If you’ve ever seen your area code on the caller ID, only to be greeted by a pre-recorded voice message promising to erase your credit card debt, you’ve been spoofed!
Spoofing is a method used by fraudsters to trick people into answering calls. These bad actors send out unwanted robocalls with disguised (spoofed) caller ID numbers that mimic the first six numbers of a phone number (area code and pre-fix number) to make you think a neighbor or local business is calling. When you answer the call, it turns out to be an automated interactive robocall that’s almost certain to be a scam.
But the collateral damage is not just consumers. Legitimate businesses, whose numbers are being fraudulently used in robocalls, are losing their customers’ trust because their numbers (in their customers’ minds) are associated with robocalls. According to YouMail, a robocall blocking service that compiles data on these types of calls, U.S. phone subscribers received a record 3.4 billion unwanted automated calls in April 2018. In addition, it is estimated that telephony-based fraud has reached $38.1 billion in losses to telcos and their consumers.
Fighting for True Caller ID Authentication
But now there’s help on the way. The Federal Communications Commission has recommended a new national call authentication system, called STIR/SHAKEN, be implemented by the end of 2019 to combat illegal caller ID spoofing. Additionally, a new bill (S.151) introduced in the Senate called the TRACED (Telephone Robocall Abuse Criminal Enforcement and Deterrence) Act will provide safe harbor for providers to block calls, and increase criminal penalties for unlawful robocall perpetrators.
STIR/SHAKEN is a lengthy acronym for Secure Telephony Identity Revisited and Secure Handling of Asserted Information using toKENs. STIR is a framework for authenticating and verifying a caller ID. SHAKEN is another framework built on top of STIR providing details how tokens should be used.
We asked Jay Cox, Carrier Relations Manager at Magna5, to help us sort out what the new proposed national call authentication system will mean for consumers and telcos.
What is STIR/SHAKEN and why is it so important?
“STIR/SHAKEN is a national authentication system designed to help stop ID spoofing and fraudulent robocalls by restoring trust in the calling number presented. The calling party will attach a signed certificate of authenticity to each telephone call. Then the called party’s telephone company will screen and confirm the digital signature. The confirmation allows verification of the calling number. It’s designed to ensure caller IDs are accurate. A spoofed number won’t get through because the caller doesn’t have legitimate access to the number.
“It’s important to stop the stem of fake numbers used by unwanted robocalls because scammers have become more malicious, disguising their phone numbers to impersonate government officials, law enforcement agencies or legitimate businesses, such as a bank or doctor’s office. As a result, consumers are reluctant to answer calls from these legitimate organizations because they think it’s a scam. Businesses struggle to reach their customers due to loss of trust, and restoring their confidence is an uphill battle. Additionally, the repercussion for telcos and call centers is they see fewer completed calls … after investing in more network capacity to handle the robocalls.”
How does STIR/SHAKEN work?
“According to TransNexus, an originating service provider puts a call on the network. Using STIR/SHAKEN, that provider also authenticates the caller ID information. They know their customers, so they’re well-positioned to do that. And they secure their authentication by signing the call using public key infrastructure, which is widely used with the internet.
“A terminating service provider delivers the call to their customer. Using STIR/SHAKEN, that provider also verifies the caller ID information in the call using the pubic key infrastructure to confirm the information and signature still match.
“Telcos using cryptographic certificates to authenticate and verify the caller ID will be able to mark calls ‘suspicious’ that are not STIR/SHAKEN-signed, and consumers will be able to act on these warnings and turn down calls.”
Today, AT&T and Comcast have successfully carried out the first STIR/SHAKEN calls between two different networks. But the catch is all carriers need to adopt the STIR/SHAKEN protocol for the system to be an effective deterrent. Many other carriers have stated they will adopt the standard by the end of 2019.
Managed service providers offering voice and carrier solutions also play a part in caller ID spoofing prevention by ensuring their carriers comply with STIR/SHAKEN requirements to help increase the numbers of completed calls for their customers.