How to prevent Caller ID Spoofing Attacks

We have one route where our FreePBX/a2illing system validates calls with the CID of the caller.

Is there any way to protect the system against fraudulent calls from spoofed CIDs?

We only allow calls via the PSTN so hackers can’t call our system for free
but I am wondering if there is anything else we can do.

Any help and/or ideas would be greatly appreciated.

With the “fluid” nature of CID, I don’t think there’s an easy way to do it and I’m even having trouble thinking up a hard way.

Short of PINs that have to match the CID, I’m not coming up with much.

Maybe I can make it too complicated for the hackers to bother?

How about the “Outbound Call Limiting” module?
Would I be able to block multiple calls to the same number? Would it also block calls from a2billing? They are originating in FreePBX so maybe it would work?

Can PinsetPro protect outbound routes? I see that routes can be protected with a passcode.