S3 E34: STIR/SHAKEN

30/08/2021

00:00
00:00

S3 E34: STIR/SHAKEN

30/08/2021

00:00

00:00

How many times a day do you get spam calls on your personal or business line? The chances are that the answer to that question is more than one. The good news is that the FCC (Federal Communications Commission) has launched an initiative to combat that. Still, it requires everyone, including your law firm, to verify their number according to their new guidelines.

Whether you are receiving calls from people saying that they have received a call from your law firm when in reality no one has ever reached out to them or you are getting are missing calls from leads trying to reach out to you, this is an issue that the FCC looks to solve with the STIR/SHAKEN initiative which requires all phone numbers associated with an IP address to be verified so that carriers allow these calls reach users in their networks.

If you, like many of us, are trying to trust your caller ID again and get your clients to answer your calls to them with more confidence, then this episode is for you.

Resources mentioned in our episode:

Send us your questions at ask@incamerapodcast.com

Enjoy the show? Please don’t forget to subscribe, tell your coworkers, and leave us a review!


Transcript

Liel: [00:00:00] It is estimated that in 2019, 40 percent of all calls in the US were scams. And in 2020, the number of people who fell victim to a phone scam was two hundred and seventy percent higher than the previous year. I’m Liel Levy, co-founder of Nanato Media and author of Beyond Se Habla Español How Lawyers Win the Hispanic Market. And this is in camera podcast, where we look forward to the Stir Shaken Initiative to restore trust in caller IDs. Welcome to in camera podcast, private people, working conversations, Grace, welcome back.

Grace: [00:01:01] Thanks, Liel. How are you doing today?

Liel: [00:01:03] I’m great, Grace. You know, it hasn’t been easy. And we’ve both been so busy over these past weeks that I’m very grateful every time that we, you know, still somehow, even when we think that it’s just not going to happen, we still end up making up the time and finding the way to jump into these conversations. And so I want to start this conversation by saying I’m grateful to that, to that commitment that we have to make it happen, Grace.

Grace: [00:01:28] It’s one of the few I have for sure everyday stuff we have to do. This is one of my favorite moments.

Liel: [00:01:35] Because it’s so easy, right? How simple how easy it is just to, you know, delay things and just push things away and say, well, you know what, I cannot do it right now. And so that’s going to have to wait. And, you know. And this could be one of those things, but it isn’t right. This is one of those things that you just don’t you know, you’re going to move everything that you need to in order to make it happen. And I’m just very grateful that we still have that same energy and commitment said. And most importantly, because we do have an interesting topic to talk about Grace, today. Can you set the scene for us?

Grace: [00:02:13] Sure can. So, you know, all of us in legal, legal marketing, legal period, we’re used to regulations, compliance, and issues that surround it. Right. And when new regulations come out, we all look at it. We kind of scramble sometimes to comply, right?

Liel: [00:02:30] Yes, absolutely. I mean, just just as a reminder, three strike policy with Google Lab alert.

Grace: [00:02:38] Good point. Good point, Liel. And so this honestly is right in line with all of those types of warnings and regulations and compliance issues that people are starting to come across. And, you know, when you and I started talking about this topic that even broached this topic, it came across because, you know, we own persist and we persist is essentially a phone system that does other things as well. But it’s omnichannel communication. And so in SMS texting and, you know, calling, in voice mails, we’ve all been experiencing and I know we all, especially after Covid, really, really got hit with a lot of spoof calls. Right. Robo dials, all these automated messages. And you call the number back and it wasn’t a real number.

Liel: [00:03:25] Yeah, I agree. Don’t mention it. What a nightmare.

Grace: [00:03:30] It is right, the whole situation has been horrible for a lot of people, and then not to mention marketers. I mean, as legal marketers, as marketers, period, this is a really big problem. You know, and before we go into it, I’d like I don’t know if you want to tell the story now or if you think we should tell the story a little later. But your story about what’s happened to you is is a big deal and the reason why we’re talking about this.

