The communications conundrum: The dangers of using phone numbers as ID

By Curtis Peterson, Senior Vice President of Operations, RingCentral

With headlines full of news stories about how companies have taken and manipulated personal data, today, we are increasingly aware of, and keen to, protect our personal data.

But 20 years ago, we didn’t think twice about our telephone number being made publicly available and listed in the phone book. That’s because back then, telephone numbers were tied to a very small geographic region, like a neighbourhood, or a local business park. When a person or business moved, the phone number and ID could not move with the person or business.

Fast forward 20 years, and with the rise of smartphones and number porting, telephone numbers are no longer associated with places—they are associated with specific individuals. Wherever that person moves, their phone number goes with them.

And increasingly, we are seeing numbers used as a form of identity—for example, for two-factor authentication. Whether it’s when setting up a bank account, changing a password or even something as simple as buying tickets to the cinema, verification codes are sent to a person’s telephone number to confirm they are who they say they are.

But telephone numbers were never meant to be used as ID—in fact, with numbers being tied to people, not places, we’ve seen illegal robocalling and phone-based scams skyrocket. Which means today, decoupling personal identity from telephone numbers is an important strategy that requires more attention than ever before.

The dangers of dialling

Years ago, it was popular in the business world for companies to acquire continuous blocks of numbers, where an employee’s phone number would be different from a colleague’s by just a single digit. But through this, we’ve seen that it’s possible to dial through a block of office numbers and acquire just enough information to exploit a whole business.

But while block number scams may have been a popular scam of the past, the dangers of having phone numbers attached to IDs ring true today. The rise of smartphones means users are constantly at risk of spam calls and SIM swapping attacks—a method which relies on tricking cell carriers into giving a person’s phone number to an attacker.

This can allow the attacker to force reset the password on any internet account associated with that number. Just recently, Facebook leaked 419 million phone numbers—and this incident exposed users’ phone numbers from just their Facebook accounts.

The escalating problem of illegal robocalls is not slowing down either. Malicious robocalls have surged to 85 billion calls globally in 2018 and the UK was one of the worst hit. This method is used to scam a person out of their bank details or money. It particularly affects one the most vulnerable in society—the elderly. Robocalling has also been made easier due to the developments in the sophistication and availability of dialling technology. And the thinking behind phone attacks has become more creative too—as seen with the rise of the Wangiri scam.

Wangiri is Japanese for ‘one ring and drop’ and is done via international phone numbers. This method is used to entice users to call back, curious to know about the foreign number that is dialling them. But it often leaves the victim out of pocket due to the expensive fees of returning calls from abroad.

Corrupted communications

While banks make it easy to change your credit card number if it gets compromised, it’s a lot harder for people to change their phone numbers. Especially as we haven’t had to think about our phone number in the same way as a credit card number before.

The future of communications should rely less on an 11-digit phone number, and be ubiquitous, consent-based contact—we agree for some of our details to be shared publicly, but people can’t just text or call without your consent. In fact, younger generations are already starting to decouple their phone number from their identity, preferring to communicate via ‘numberless’ messaging services such as WhatsApp and Facebook Messenger.

It’s also something that should be considered in the workplace. With the lines between work and play blurring, and employees using their work devices for personal use, and vice versa, having a number associated with your ID means employees can never switch off—especially if fellow colleagues contact you on a personal number while you’re on holiday, or out of office hours.

It’s also important to take unified communications into consideration. We now deal with more communications channels than ever before, from messaging to email, video and more. The security and privacy of personal information goes beyond the responsibility of governments to their citizens and businesses to their customers—now, every organisation must be accountable with their own employees’ data too.

And any responsible business should take ownership of their communication tools. When an employee leaves a company, the right practice is to shut down their account and archive any data where needed – and when a replacement is hired, a whole new communication stack should be provided. Identity management must be considered with the various forms of communications we use today.

Security rings true

As communications have gone through an evolution, now is the time to draw attention to the dangers of having numbers attached to personal identities. Numbers are no longer associated to places—they’re associated to a person, and by asking the right questions, or pushing the right buttons, a person’s data can be compromised.

For businesses, this can have long-lasting and damaging effects. Scams that call employees means information can be gained quickly, and without the right tools in place, can compromise a business. This becomes even more important when we consider the number of personal devices that are now in the workplace.

When it comes to security, businesses need to ensure that all bases are covered—and communications needs to be included in this.

About the author

Curtis Peterson has more than 20 years of experience managing information technology and carrier-scale data and packet voice communication networks. At companies ranging in size from startupts to Fortune 500 firms, Curtis has managed teams responsible for engineering, project management, operations, data security, network security, data centre, carrier operations, and internet backbone design and operation.

Curtis has been a pioneer in VoIP services in the business communications space and has been developing, launching and operating Class 4 VoIP and customer-facing hosted PBX systems since 2002. 

About RingCentral

RingCentral, Inc. (NYSE: RNG) is a leading provider of global enterprise cloud communications, collaboration, and contact center solutions. More flexible and cost-effective than legacy on-premises systems, RingCentral empowers modern mobile and distributed workforces to communicate, collaborate, and connect from any location, on any device, and via any mode.

RingCentral provides unified voice, video meetings, team messaging, digital customer engagement, and integrated contact center solutions for enterprises globally. RingCentral’s open platform integrates with leading business apps and enables customers to easily customize business workflows.