At our recent Trusted Calling Summit in Austin, Texas, TransUnion VP of Research and Fellow Jon Peterson — who also happens to be a NYT best-selling author and Stanford visiting scholar — took a walk down memory lane to when he first worked on call authentication with the IETF back in 2001. Those early efforts led to the FCC STIR/SHAKEN mandate in 2019.
Since branded calls can’t really be trusted without authentication, it’s a critical issue. And, with many robocalls originating internationally, global call authentication will be an increasingly important discussion across international regions.
With secure branded calling gaining in popularity, Jon has turned his attention to “reverse branded calling” — or connected identity. “If I'm placing or returning a call, how do I know I'm actually connecting to the person I want to connect to?” asked Jon. “That’s where connected identity comes in, by which callers can see the name or logo for the entity they’re calling, akin to ‘reverse branded calling.’ Connected identity, I think, is a game-changer for STIR and SHAKEN.”
We interviewed Jon to take a deeper dive into practical applications for connected identity, including how it supports enterprise use cases like branded calling for businesses and strengthens STIR/SHAKEN protocols to prevent fraud and impersonation, as well as route hijacking. He also touched on TransUnion’s role in advancing global identity standards and how its technology enables secure, end-to-end call authentication.
Below are the excerpts from the interview.
How does connected identity support enterprise use cases like branded calling for customer outreach?
Connected identity is poised to become essential for enterprises seeking end-to-end connections with their customers. This is what we’re trying to achieve with branded calling, both in the forward and reverse direction, by extending protections beyond basic call authentication.
For example, TransUnion Spoofed Call Protection makes sure when an enterprise places a call to a consumer, we have a real-time record of that we can reference. So, when we’re looking at it from the terminating carrier’s perspective, we can verify whether the enterprise has actually initiated that call. If not, the system will block it. That’s key to being able to prevent scams and robocalls.
Connected identity provides enterprises with a powerful toolset that didn’t exist before — building on the foundational security offered by call authentication protocols like STIR/SHAKEN.
How does connected identity enhance the effectiveness of STIR/SHAKEN protocols?
Connected identity is a game-changer for STIR/SHAKEN. It gives us a new set of tools to combat complex and high-profile types of fraud that are still common globally.
For instance, certain types of fraud occur in mobile networks, especially when calling into countries where call rates are high. Some intermediary networks manipulate call signaling to make it appear a call has ended on one side while it continues on the other, allowing them to pocket the billing difference. It may only be a few seconds per call, but across millions of calls, the impact is significant.
Connected identity helps address this by securing not just the initial call setup message, as traditional STIR does, but also the intermediary and termination messages. That ensures, for instance, when someone signals a call has ended, it’s actually the intended party, not a malicious intermediary.
This extends the reach of STIR, which is a foundational technology, enabling us to solve a whole new class of network security challenges. But it’s what you build on top of that assurance that allows you to then tackle a wide range of these fraud and scam cases that, obviously, have caused a lot of grief for consumers.
How does connected identity help prevent impersonation, route hijacking or fraud in telecom networks?
Connected identity is excellent for addressing the complex challenges that have emerged as telephone networks migrated to the internet.
If you think back to the 1980s, we had large, reliable databases, such as like the Local Exchange Routing Guide (LERG), which clearly defined where to route calls for specific NPA-NXX codes and destination numbers. Today, however, much of that routing happens through various internet-based databases — and it’s often unclear who operates or maintains them. In some cases, routing decisions depend on a simple flat file that bears little resemblance to the rigor and reliability of the old LERG system.
This shift has created opportunities for route hijacking — where one thinks they’re calling their bank, but the call is actually being redirected by an untrusted or malicious intermediary. That intermediary can potentially eavesdrop, harvest credentials or even enable account takeovers.
Connected identity is designed to help eliminate such vulnerabilities. It helps ensure you know exactly who you’re communicating with and the responses you receive come from legitimate endpoints. Even if someone tries to misdirect the route, the attacker won’t have the valid credentials or cryptographic proof associated with the enterprise you intended to reach.
From the consumer perspective, this also adds a visual layer of trust. For example, users will recognize authentic business logos or caller identity indicators. When those aren’t visible, it’s a clear signal not to share sensitive information over the call.
How Reverse Branded Calling – or Connected Identity – Helps Close the Call Authentication Gap
I’m a strong believer in the multi-stakeholder model, which is a collaborative approach to internet governance involving several standards bodies working together. For instance, the IETF designs core internet protocols, the W3C focuses on web standards like HTML and the IEEE defines standards like Wi-Fi.
All these organizations follow an open, consensus-based process where standards are freely available. Anyone can implement them, which encourages competition and innovation in the marketplace.
TransUnion has been a strong supporter of this model, even historically with Neustar which was acquired by TransUnion. I’ve worked on these standards efforts for nearly two decades. We at TransUnion bring a unique perspective — with expertise in identity, consumer verification, telephone numbers and communication modalities. I’m delighted our contributions are recognized and valued by some of the largest technology companies globally. It’s been a privilege to contribute to these efforts throughout my career.
When we talk about end-to-end call authentication with Spoofed Call Protection, that involves STIR/SHAKEN — but does it also require additional capabilities from TransUnion?
Not every call is end-to-end IP; legacy technology in the US and elsewhere causes calls to drop to the traditional Public Switched Telephone Network (PSTN). When this happens, STIR/SHAKEN signatures and metadata are lost, making trust verification difficult.
To address this, at the IETF, we developed the concept of a Call Placement Service (CPS), which allows “passports” or trusted signed objects to be stored in the cloud and retrieved at the terminating side. At TransUnion, we’ve implemented our own version called the Call Session Record (CSR), which essentially stores enterprise call information to ensure it remains available to the terminating network, even if the PSTN discards the original STIR/SHAKEN data.
This solution also addresses carrier concerns about disintermediation. We work directly with terminating carriers, sharing enterprise call information with them to ensure secure and trusted call presentation to end users. Our approach is unique because we’ve turned what’s typically viewed as a problem or implementation challenge with STIR/SHAKEN into an opportunity, making enterprise calls more secure than ever.
Learn more about TransUnion Branded Call Display and Caller ID Authentication.
