Caller trust in Finance: Authentication + Reputation

July 6, 2026

21 min read

Key takeaways

  • Inbound fraud is up 26% and KBA is costing contact centers up to 25,000 agent-hours a month while still failing against AI-enabled fraud including deepfake voice attacks. Benchmark against peers here.
  • 80% of your outbound calls may be going unanswered if your caller ID is unknown. And branded calling alone does not fix either problem if your underlying phone number reputation is compromised. 
  • Contact center security and resilience contribute to the same problem. Leading finance teams manage both from one view.

Finance contact centers face a trust gap on both ends of the call. Customers don’t trust and don’t answer unknown calls from enterprises. Agents can’t always trust the callers coming in. These gaps are dragging down your customer experience, and will continue to cost you customer relationships unless you start managing them proactively.

Two-way trust issues in voice calls

Inbound fraud

Inbound fraud rose 26% in 2024, according to TransUnion[1]. Many financial institutions are still using knowledge-based authentication (KBA) to fight it. The catch is that much of the required proof of identity is readily available through phishing schemes or data breaches. Fraudsters can just call in with the stolen information pre-loaded.

AI has made this worse. Deepfake voice technology has made it increasingly easy for bad actors to synthesize a caller’s voice using publicly available audio. This is increasingly common.

Meanwhile, legitimate customers are asked to prove their identity again and again, and 46% say the process frustrates them[2]. Agents spend more time on caller authentication, too. Each call takes an extra 30 to 90 seconds just for verification[3].

At 1M monthly inbound calls, KBA can cost up to 25,000 agent-hours spent on authentication that isn’t stopping the threat it was built to stop. Caller authentication and voice biometrics address this by moving verification before the agent picks up, embedding risk scoring in the IVR, passively authenticating low-risk callers, and routing higher-risk calls to specialists automatically.

The real-time standard: Look for call authentication technology that produces a fraud score during the live call, not after it. Solutions that score calls pre-answer or within the IVR allow automated routing decisions before any agent interaction.

Outbound trust

80% of calls from unidentified numbers are likely to go unanswered. Call labels, such as “Scam Risk” and “Spam Likely,”  push answer rates even lower[4]. Carriers and consumer-blocking apps apply labels based on signals like call patterns and consumer complaint data, and legitimate numbers can get caught in the sweep without the contact center knowing.

How to check your phone number reputation: The most reliable way for enterprises to identify a mislabeled number is through a number reputation management platform that monitors your numbers across major carrier databases and consumer-blocking apps simultaneously. 

→ What STIR/SHAKEN does and does not do: STIR/SHAKEN is a call authentication framework mandated by the FCC that cryptographically signs calls at the originating carrier and validates them at the terminating carrier. It tells the receiving party whether the calling number has been verified as legitimate. For outbound calls originating from your contact center, STIR/SHAKEN attestation improves deliverability and reduces the likelihood of mislabeling. It is a protocol, not a platform. Implementation requires a carrier that has STIR/SHAKEN natively built into their network, not layered on through a third-party service.*

Establish your identity: Branded calling displays your business name, logo, and call reason directly on the recipient’s phone, replacing the unknown number with something recognizable. Research from First Orion shows it can lift answer rates by up to 18%[5]. But branding the call display doesn’t solve for reputation. Call labels can still override branded call displays, where consumers will see “Spam Likely” instead of logo and call reason. Branded calling without active phone number reputation management is an unreliable and expensive investment. 

Protect your brand: In 2025, imposter scams were the #1 reported fraud type in the US, with over 1 million cases [6]. With branded calling, there is a fear that fraudsters will hijack branded displays and run impersonation scams under the bank’s name. 

Advancing technology requires advanced security. Branded call display can be protected against illegal caller ID manipulation with pre-call verification at the network level. Using short term tokens, you can verify each call before it reaches a recipient device so that your brand is only applied on calls coming from your business – making it significantly harder for bad actors to impersonate your business. 

That’s a fundamentally different function from display branding, and different again from spam label remediation. Each one addresses a distinct failure point in your outbound trust stack, and using only one layer of prevention is where most outbound strategies fall short.

Why one-sided solutions only solve half the problem

Inbound and outbound problems compound each other.  A fraudster who passes authentication measures and infiltrates an account may generate an alert. If that fraud alert fails to reach the customer, the fraudster can continue to do more damage. You need to have both working properly to have a strong defense. 