Liel: [00:03:55] Yeah, sure. So Grace, basically, you know, what we’ve started seeing with some accounts, as you know, in digital marketing, you want to do call tracking. So you have very granular analytics of what’s working and what isn’t in your campaign. We’ve mentioned and talked about it tirelessly here in this podcast. And so some accounts in our agency have up to 30, 40, 50 tracking numbers associated to their campaigns so we can track multiple users at one given time in different landing pages or websites in which they may be. And the problem is that we’re seeing now is that sometimes these tracking numbers are getting calls are actually receiving calls. Right. And so the law firm answers because all of the tracking calls that are involved in not all of the calls that go to these tracking numbers are then forwarded to the law firm. Right. Or there or to their Internet provider. And what happens is that they answered a call. And when they answer what, the person on the other line at the other end of the line is saying is that I’m calling you back. I received a call from this number. And so obviously the law firm tries to make sense of it and says, well, you have a case, have you called us before? This is our business. And so they try to see whether this is someone that they may genuinely try to reach out to or not.

Liel: [00:05:24] And so the person is like, no, no, no. I have never called this law firm. I have no business with you. And so I don’t understand why you called me. And there at that point, I was like, well, it looks like we did not call you. Right. And so what we are noticing there is upon researching that further, is that that was a direct call. What does a direct call mean when we look at the data? It shows us that the call itself did not come as a result of an interaction with one of the digital assets where that call tracking number is being used to track activity. So it’s basically someone who got a call directly from that number, apparently, and they’re dialing back directly from the phone number. Right. Without clicking on anything, click to call. And what we understood very quickly, Grace, is that all those telemarketers and bots were using one or multiple of our tracking numbers to mask their caller ID to make the phone calls seem local. And therefore, when we’re not answering and they were seeing they’ve had a missed call from a number they were calling back. But the call in reality never actually came from the phone number that is associated to what they are seeing in the caller I.D.. Does that make any sense, Grace?

Grace: [00:06:48] It does, but I’ll just very briefly say in like a sentence, guys, basically what he’s saying is they took his call tracking numbers. I mean, all of us all of us know what the call tracking numbers are call rail. You know, all those types of companies are out there. They took his call tracking numbers and they acted as if they were him calling back that same number. Or they took the number and they called as if they were an external person calling that number. Either way, it’s called spoofed robocalls where they take a number and they act as if it’s them. And this has caused a huge issue in the industry and basically has taken a lot of the trust in phone systems and caller I.D. and the communication systems that are out there away. And so. Right? I mean, everyone’s pissed, really. That’s what it boils down to. People are very upset. They’re angry. It is causing loss of business, significant loss of business for a lot of people. So that’s what this conversation is about. It’s about combating spoofed robocalls with what they call caller ID authentication, an initiative that has its own name. It’s kind of a cool name, actually, and it’s called Stir Shaken Initiative.

Liel: [00:08:07] Love it! Great marketing, great marketing mind, great marketing mind behind.

Grace: [00:08:12] I’ll tell you what it is. You know, the legal lease and the regulated regulatory information definition is basically it’s a bunch of standards and it’s interconnected standards that they’re placing on these carriers or people that provide the actual phone numbers and the people that actually provide the phone lines that these phone calls are going over. There’s a framework of standards that they’re saying this has to be in place for anybody that is using phone lines, whether it’s hard-line or IP based. And then they give you what’s called a framework. Basically, they’re just telling you you have to follow these rules to get to this point. So. What is it about? They’re requiring them to provide Internet protocol, which is IP,

Liel: [00:09:03] IP

Grace: [00:09:05] IP portions of their networks by June 30, 2021. It’s already passed. So. The whole idea is that Americans can benefit from this technology, to start to have faith in phone calls again. That’s really what it boils down to. And this all started in September of last year.

