TITLE: Baseline Display Guidelines SOURCE*: Hala Mowafy (Ericsson) IPNNI October 23-25, 2018 Tampa, Florida TITLE: Baseline Display Guidelines SOURCE*: Hala Mowafy (Ericsson) _______________________________ Abstract   In addition to the guidelines published in ATIS-1000081, there is a need to consider baseline criteria that would be interpreted for the protection and empowerment of the end user. This contribution presents some of those key criteria and solicits input for additional criteria. NOTICE This contribution has been prepared to assist the ATIS & SIP Forum IPNNI Task Force. This document is offered to the Committee as a basis for discussion and is not a binding agreement on Ericsson or any other company. The requirements are subject to change in form and numerical value after more study. Ericsson specifically reserves the right to add to, or withdraw, the statements contained CONTACT: Hala Mowafy email: hala.mowafy@ericsson.com

Interpretation of Available Data With or without SHAKEN In addition to the guidelines in ATIS-1000081, there is a need for a more basic treatment of available industry data. This presentation launches a discussion on the following: What are some basic “indicators” that should be relayed to the consumer to maximize information and empowerment? What should the display verbalize to the end user?

The Display Content will vary based on each Service Provider (SP), and the analytics provider’s algorithms Each SP along with its contracted analytics provider will determine the number and types of criteria used in assessing incoming calls and assign different weights to each. Different levels of sophistication and differentiation among analytics providers benefits consumers. However there should be a baseline set of criteria that are required to empower the consumer

Per recommendations of ATIS-1000081 In General… Available Data Call Assessment Human Factors SHAKEN results DNO lists Bad actor reports (e.g. FTC and FCC lists, black and white lists, etc.) Call Patterns and duration TN format validity Honey pot data Higher Analytics Per recommendations of ATIS-1000081 Baseline criteria Different levels of analytics will yield more results for the consumer. Some algorithms are more complex and employ more inputs, each treated at a different weight. But what are the baseline criteria? TN: telephone number

Proposed Baseline Criteria TN is on a DNO list TN is on the FTC/FCC and known scam lists TN format is not valid TN is disconnected/inactive (per carrier records and/or honeypot reports) REMEMBER the goals from the Strikeforce: - Protect and Empower the consumer

What to Display – in the absence of SHAKEN? Input Recommended Display TN is on a DNO list “Scam” TN is on the FTC/FCC and known scam lists “Possible Scam” TN format is not valid “Fake Number” TN is disconnected/inactive (per carrier records and/or honeypot reports, etc.)

What to Display – with SHAKEN attest A? Input Comment Display TN is on a DNO list Not likely; authentication would detect unauthorized use of TN “Unknown” TN is on the FTC/FCC and known scam lists It is possible for an authorized customer to carry out scams from a valid TN/station (i.e., pass attestation). However, given the high rate of false +ves on these lists, this input is better digested within analytics than standalone. “Possible Scam” TN format is not valid Not likely to be invalid and pass with attestation A, therefore a stronger warning would be helpful. “Scam” TN is disconnected/inactive (per carrier records and/or honeypot reports, etc.) Should not pass authentication N/A

What to Display – with SHAKEN attest B? Input Comment Display TN is on a DNO list Authentication may not detect unauthorized use of TN “Possible Scam” TN is on the FTC/FCC and known scam lists It is possible for an authorized customer to carry out scams from a valid TN/station. However, given the high rate of false +ves on these lists, this input is better digested within analytics than standalone. TN format is not valid With no direct relation to the caller, a stronger warning would be helpful. “Scam” TN is disconnected/inactive (per carrier records and/or honeypot reports, etc.)

What to Display – with SHAKEN attest C? Input Comment Display TN is on a DNO list Authentication may have failed to detect it since there is no direct relation to caller “Possible Scam” TN is on the FTC/FCC and known scam lists This input is better digested within analytics than standalone. And with that, a stronger warning TN format is not valid Lower attestation and invalid TN format warrants a stronger warning to consumer. “Scam” TN is disconnected/inactive (per carrier records and/or honeypot reports, etc.) Lower attestation and inactive status of the TN warrants a stronger warning to consumer.

Baseline Criteria What more baseline criteria should be considered?