The importance of accurate, real-time information cannot be overstated. Businesses across sectors rely on many data points to make informed decisions, enhance customer experience, and streamline operations. Telephone number validation is one often overlooked yet critical aspect of this data ecosystem. To shed light on this niche but vital industry, we sat down with Tim Ward, vice president of number information services at Xconnect, a leading telephone number data service provider for businesses.
With the advent of ever-evolving digital fraud schemes and data privacy regulations, services like those of Xconnect have become increasingly crucial. Their dedicated approach to data verification helps optimize customer outreach and serves as a line of defense against potential security threats. Here, we discuss the mechanics of telephone number validation, the challenges in ensuring data accuracy, and the future in the industry.
Neil: Can you tell me more about how you authenticate data for businesses?
Tim: I want to set the context of businesses communicating with all of their users, their subscribers, or whatever, in a vastly widening range of ways. We're all familiar with webpages and chat and email and WhatsApp being used, and people make calls, and people use SMS. I think it's interesting that the last two remain pretty much dominant, really because everybody has a phone. And the key remains the phone number. It's globally and universally recognized. So the role that we play is we provide a range of services that focus on those phone numbers, and is that number that you've been given to communicate with your customer or subscriber or whatever is a legitimate number. Is it authentic? Is it actually reachable? You've got to make sure that it's not a ghost number or a risky number, and the way these things are used, these services are used, is that businesses will query us in real time. Here is a number, and we tell them if it's recognized, if it's been allocated, if it's reachable, and we do that globally at scale. We'll check about 50 billion numbers this year, and we have data centers spread out around the globe; Dublin, Frankfurt, Mumbai, Singapore, and Sao Paulo. So our job is really to provide authoritative data. We have the job of sort of finding the master reference data. Often there's no such thing, so our job is to cross-reference and to identify authentic and legitimate and use multiple sources to generate a clear picture of the usage of a particular phone number.
Neil: Okay, and so in regards to transparency, how do you ensure this? How do you go about compiling and verifying information with regard to update frequency or data sources?
Tim: It's an interesting challenge because there's no one place to go, or I should say we become that one place to go, but in terms of sourcing that data, there's a hierarchy of sources. In general, you usually get the national regulator, who knows a block of numbers and whether they're allocated to a particular operator. Then there's usually a national administration of some sort that's responsible for number portability, so they're handling moves between networks at an individual number level. And then at the third level of that hierarchy, you've got the network operators themselves, and they're obviously going to know the status of an individual number, those numbers that they're responsible for. So our job is to bring that all together, cross-reference it, monitor and track the changes, and make sure that what we're told makes sense. By the way, it doesn't always. We have to do a great deal of sanity-checking to ensure that these systems are really giving us consistent and correct information. We typically see about 20,000 changes each month to number blocks, and we see millions of changes a day to individual numbers. Each country is a little bit different, but we know about most of the changes within the networks within about 24 hours.
Tim: So if an application needs to know the status right now, this minute or second, we have additional services that query APIs from the operators and that can give us real-time updates. So it's really everywhere from real time, through to 24-hour data through to sort of number block information, which is typically about every week that you're going to see those things updated.
Neil: How do your services help in the fight against fraud?
Tim: As we all know, the fraudsters are extremely creative, and they use every trick in the book and quite a few that aren't in the book as well. There are a couple of types of categories that dominate, I guess. Identity fraud is one aspect. Another is the creation of additional traffic that isn't actually legitimate. But these two classes, although they sound quite different, do tend to go hand in hand. The difference is that impersonation tends to hit the individual, and traffic inflation tends to hit the business user. One of the most damaging examples of this has been around automated systems that create huge numbers of accounts. They're generating SMS notifications, and in some cases, these can be sent to dummy numbers, or worse still, they get sent to premium rate numbers, which gives the fraudster kind of a double payback. It's putting money from the premium rate revenue share, and it's also creating a false identity, which is why I kind of suggest these two frauds are very closely linked. There are some very basic things there that you can do, and by validating the numbers that are being requested for callback, or account creation, or whatever, against our data, the businesses can identify some of those ghost numbers and very directly identify the premium rate numbers. So they can block account creation and block the sending of messages to some of these artificial identities. So, that's one of the typical examples of how authoritative numbering information is being used to deal with a couple of particular types of fraud.
Neil: Okay, and what are the challenges involved in keeping up with the regulations and rules of different territories and markets?
Tim: It's a very interesting position that we have. Whilst we act as a kind of channel, it's always difficult to come up with the right words here, but a channel to access that information, also kind of a repository, a place where people can register information about numbers. We're almost acting like a librarian for that data, but you always have to recognize that the data isn't actually ours. So we have to be very aware of the security, privacy, and individual usage agreements of those who really do own or who source the data. In a strange way, we had a bit of an advantage in this market as at the time when we were setting Xconnect and our number information services up, it was around about the time that GDPR was really moving from a discussion item to being more of a regulatory requirement.
