[mibbitier]

Wouldn't it be fairly trivial to have an automated system to call the caller back (Verify that they aren't spoofing the caller ID)?

eg

  1. Caller phones in
  2. System looks at caller ID, and says "We will now call
     you right back to verify you are who you say you are"
  3. Caller hangs up and has to wait for call.

Surely that system would need a much higher level of hacking to be able to intercept the call.

[T-hawk]

You could do that, but it would be a terrible idea and experience in practice.

1. Your system is unusable from anything that doesn't provide an accurate and usable caller ID number. Such as any office where outgoing calls route through a trunk number. Or many VOIP services.

2. You've quite possibly doubled your phone bill, or at least substantially increased it.

It's not always correct to throw as much security as possible at a system. Security always involves tradeoffs and sometimes it is correct to make them.

[josh2600]

This is not implemented for one simple reason:

Outbound calls are more expensive than inbound calls.

[MichaelGG]

The usability issues that T-hawk mentions are more of a reason.

And anyways, inbound on a toll-free number is often pretty close to your outbound rate, for the US.

[josh2600]

That's just not true. The inbound rate on Toll-free is almost always higher than outbound termination. Only in rare, high-volume circumstances is Toll-Free inbound cheaper than outbound.

Usability is a huge issue, but I think that it comes back to the bottom line cost figure. The usability is just one of those problems that no one wants to start to deal with because of the cost. If outbound was cheaper someone would've found a way to do it (IMHO).

[MichaelGG]

You may want to re-read your comment. If Toll-free inbound is higher than outbound, then why wouldn't they do outbound more often? We're talking about (in many cases) businesses like banks which offer toll free numbers. So obviously cost is not the dominating factor here.

Some systems did implement outbound calling for increased security. I'm thinking dial-up (BBS/remote access) scenarios. Windows NT, for instance, allowed you to allow a user-defined or preset callback number. Although, for user-defined, its more likely a cost issue than security.