1. Field of the Invention
The present invention relates generally to calls placed in telecommunication and information service networks and, in particular, to establishing the credibility of incoming calls by identifying and reporting on the credibility of Automatic Number Identification (ANI) information and caller ID information.
2. Background Art
Automatic Number Identification (ANI) in North America is information identifying the 10-digit billing telephone number of a caller provided to the recipient of the call. ANI was made available in 1967 to business telephone customers who purchased toll free circuits (800 or “Inward-WATS”) to inform a business telephone customer who was calling, because the called business was paying the toll costs of the incoming call. ANI and Calling Number Identification (Caller ID) were made available as products to residential and small business telephone customers to provide them with the 10-digit telephone number of the calling party. Additionally, by the late 1980s calling name services were also made available in which a caller's name would be also delivered to a called party. Businesses such as banks, call centers, and government entities, such as 911 service centers have relied on ANI information as a factor in identity determination and as an element in location discovery. ANI information is also used for call routing assistance, workflow efficiency, and fraud mitigation.
The ability to control or manipulate ANI and caller ID information has been available for over a decade. Historically, only sophisticated and mostly regulated telecommunications carriers and very large business users, who subscribed to expensive multi-line Primary Rate Interface (PRI) telephone circuits had the ability to manipulate ANI. ANI control has legitimate uses. As an example, a large business uses ANI control to display its main telephone number on all outgoing calls from its multiple lines, rather than each of the individual lines.
The ability to falsify ANI and caller ID information stems from interaction of new technologies with legacy telecommunications architecture. Before the advent of information services network (e.g., Internet) telephony and deregulation, the telecommunications network was a closed system with one or both of a limited number of trusted FCC- and Public Utility Commission-licensed telecommunications companies adhering to a finite set of standards. Telecommunications decentralization and deregulation, as well as Internet telephony (e.g., Voice over Internet Protocol (VoIP) technology), have exposed this legacy architecture to an abundance of new telephony products and services that inject calls and calling data from outside the control of the legacy telecommunications network. The telephony network then delivers to its destinations these calls and associated information, in most cases, without checking their validity. Consequently, this system supplies an opening for criminals to easily place calls with fabricated or “spoofed” ANIs for nefarious purposes. ANI fabrication or spoofing is a low cost, powerful penetration tool used to impersonate identity and location. Multiple companies and, more importantly, technologies exist for the sole purpose of enabling anyone, anywhere, to spoof ANI and Caller ID for pennies each call.
Throughout the past 25 years, telecommunication users have relied on ANI and have built vital business processes around the incoming calling party telephone number. In addition, most businesses have developed sophisticated inbound telephone answering systems (known as, for example, integrated voice response (“IVR”) systems) that answer calls and are programmed with rules-based decision parameters grounded on the ANI information. Relying on non-validated ANI information undermines these critical marketing, technical, and security processes used for authentication, identity, location, customer service and activation in today's financial services, general business, and government enterprises. As one specific industry example, major financial institutions now have compromised critical operations that were built upon the trustworthiness of ANI. Applications such as bank-card activation, credit issuance, money transfers, new account applications, and customer service have all relied on the layer of security ANI has provided. Decisions made using the current non-validated ANI place an enterprise at risk of diminished revenue by limiting new product offerings and increased losses from fraud. Attempted fraud is estimated to exceed $50 billion each year in the U.S. alone. Identity fraud is a key driver in these losses. Today, bank card activation fraud occurs by telephone as frequently as other remote banking channels (i.e., not face-to-face), such as ATM, email, and world wide web.
There are several ways in which a motivated individual can take advantage of the current state of the art to manipulate ANI. VoiceXML applications let users change ANI and Caller ID information. An open source PBX software application, such as Asterisk, allows users to manipulate ANI information. Competitive service providers and telecommunication carriers can set their own ANI information. Moreover, certain companies exist today for the sole purpose of allowing ANI and Caller ID to be spoofed and falsified. Businesses such as PhoneGangster, Telespoof, CovertCall, and dozens of others offer widely available ANI and Caller ID spoofing for pennies each call.