Tim: So right from the start of these services, we've been able to take privacy by design as the approach, right from that development of the services and the sourcing of the data. National variations, cross-border jurisdiction, and data storage locations are more of a kind of business-as-usual challenge rather than something that we've had to kind of add on or worry about in the later stages of our services.
Neil: How do you ensure compatibility and easy integration between your system and other business applications or systems?
Tim: It's a funny one, having worked in telecoms my entire working life. Most telecom solutions tend to be very, very complicated. Lots of options, lots of software types, and so on. But to be honest, these are probably the most simple services I've ever had to work with. Give me a number, and I'll get back with a set of attributes. So this is really all based around very simple APIs using secure internet access so we can work over public networks, but using VPN technology to secure the data. The other side of it is also working very closely with the platform, and the technology providers, who integrate this data or onboard this type of data. So we work very closely with a wide range of platform vendors to allow them to build our data into their solutions.
Neil: What future plans do you have to drive number information innovation?
Tim: There's a very wide range of information that can be provided here. So we kind of look at this as being data sets and number attributes. The question which we're looking at all the time is, what else can I actually tell you about a number that will help the business make particular decisions? So if I give you an example of something we’ve done recently, we've just added an entire data set, which allows you to find out if a number is one way, that it's kind of inbound only, meaning that it's a number you should never expect to see a call coming from, but it is a number that you might go to.
So these could be toll-free numbers. These would be inbound numbers into enterprise into business, where they set their calls in, but you never expect to see a call coming out, and people have been using these again for hiding behind those numbers effectively. Using those numbers fraudulently. It looks like a number coming from a big business, but that number, in reality, should never technically originate a call. So we're providing a data set that allows those numbers that are one way only to be easier identified that's referred to do not originate list. And that's allowing end users to comply with the regulatory rules which are being introduced in a growing number of countries about really checking the attributes of a particular number.
So when we look at the attributes and the data sets that we've got plans for, all really fall under this general category we've been talking about. Validation is the key thing I've really talked about so far. Rooting, I've not mentioned so much, but in the ability to provide information to know where to send traffic, where to send a message, where to send a call, and then thirdly risk. What is the risk of communicating with that number? So, those are really the three things where we're trying to get deep data sets that allow cost optimization and fraud prevention. Really the two benefits are where we see these data sets going.
Neil: Are there any other new services that you plan or wish to introduce?
Tim: It's kind of interesting to look at. We see ourselves as a service provider. So I never know whether to talk about these things as being products, services, or what. There's a kind of narrow line between all of these. When you're talking about, effectively, a cloud-based service. What we've really talked about so far and where we've built our business is the role of providing access to information about numbers. Hopefully, that's fairly clear from what we've talked about, but this is kind of continuing to develop as we add more data sets and more data sources. But we're also seeing sort of almost a different role in terms of a different service to some of our customers, which I’d describe more as hosting. Where it might be their data that they wish to make accessible, or they wish to integrate with other data sets that we might have. So that's kind of one area that we've seen in not just collecting data or aggregating data and making it accessible to people, but also hosting private data, which may then make up part of the service. And that extends on to another area, in really offering some of our customers the ability to build their own service, really customize services using our global platform, which you might describe as a managed service. They might have their own data sources, so it might be sources, and they might want to use some sources which would be different from the sources we would use for exactly that same area. So we kind of end up with what we're doing today, which is very much access to data sets and those attributes of those data sets, but then that shifts to hosting and integrating customer data sets into our own. And then the third area is in providing managed services where we're building almost customized services for individual customers. So those are the areas where we're really developing our portfolio of capabilities and working directly with our customers.
Neil: Final question. Do you foresee any tech developments within your partnerships in the near future?
Tim: A partner program is really put in place to support our customer's platform providers. So those platforms will have been chosen by the customers, and our job is very much to help them integrate our data into those solutions. So there's a lot of that partner activity going on in the background. It's kind of interesting. The announcements tend to be rather hidden by what each individual customer is doing with their own platform provider. But you may see announcements coming out over this next year concerning new data sets, and particularly, I talked about DNO earlier on and also the availability of our services being integrated directly into messaging platforms, where they're really being offered as a platform. So this whole area of communications platforms as a service, CPAs, is a strongly growing trend in putting power into the hands of the end user to develop their own services. They need the data as well as the platform. So it's been an interesting development of those relationships to more closely build the data sets and work with the platform providers to ensure that those can be consumed in the easiest possible way.