Caller authentication determines who gets through inbound. Phone number reputation management determines whether customers pick up outbound. Financial institutions need both for voice to keep working as a trusted channel and they need both connected to the same operational view.

How financial institutions benchmark against peers in contact center security and trust

Bandwidth’s Finance Voice Security & Resilience Benchmark Report sorts financial institutions into three maturity tiers. The sorting is based on inbound fraud mitigation, outbound trust and reputation, voice channel resilience, visibility and control, and carrier strategy.

1. The developing tier

The contact center mostly finds out about problems after they’ve happened. 

Caller authentication depends on the agent spotting fraud once a suspicious caller is on the line, impacting Average Handle Time. Spam label and branded calling impact might not be measured, costing you answer rates and hence, revenue. The carrier layer is largely outsourced through a CCaaS provider or reseller, so contact centers have no independent access to call routing decisions or network-level performance data.


The priority: Moving from reactive to programmatic. You may need to focus on automating outbound label remediation or implementing network-level identity verification so your agents aren’t the only line of defense. 

2. The mature tier

The contact center has better tools in place, though with limitations. 

Calls now arrive with a fraud score attached but further routing is probably still manual. 

Phone number reputation management is part of the workflow, and branded calling is active on key numbers. Impact measurement is still too inconsistent to prove ROI.

The carrier layer is partially decoupled from the CCaaS platform, giving teams greater visibility into performance. However, the view is fragmented, and switching carriers or rerouting traffic quickly is not easy.

The priority: Integration, orchestration, and automation. It’s time to move toward a unified platform where fraud scores help dictate call flow, and where outbound branding is tied to measurable conversion metrics. 

3. The leading tier

By this point, the contact center has moved from reactive to proactive on fraud.

The fraud indicator starts inside the IVR before an agent answers. Higher-risk calls go to specialists; lower-risk callers move through with fewer steps. Voice biometrics run in the background during the opening seconds.

Outbound numbers are monitored across carriers and consumer-blocking apps in real time, and mislabeled numbers are automatically remediated. Branded calling is secured at the network level to help prevent branded display manipulation.

By decoupling your carrier traffic from the CCaaS platform through a BYOC model, the infrastructure team gains direct control over global routing and disaster recovery, with visibility into network-level performance in one place.


The priority: Continuous optimization. As the carrier ecosystem evolves (like the evolution of STIR/SHAKEN and the introduction of advanced tech solutions), your goal would be to maintain this single pane of glass visibility across your global footprint.

Mind the gaps in your voice channel

If your contact center uses knowledge-based caller authentication as its first line of defense, it’s already costing you customers and agent hours. The same is true if you’re finding out about scam/spam labels through agent escalations and customer complaints.

Start with the voice channel risk and trust scorecard to see how your inbound fraud defenses and outbound reputation posture compare against finance peers. You’ll know which maturity tier your financial institution falls into and what to prioritize next.

Then book a consultation with a Solution Engineer to pinpoint two or three needle-moving changes that impact handle time, answer rates, resilience, and fraud exposure.

Bandwidth consolidates fraud mitigation, Number Reputation Management (NRM), and authenticated branded calling directly into the carrier network layer. NRM monitors your numbers across major carrier databases and consumer-blocking apps, identifies mislabeled numbers, and automates remediation requests directly with carriers, so your team isn’t manually chasing label corrections across a fragmented stack. Because that monitoring runs alongside inbound caller authentication at the same network layer, infrastructure teams get a single view of call authentication status and outbound reputation health without stitching together separate platforms for each. For financial institutions managing large outbound number portfolios and high inbound call volumes simultaneously, consolidating both functions into the carrier layer removes a category of operational overhead that third-party overlay solutions can’t.

Explore Number reputation management and other contact center security and trust services

Data sources: 

[1] TransUnion
[2] Pindrop Voice Intelligence and Security Report 2025
[3] Neustar Knowledge-based Authentication Threat whitepaper
[4] Hiya State of the Call, 2025
[5] First Orion State of the Call 2025
[6] FTC Consumer Sentinel Network

FAQ

*STIR/SHAKEN attestation is one component of a broader outbound trust strategy; financial institutions should consult with their legal and compliance teams regarding their full regulatory obligations.

**Voice biometric enrollment and passive authentication may be subject to notice and consent requirements under applicable biometric privacy laws (e.g., BIPA, GDPR); financial institutions should confirm requirements with legal and compliance teams before deployment.