The consequences of prevalent, facile manipulation of ANI and caller ID information provide motivation to restore integrity to the use of ANI and caller ID. One major consequence of falsified ANI and caller ID information is financial fraud, which is on the rise and is driven primarily by identity fraud. Traditional financial services customer verification tools such as information-based authentication are being compromised. Most financial service companies use ANI as the apex identifier in their telephonic decision-making. If false trust is placed in spoofed ANI, downstream decisions are compromised. Decisions made using current non-validated ANI is placing companies at risk, limiting new product offerings, and increasing losses from fraud. The disclosed approach restores the value of ANI and thereby helps to reestablish the security of telephone transactions.
There are as many financial transactions conducted over the telephone as are conducted on the world wide web, even in today's Internet pervasive environment. Of the more than nine billion telephone calls placed annually to U.S. financial institutions alone, nearly all rely on ANI for security, location information, call routing, and identity authentication. Knowing the caller's location or that the caller is in possession of an actual telephonic device is the foundation and an important factor for trusted telephone commerce.
The industry and legislators have grappled for many years to combat ANI and caller ID spoofing. In 2003, VoiceXML applications let users change ANI, and, at the same time, VoIP telephony entered the marketplace. An open source PBX software application, called Asterisk, allows users to manipulate calling party number information. Asterisk is a software implementation of a telephone private branch exchange (PBX) originally created in 1999 by Mark Spencer of Digium. As an example, if the ANI field is left blank by the Asterisk or carrier switch, any user can easily manipulate the Caller ID information using Asterisk, thereby populating the ANI field with the same misinformation as the spoofed Caller ID. Asterisk allows users to send spoofed ANI in the same way that businesses had been setting their ANI with PRI lines.
In 2004, a new ANI spoofing service, named Star38, (using VoIP and Asterisk) was launched and gained attention from worldwide mainstream media after USA Today published in its daily paper a front-page article about the service. The same year, others followed such as Camophone, Telespoof, and CovertCall. Over the next year, a dozen additional services started delivering ANI spoofing services.
By 2006, the FCC began investigations into these services, and the House of Representatives and the Senate considered several bills attempting to outlaw use of ANI spoofing for fraudulent purposes. ANI spoofing gained the attention of the mainstream media as SpoofCard announced the cancellation of an account belonging to Paris Hilton that was used to break into the voicemail of Lindsay Lohan to harass her.
On Jun. 27, 2007, the United States Senate Committee on Commerce, Science and Transportation approved and submitted to the Senate calendar Senate Bill S.704, which would have made spoofing ANI a crime. Titled the “Truth in Caller ID Act of 2007,” the bill would have outlawed causing “any caller identification service to transmit misleading or inaccurate caller identification information” via “any telecommunications service or IP-enabled voice service.” Law enforcement would have been exempted from the rule. A similar bill, HR251, was recently introduced and passed in the House of Representatives. It had been referred to the same Senate committee that approved S.704. The bill never became law because the full Senate never voted on it; it was added to the Senate Legislative Calendar under General Orders, but no vote was taken, and the bill expired at the end of the 110th Congress. On Jan. 7, 2009, Senator Bill Nelson (FL) and three co sponsors reintroduced the bill as S.30, the Truth in Caller ID Act of 2009, which was the bill referred to the same committee in the Senate. On Dec. 22, 2010, President Obama signed into law the Truth in Caller ID Act of 2009, which makes it unlawful for a person to transmit misleading or inaccurate caller ID information with an intent to defraud, it amends the Communications Act of 1934. Several of the States have passed bills making misleading Caller ID spoofing illegal.
What is needed are systems and methods to identify ANI and caller ID manipulation for determining trustworthiness of incoming calling party and billing number information.