Liel: [00:09:23] Grace, I mean, it’s crazy the amount of calls that I get on my cell phone, that and this is the weird part, right? They’re not only coming from the area. The area code associated to my phone call, which is a little bit odd because now I live in Austin, but my cell phone is still Washington, D.C. area code WATU. Right. So I’m getting a ridiculous amount of calls from two to although really there is no one from like I do not expect that volume of call coming from Washington, D.C. And this is the part that really kills me, is that they are calling from phone numbers that are almost identical to mine. Right. Like one number different just to try to get more attention. And the other thing that kills me, Grace, is so this system where they launch two calls simultaneously so that you actually answer one and then while you’re entertained answering that phone call, probably just trying to, you know, get to see what are your all for the option of being removed to the list. Another call comes through strategically to be sent out the voicemail so that then they can leave you an actual voicemail telling you, “Hey, this is John. And guess what? You got approved for the loan that I told you about.” And don’t you see that in your text?

Grace: [00:10:49] Wow.

[00:10:49] And it’s just bad Grace, right? If you think about all of the regulations that are being put in place to eliminate spam activity on the Web and on emails, particularly on email marketing, but then the phone system seems to be out of control.

Grace: [00:11:08] It is. It is. It’s because there’s no what’s called… Authentication of where that number is actually coming from. So what they basically are doing is a way to authenticate it is by tracing it back to where the call originates. And they’re creating what’s called the certification authority. So kind of like Google, right, where Google sends you and mails you out this postcard to your physical address.

Liel: [00:11:35] Yeah. The mail server. Yeah.

Grace: [00:11:37] Yeah.

[00:11:37] Yeah. So they’re scoring you and they’re basically seeing how much spam reporting we are getting from from from your particular identity, the system.

Grace: [00:11:48] Mm hmm. And so, you know, for us, this is an interesting concept, right? Because our system is a phone system and we are not spoofing. But in the terms that they use, they use spoofing because we are representing as if we are them, but we have the authority to be the company that is allowing us to use their phone number as if it’s them, because it’s going back to them. So this introduces an interesting potential issue for those who are using call tracking or those who are using numbers that are purchased that aren’t on their current phone system. So I know there’s a lot of law firms that have been around a long time and have some legacy numbers that may still be somewhere specific and they need to pay attention to this, because if that’s the case, they just need to make sure that they are compliant and that their phone number isn’t tied to some other number in the back end. Right. IP based or somewhere else where the number is not being authenticated.

Liel: [00:12:56] Ok, so how do you authenticate your number? That’s… I mean, it’s starting to sound a little bit complex, right?

Grace: [00:13:04] It is. 

[00:13:04] Most likely at this point. Your telephone provider is probably going to be a cloud-based telephone system.

Grace: [00:13:11] Correct.

Liel: [00:13:11] I mean, maybe you’re still getting landline services through AT&T or one of the big national providers. But chances are also at this point, you are using a RingCentral Nash dial pad, you name it. Correct. So with whom do you authenticate?  Through them?

Grace: [00:13:31] Correct. So they’re the ones who are providing you with your phone lines and your phone numbers? Correct. Whoever is providing you with your phone lines and phone numbers and if it’s the same person. Great. If it’s not, you need to make sure that the ones that are providing you with your phone lines are approved by the FCC under this stir-shaken initiative. And you can straight up ask them because they are very aware of this. And if they’re a third party that’s using some other person’s phone lines and, you know, I don’t know if RingCentral is or isn’t or if they create their own phone lines and use their own trunks and the way the phone calls work. Either way, they will be able to tell you,”Yyes, we are part of the FCC, we are Stir shaken, authenticated. You don’t have anything to worry about your caller IDs being spoofed or any of that.” If that’s the case, that’s great. If it’s not, when you ask them about the Stir Shaken Initiative and if they don’t know anything about it, you need to get to somebody who does because this is an FCC-regulated issue at this point. And you can check. They do have, the FCC has its own website for this whole initiative. It’s the fcc.gov/call-autenthication, we’ll put it in the notes. This is not something that you can really read. You know, this is kind of like a lawyer, you know, giving it to a regular claimant, trying to read legal lease, right? It doesn’t quite work that way, but they try to break it down. What do you have to do? Filing instructions and deadlines. This is for the carriers. So this is for the person that’s providing your phone lines. So all you have to do is you ask them, are we compliant with the FCC under this stir-shaken initiative? That is what you need to say. And that is all you need to ask. And you just make sure that you write it all down and that you ask them and then they put it back to you in writing that you are compliant.

