls, entrenched in a world view where the corporate call-centre is the source of truth and honesty.
While we're at-it, wishing for unicorns, it would be helpful if challenging the identity of a caller wasn't met with outright hostility, since it's essential to all forms of communication.
Based in Perth, Western Australia, Onno Benschop makes complicated technology simple.