By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. More info
DenyAccept

The Future of Caller Authentication: GSMA and Telefónica Reveal the Trusted Caller Identity Pilot [Video and Takeaways]

Published
January 19, 2026
Table of content
This is also a heading
This is a heading

Join 14,000+ identity enthusiasts who subscribe to our newsletter for expert insights.

By subscribing you agree to with our Privacy Policy.
Success! You’re now subscribed to the newsletter.
Oops! Something went wrong while submitting the form.

Call center authentication is no longer fit for purpose. Every day, customers spend minutes answering security questions and waiting for SMS codes just to prove who they are, only for fraud and impersonation scams to continue rising anyway. The voice channel has become one of the most exploited attack surfaces, eroding trust for both consumers and businesses.

To explore what a better model could look like, Dock Labs hosted a live webinar on the future of caller authentication, presenting a joint proof of concept developed with GSMA Telefónica Tech and TMT ID. The session demonstrated how callers can authenticate themselves in seconds using a secure digital identity wallet, without sharing sensitive personal data and without relying on knowledge-based authentication or one-time passwords.

The discussion examined the growing fraud landscape, the role of mobile operators as a new root of trust through SIM-based identity, and how decentralized identity and verifiable credentials can transform call center security while improving customer experience and privacy.

The session featured Glyn Povah, Global Head of Product Development at Telefónica Tech, and Helene Vigue, Identity and Data Director at GSMA, who shared insights from the pilot and outlined how the mobile industry is working together to restore trust in voice communications.

Why this pilot exists

  • Caller authentication is a universal pain point
    • Callers routinely spend several minutes just proving who they are before they can solve their real issue.
    • Common flows rely on knowledge-based authentication (KBA) and/or SMS OTPs.
  • Traditional methods are now structurally weak
    • KBA requires people to disclose sensitive personal info and forces call centers to store it (creating liability).
    • Caller Line Identity (CLI) used to be “good enough,” but is now easy to spoof on modern interconnected networks → impersonation fraud.
  • Telcos are reacting to a broader trust crisis
    • Fraud and scams are exploiting voice and messaging channels, eroding trust in core telecom products.
    • The strategic goal: restore trust in communications by bringing stronger proof into voice interactions.

Threat landscape: it’s not just “fraud,” it’s industrialized harm

  • Scale of scam impact is massive
    • Global Anti-Scam Alliance estimates $1T+ losses in 2024, with only ~4% recovered.
    • Over half of adults worldwide report being a victim of a scam in the last year.
  • Victim harm extends beyond money
    • Victims report severe emotional effects (anxiety, depression, insomnia).
  • Scams are industrialized
    • Helen highlights call-center fraud operations tied to human trafficking, especially exposed in parts of Southeast Asia.
  • AI accelerates synthetic identity fraud
    • Generative AI makes it easier to create “real-looking” identities and iterate quickly on what works.

What the PoC is: cryptographically secure caller authentication for call centers

  • Core objective
    • Provide a cryptographically secure way for customers to prove who they are when speaking to a call center agent or navigating an IVR.
  • Context
    • Focused specifically on the voice channel and call center environment.
  • What “good” looks like (as defined in the PoC)
    • Faster authentication → significantly reduced time to verify callers.
    • Stronger security → mitigation of fraud vectors like SIM swap, phishing, CLI spoofing, and stolen data.
    • Enhanced privacy → customers control what data they share and do not need to disclose unnecessary personal information.

How it works behind the scenes: decentralized identity + telco root of trust

  • Decentralized vs centralized identity
    • Traditional identity systems store personal data in centralized databases controlled by third parties.
    • In this model, identity data is held under the control of the user, typically on their device via a wallet.
  • The three roles (as explained in the session)
    • Issuer: the mobile operator issues a credential proving ownership of the phone number.
    • Holder: the end user receives and stores that credential in their wallet.
    • Verifier (relying party): the call center or brand verifies the credential when the user calls.
  • Key cryptographic property
    • The verifier can validate the credential without contacting the issuer.
  • Selective disclosure
    • The holder can present only the information required to satisfy the verification request.
    • In the demo, this is effectively reduced to a simple “yes/no” confirmation.
  • Open standards
    • Encrypted messaging uses DIDComm.
    • Credentials are implemented as verifiable credentials.
    • The wallet secures and holds identity data at the edge (on the device).

