Nearly every person with a phone has received more robocalls in recent years. In 2020, 45.8 billion robocalls were placed nationwide. In December 2020 alone, there were 3.9 billion robocalls placed in total—equating to almost 125 million robocalls placed every day, 39 percent of which were scams.
Illegal robocalls are a nuisance and a vehicle for bad actors to commit fraud. The recent surge in robocalls is due to the accessibility of tools that enable fraudsters to spoof outbound dialing numbers and effortlessly generate millions of calls. This has led to consumers losing trust in phone calls.
To combat these rampant, intrusive (and sometimes fraudulent) calls, the government signed the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act into law on December 30, 2019. The TRACED Act requires service providers help reduce the number of illegal robocalls by implementing STIR/SHAKEN standards for caller I.D. authentication by June 2021.
About STIR/SHAKEN
STIR, known as Secure Telephony Identity Revisited and SHAKEN, Secure Handling of Asserted information using toKENs, are telecom industry standards that allow communication service providers (CSPs) to cryptographically sign calls in the SIP (Session Initiation Protocol) header.
STIR: Secure Telephony Identity Revisited
STIR is a set of technical standards developed by the Internet Engineering Task Force (IETF), which verify that a calling party is authorized to use a specific telephone number.
SHAKEN: Signature-based Handling of Asserted information using toKENs
SHAKEN is a framework developed by the Alliance of Telecommunications Industry Solutions (ATIS) for service providers to use when implementing STIR-using IP networks.
STIR/SHAKEN was created to reduce the number of illegally spoofed calls, fight against malicious robocalling and protect consumers against fraud and abuse and ultimately rebuild trust in the communications industry.
With STIR/SHAKEN, calls are authenticated by the originating service provider, then verified by the terminating service provider, allowing consumers to know whether the call is authentic. It is important to note that STIR/SHAKEN is not a technology that blocks calls, as not every automated solicitation call is deemed illegal. Calls from charities or debt collectors, for example, are permissible. STIR/SHAKEN is a tool to provide indications of when fraud is occurring and protect call receivers from falling prey to bad actors.
Carriers have implemented the STIR/SHAKEN protocol to verify callers and numbers, which should cut down on the number of robocalls received.
STIR/SHAKEN Call Flow, Authentication/Attestation and Verification Process
A service provider may be the originating service provider (OSP), the terminating service provider (TSP) or neither. The latter case would be an intermediate service provider where the OSP is earlier in the call path (upstream) and the TSP is later in the call path (downstream). The OSP performs authentication, intermediaries (if any) pass the authentication from the OSP and the TSP performs verification.
STIR/SHAKEN Attestation
- Full Attestation: The signing provider:
- Is responsible for the origination of the call onto the IP- based service provider voice network.
- Has a direct authenticated relationship with the customer and can identify the customer.
- Has established a verified association with the telephone number used for the call.
- Partial Attestation: The signing provider:
- Is responsible for the origination of the call onto the IP-based service provider voice network.
- Has a direct authenticated relationship with the customer and can identify the customer.
- Has NOT established a verified association with the telephone number being used for the call.
- Gateway Attestation: The signing provider:
- Has no relationship with the initiator of the call.
- Examples include non-SIP originations and international gateways (originations from outside the United States).
Flowroute has implemented STIR/SHAKEN in compliance with the June 30, 2021 deadline, providing a detailed explanation of how we intend to attest outbound calls from our customers, as well as respond to verification results for inbound calls. Additionally, Flowroute is registered in the FCC’s Robocall Mitigation Database per the agency’s Second Report & Order.
As leading CSPs, carriers and IT providers embrace collaboration with one another they will help to deliver comprehensive tools to quickly detect suspicious calls and notify businesses and customers of potential illegal robocalls and spoofed calls. By doing so, they will help restore trust in the communications industry.
If you have questions or concerns about STIR/SHAKEN, please feel free to contact your Flowroute Account Manager or Flowroute Support at support@flowroute.com.