Liel: [00:15:38] So Grace, just, you know, throwing questions out there to you, because I’m just trying to run different scenarios here.

Grace: [00:15:43] Yes.

[00:15:46] If you’re are, you know, right now working with an organization and you’re reaching out to them because, you know, they may not necessarily be an organization based in the, you know, in the United States, they may be in Europe or somewhere else. Right. In Southeast Asia. You name it. And you reach out and you tell them and you ask them about it and they say, no, sorry, no. Or we have our own internal policies, and that should fix that. So if you’re reporting your number because reporting of the numbers. Right, that that flexibility exists when a phone number is being reported from one place to another. Does any of that legacy carry forward like are you or the moment that you’re detaching it from the actual system provider and associating it with a new one, that’s that’s when your credentials, your policy are actually kind of getting legitimized? Or is that something that can be impacted? Do you know what I mean?

Grace: [00:16:44] I do.

Liel: [00:16:45] You can solve these by actually taking your, For instance, I know those what you’re actually saying and talking about now. They want like if you tell them I want to mask my I.D. with our Google Voice number, for instance, I’ll tell you. No way. You can’t. You can only do it once you poured your telephone number to us. Right. So. Right. So that’s my question to you. Is porting kind of like solving the issue that you may have with your current telephone provider?

Grace: [00:17:14] It can. So it’s in understanding what it is that’s actually authenticating. So if you’re putting your number into a company that is already authenticated, that’s why they’re telling you I’m not spoofing any numbers, I’m not giving you a trunk, which is a way to actually make these calls with a fake phone number. It’s not actually a fake phone number. It’s your phone number. But they don’t have a way of authenticating that. Or maybe they just don’t want to go through the effort, because you do have to now sign what’s called a letter of authorization to give to them that they can use that phone number as if they were you and that they have the authority to claim it’s you. So it becomes very tricky for them. So it’s a lot. It makes more cost sense that their phone line, phone number, and everything is in the same company. So that’s why that porting issue may or may not fix it.

Liel: [00:18:12] Yeah. So my thing here is like a great initiative, right? Great initiative. But then how is this like how do we know this is going to actually solve the problem? Is it like or are we just hoping that everyone’s going to put themselves through the same effort? Because as long as there is someone out there that is not sticking to these forces. Right. The calls are still going to go through. And so here is another thing that I’ve noticed. I’ve noticed phone carriers that are starting to implement their own filters. By not allowing calls from what could be seen as suspicious numbers, get to the actual. You know, destination to act, to ring on the phone that you’re the person that you’re trying to connect with. I think what who’s getting affected there are at the end of it all is actually users, because they may be missing calls that they’re actually important to them just because of the robust telephone system that the organization that established is trying to reach out to them are using. Right. For instance, when you’re using multiple tracking numbers and such and those tracking numbers are forwarding your calls and then your carrier that you’re forwarding calls to are saying, “No, these tracking numbers are too suspicious to me. I’m not going to let the calls through.” And so you end up having to not let those filters be implemented so you can end up getting the calls that you need. But at the same time, you’re also opening up yourself to get a lot of other unsolicited calls. So how can we, you know, ensure that the good players stay in, but all of the rest of the crap and doesn’t be interrupting you three times an hour?

Grace: [00:20:11] So… 

Liel: [00:20:12] The one million dollar question, Grace, right? It’s the one million dollar question. It is throwing at you because obviously, you know, it’s kind of like is there a gray area in this solution? They’re kind of all or nothing.

Grace: [00:20:29] You know, there kind of is a gray area where they have exemptions and, you know, undue stress on smaller carriers as an example. Right. Because the cost and the benefit could be outweighed. Right. For someone that’s a smaller company that has to now implement this framework where they may have had hard phone systems. Up until this point. And so they’re requiring that the people that were on hard phone systems to go IP based so that they can authenticate with these authorities and make sure that they’re originating true calls from a real location and that it’s not being spoofed.