Why telcos have a unique advantage: SIM-based root of trust and network signals

  • SIM as a root of trust
    • The SIM (Subscriber Identity Module) has always been how phones authenticate to the network.
    • Telcos authenticate devices and subscribers hundreds of times per day.
  • Network lifecycle events
    • Telcos process real-time events such as:
      • Number recycling
      • Port-outs
      • Disconnects and reconnects
  • Credential lifecycle
    • If a number is recycled, the old credential must be revoked.
    • If a number is ported, a new credential must be issued by the receiving operator.
  • Real-time APIs
    • Telcos are building APIs that allow credentials to be:
      • Issued securely
      • Revoked automatically when trust conditions change
  • Strategic goal
    • Bring the SIM and network risk signals into the digital identity ecosystem as a new root of trust for voice authentication.

Success metrics: proof it works + proof it matters

  • Metric 1: Technical integration feasibility
    • Combine:
      • Dock Labs decentralized identity stack,
      • Telco standard APIs (Open Gateway direction),
      • A call center platform (they used Amazon Connect as a simulated call center).
    • Early conclusion: integration was smoother than expected.
  • Metric 2: User experience acceptance (two user groups)
    • Consumers: ease, speed, perceived privacy/control.
    • Call center agents/operators: operational fit and friction reduction.
  • Metric 3: Business KPI impact
    • Reduced call handling time, reduced fraud, improved customer experience.
    • Glyn cites rough industry benchmarks:
      • Authentication today often takes 4–5 minutes.
      • Call center cost estimate: $0.75–$1.50 per minute of call (used as directional ROI framing).
    • The business problem is where scaling challenges will likely appear (commercial model, rollout across telcos, enterprise adoption).

Security outcomes: fewer fraud paths + less data exposure

  • Impersonation fraud reduction
    • Weakness today: spoofed CLI + KBA/OTP workarounds + stolen data.
    • Proposed improvement: cryptographic proof anchored in SIM + network risk signals.
  • “Less data = less liability” framing
    • Many enterprises don’t want more personal data; it raises compliance and security burdens.
  • Coinbase-style insider/data leakage scenario
    • Example discussed: bribed call center agents extracting customer data, enabling targeted social engineering.
    • Wallet-based verification reduces the amount of sensitive info ever revealed to agents.

Implementation + ecosystem: scaling requires industry coordination

  • Open Gateway is the distribution path
    • Telefonica’s intent is to offer this to the market (not only internal use).
    • Goal: widespread telco adoption so it works globally.
  • GSMA’s scaling role
    • GSMA Foundry used to fast-track pilots and partnerships.
    • Parallel precedent: “Scam Signal API” started as a PoC and expanded into broader deployment.
    • GSMA also drives cross-industry collaboration and operator-to-operator coordination (where cooperation matters).
  • Near-term milestone
    • They plan to share more results at MWC Barcelona (early March).

Audience Q&A — Carrier APIs and verification flow

  • Carrier APIs used in the PoC
    • Number Verify API
      • Confirms that the user is currently in possession of the phone number and device.
    • SIM Swap API
      • Checks whether there has been a recent SIM swap, which is a key fraud risk signal.
  • Purpose
    • These APIs are used to:
      • Secure the issuance of the credential
      • Add real-time risk signals into the trust model
  • Scope
    • Only a limited number of signals are used in the PoC.
    • Glyn notes there are many more network risk signals that could be incorporated in future versions.

Create your first digital ID credential today

The Truvera platform helps you integrate reusable ID credentials into your existing identity workflows to support a variety of goals: reduce onboarding friction, connect siloed data, verify trusted organizations and customers, and monetize credential verification.

Sign up for free
Request Free Consultation

Ready to get started?

Sign up to TruveraRequest Free Consultation

Company

Truvera Platform

Developers

Use Cases

Resources

Copyright © 2024 Dock Labs AG