STIR SHAKEN to fight robocalls and call spoofing
In September of 2021 all communication service providers need to be in compliance with a new set of protocols and regulations. Why is important to understand what is going on? In the next few lines we’ll explain what is all this about.
A practical situation on why a regulation is needed
I remember being at the office one warm day of summer when out of nothing I got a text message from an unknown number. The text would read “Can i call you later?”. Since i was busy i kept doing what i was doing. A couple of minutes later i got another text message: “Can i call you later?” and it really called my attention. At that exact time I realized that message is the same I my smartphone let me use to reply when i’m busy and i can’t take a call. A few minutes later the same phone number I was receiving texts from calls me and just out of curiosity I took the call. “Yes, how can I help you” candidly replied; but the person on the other side said to me “…you are the one calling me for the last half hour; how can I help you?”. This person shared with me his call history and indeed my phone number was the one calling but it was not me. Then I realized my phone number was being spoofed. An unknown 3rd party was calling people presenting my personal phone number as their Caller ID. I assume the purpose of the spoofed call was merely commercial to try to sell something. But what if they do this with non-sanctus purposes?
The risks of call automation through dialers – Robocalls
So in addition to the possibility of masking a phone call with an unlawful caller ID presentation imagine now thousands or millions of these calls made by a dialer. In today’s world is pretty common to use dialers to communicate about appointments, reminders, etc. However without an strategic regulation the technology can be used in a harmful way and consumers may be scammed. Let’s just imagine a system calling out to all the US consumers showing up for example the I.R.S. phone number and then engaging in such a way personal information is asked so later on a fraud can be committed. Without regulation scammers can take advantage of their victims easily.
A article by CISION PR Newswire reads that in September 2020, robocalls averaged 126.9 million calls/day or roughly 1,469 calls/second, up 7% from 118.3 million calls/day and 1,370 calls/second in August. Let’s suppose 0,1% of those robocalls end up in fraud we are talking that some 12 million people are scammed every day!!! This is why regulation is needed.
Calling for a new Telecom ACT: the TRACED ACT
Statistics on robocalling are crazy. In 2020 First Orion published a report that states that 18% of consumers reported getting more than three scam calls per day. This is why the government passed a bill called the TRACED ACT or Telephone Robocall Abuse Criminal Enforcement and Deterrence ACT. In brief, this regulation promotes that all communication service providers should implement some protocols and strategies for robocall mitigation within VoIP networks or otherwise be subject to substantial fines and penalties. This resulted in the birth of STIR SHAKEN implementation.
What is STIR SHAKEN?
STIR, short for Secure Telephony Identity Revisited and SHAKEN, Secure Handling of Asserted information using toKENs, are telecom industry standards that allow communication service providers (CSPs) to cryptographically sign calls in the SIP (Session Initiation Protocol) header. These calls are authenticated by the originating service provider, then verified by the receiving service provider, and they help call receivers know whether the call is authentic.
If you are into IT think of STIR/SHAKEN as a reverse lookup in order to validate if the calling party is exactly the party they’re saying they are. STIR/SHAKEN aims to reestablish and strengthen trust in the communications industry, fight against malicious robocalling and protect consumers against fraud and abuse.
It is important to note that STIR/SHAKEN is not a technology that blocks calls, especially because not every automated solicitation call is deemed illegal. Calls from charities or debt collectors, for example, are permissible. Rather, STIR/SHAKEN is a tool to provide indications of when fraud is occurring and protect call receivers from falling prey to bad actors.
When STIR/SHAKEN is enabled, during the request of a call SIP headers indicate whether the party originating the call is authorized to use the number by three attestation fields: A, B and C. These fields help categorize how to verify or attest the validity of a number.
Below are the three levels of attestation:
A. Full Attestation – The service provider has authenticated the calling party and is authorized to use the originating number.
B. Partial Attestation – The service provider has authenticated the originating call, but it cannot confirm the calling party is authorized to use the number.
C. Gateway Attestation – The service provider has authenticated where it received the inbound call but is unable to verify the call source.
Carriers have already started implementing STIR/SHAKEN protocol to verify callers and numbers, which should cut down on the number of robocalls received and the amount of spoofed calls.
LinkedIP and STIR SHAKEN implementation
LinkedIP is committed to support the deployment this framework.
The first major step towards preventing robocalls has been already completed and we keep working to enhance the framework in the next upcoming months. Our strateg combines behavioral analytics, caller authentication, and verification.
Key Features Include:
- Fraud Detection: Detection of high volume robocalling, spoofing, and spam call activity
- Subscriber Notification: Caller ID Name override to warn subscribers of suspicious calls
- Call Blocking Support: Accurate identification enabling customers to block fraudulent phone calls as per the TRACED Act (2019)
- Business Number Verification: Register legitimate business numbers to prevent unintentional call blocking
- Caller ID Name Service: Easy integration of Caller ID name lookup service, including robocall mitigation with CNAM override.
For more information on how LinkedIP can deploy STIR/SHAKEN for you please contact us at info@linkedip.com.