Liel: [00:21:08] But chances are that any even now hard phone systems have already transitioned probably to IP a ride. I mean, most of the providers now, even if you’re asking for a landline, will be something that will be attached to your broadband and TV package. And the actual TV line is something that’s going to come through your broadband connection. Most likely, it’s not going to actually be on an actual phone that, you know, like we used to have those phone calls. Right. Yeah. Which I think by this point in most places, they have been transformed into network connections. But I guess, you know, that that transition is already way well, way on its. Yes, on its consolidation.

Grace: [00:22:02] Yes. And so they’re doing that kind of you know, how everybody moved very slowly, but they moved to, like you said, IP based phone systems. Even with what they’re doing now, they still patch it in a real IP based phone system. They’re doing this kind of the same thing where they’re phasing this and they’re allowing exemptions for smaller carriers and specific carriers that, you know, it could be one of the ones that they are illegal industry is using right now. There’s seven of them specifically. Give me one second, actually.

Liel: [00:22:33] Yeah. And Grace, you know what? It’s the same thing happening with TV, right? With cable. Cable providers are no longer, you know, running cable to you through a dedicated cable for TV or through satellite. It’s still coming through broadband. And that’s why, you know, Ottati and these intelligent, TV solutions have the tracking potential and the. The segmentation potential than any other digital device, right?

Grace: [00:23:11]  Right.

[00:23:11] So your mobile phone, your search activity on a desktop, or your Alexa requests. All of those things are also now obviously being implemented to the way that you. Bring TV to your home and whether that’s local TV or on demand, disregarding. And so it’s just these two venues, right? The landline phone system and the TV system. Catching up with time.

Grace: [00:23:42] Yeah. I mean, how many times have I you know, I’m sure plenty of people have done this where it’s, you know, up to five devices for Netflix. And once you reach that fifth device, it just locks you out. Now, they took it a step further. It’s IP home, Wi-Fi, you know, worth some other expense. I can’t watch Xfinity local programming unless I’m on my home, Wi-Fi on my phone, even if I want to. So, yeah, they do take all, they’re trying to take all of this further and further each time where they’re both protecting the user, but also protecting the systems that are being used. And so with this initiative, I mean, I feel like they’re trying to go the right way. It’s not going to be as easy, obviously, as simple as, you know, one, two, three. And that’s why it’s going to have to be done in a phased way, just like everything else that gets done in regular regulations.

Liel: [00:24:37] Right. And we haven’t even, you know, addressed the complexity of IP masking, which is another thing. Right? It’s not like when you start it. It’s not like when you say, “Well, you know what, we’re going to start tracking your IP and associated with that”. It’s not like you cannot fake your IP, right? But at the end of the day, it’s the same technology that you can use potentially to, in a more sophisticated way to actually commit these types of fraudulent activity. And that definitely is something that… This initiative, it’s not going to solve singlehandedly. It’s an effort and it needs a step forward for reducing the amount of spam and fraudulent activity that’s been coming out of this. But, you know, there there is a bigger problem, an underlying problem to be solved. And that one doesn’t just affect telephone systems. That type of fraud hits you everywhere. Right. Hits you on the traffic that you get on your side, the clicks that you get in your campaigns. And it’s something that obviously there is a lot of efforts being poured into solving them. But, you know, Grace, as we as we’ve said it at some other points in our conversations, you know, regulations with the right amount of moderation. It’s good it’s a good thing. It’s a good step forward. So Grace?

Grace: [00:26:00] So that for me, you know, kind of brings me to the end of the Stir Shaken initiative, you know, I, I know it was a lot of pretty technical stuff, but I think it’s super important for people to, you know, be aware of this, particularly because we are in legal. And it is an FCC requirement. You know, I mean, with all the compliance stuff, with emails, canned spam act, TCPA, the FCC, we have to be not just aware of it, but we have to be ahead of it. And so I think it’s important for our legal marketers that listen on here, our lawyers that listen on here for them to understand when these initiatives come about. It may not be something that you think immediately affects you, but it does. On both sides, right. On the personal and on the professional side, because this is something that is affecting us all and got worse during Covid. I mean, there’s no other way to say everyone knows. I mean, how many of us got these calls on our phones during calls?

Liel: [00:26:57] You’re right on right on Grace. All right. So let’s bring our takeaways away, number one.

Grace: [00:27:04] Ok, so know your technologies. I’m sorry. But that to me is number one, the anybody that is stuck in you know, 20 years ago, five years ago, even, I mean, it doesn’t matter. You need to know what current technologies you’re using. And that includes your phone system. So. 

Liel: [00:27:22] Yeah, Critical.

Grace: [00:27:23] Know what you have so that you know, who’s your carrier, you know, that all to me goes into know your phone system, know the technologies that are being used. And what does it actually show up as when someone is being called by your number.

Liel: [00:27:38] Super, super important Grace, and particularly if you are trying to put their like your business name instead of instead of your your your numbers guide your telephone number and stuff. I just know whether it’s actually happening or not, because you may have set it up, but it doesn’t mean that is actually getting shown the way that you would expect. So it’s just important to be aware of that. There is way more complexity now into actually getting your caller’s IDs to show what your you’re intending to show on your caller ID. So Grace, takeaway number two, for it to say be proactive about getting your phones verified?

Grace: [00:28:18] Yes. So there is a way to double check that. You can log on to FCC.gov. They do have a listing of those who are certified and by the authorities that were provided by them. So you can go ahead and look at that if you use a standard like not standard, but, you know, a well-known large authorized user or dealer of phone systems like Verizon or AT&T or Comcast. Generally speaking, if you type in Stir Shaken and the name of the type of company you’re using, it will come up. I actually just did that as we were talking with Verizon and Verizon came up as
“Here we’re taking steps to help restore trust in the nation’s phone network.” So there is a way for you to check this. If you don’t have a resource to call or someone to ask or you don’t think they’ll know. You can actually just check it yourself. If not, then reach out. Find out. Check this, because it’s super important to know what is coming up and if they have if they’re a complaint. In other words.

Liel: [00:29:27] Yeah, and Grace, I’m going to give one last takeaway here, because I presented at the beginning of the conversation with a problem that we identified. Right. So our clients at times were receiving calls that were from people that they were saying, we’re calling back. And they were never called initially by the law firm, there were no clients. So what did you do in those types of situations? Well, there’s a couple of things you can do. First of all, if you’re using cold tracking software, you definitely need to have an option to mark calls that are spam as spam. Right. Not only then you’re letting know the provider that this call came in, it’s actually spam, but you’re also helping your team identify what is a legitimate call and what isn’t. The second thing you should 100 percent be doing is deactivating numbers that are showing a consistent pattern of receiving these types of calls. And you know what? And if it’s across a broad across all of your numbers, you need to then consider the option of just refreshing your entire list of numbers and set yourself up with new numbers. And it doesn’t mean that when you’ve gone that you’re going to completely eliminate the problem. Numbers can be subject to become targets at any point. And so you just really need to keep a close eye on what is happening and understand what’s happening with the calls and try to identify patterns as soon as they come. Don’t just dismiss these calls as random events. They’re very likely are not random events. There are underlying costs, and this could be one of it, Grace. So that brings us to the end of another great conversation, Grace. Well, you know, what gives me hope is that I know we’re going to do everything we need to beyond our power to make ourselves available next week to come back and have another one of these.

Grace: [00:31:21] That’s right. Next week is another week. And this is the end of another fantastic podcast.

Liel: [00:31:27] All right, Grace. Have a great rest

Grace: [00:31:29] You too, Liel.

Liel: [00:31:34] And if you like our show, make sure you subscribe, tell your co-workers. Leave us a review and send us your questions at: ask@incamerapodcast.com. We’ll see you next week.

Leave a Reply

Your email address will not be published. Required fields are marked *

Leave a Reply

Your email address will not be published.