Carrier: “How do you like your call termination?”
FCC: “STIRed and SHAKEN.” (I imagine this spoken in a British accent reminiscent of Sean Connery’s 007.)
While STIR/SHAKEN sounds like James Bond’s favorite Martini, it has nothing to do with that; however, it is designed to help save the free world (or just the US and Canada) from some sinister actors… Scammers and Robocallers!
Let’s dig deeper to understand the Robocall epidemic… (if you’ve owned a phone over the course of the past few years you know how tiresome it is to receive these calls). There are three elements that robocallers and spammers need to call a US phone number from overseas.
1. Call Center – India has an overabundance of call centers due to companies such as British Airways, Texas Instruments, American Express, and more starting the outsourced call center boom of the 1980s and 1990s.
2. Robodialing Software – This is easy to come by. There is a plethora of opensource (usually free) software that one can install to blast calls out to victims.
3. A US-based Carrier – To terminate a call within the US at a good price point these call centers take advantage of SIP trunk providers within the US. Several of these carriers have been fined heavily over the past few years as a result of allowing scammer traffic through.
What about that last element—A US-based Carrier? What does this mean?
In simple terms, it is a Hosted VoIP/SIP/Phone Service provider that allows calls to connect between networks. (Examples of calls between two networks include calling from your Verizon cell phone to an AT&T cell phone or calling from your business phone to a client’s phone.)
So… How do scammers/robocallers take advantage of this?
Too easily. A scammer company looks online for SIP Providers that are willing terminate (meaning to facilitate) their calls. After signing up with that carrier, a scammer will run their robodialer software to connect to unsuspecting victims within the US or whatever country they are targeting. Typically, robodialing scammers also spoof (unethically and illegally changing data records by disguising their phone number as another totally unrelated number) a caller ID number similar to your own number to increase the chances of you answering the call.
How do Telecom companies discern Legal Robocallers from those that are Scammers?
You may ask yourself, “what are legal robocalls?” There are several. Most common examples include Reverse 911 (Police Departments sending an alert out to residents), Schools sending snow day or other urgent messages, legitimate debt collection, and several others.
Here’s what’s changing by going into effect soon…
STIR/SHAKEN – Secure Telephony Identity Revisited / Signature-based Handling of Asserted information using toKENs
Let’s focus on STIR for a moment, as this impacts VoIP/SIP providers. Secure Telephony Identity Revisited. What this means, in a nutshell, is that the Caller ID Number sent from one carrier to another is validated. Validation begins at point of dialing. Each VoIP provider must validate the Caller ID (CID) before it leaves its network. At the same time, the carrier attaches an encrypted certificate to the call/CID. This prevents a client of theirs from using a spoofed number and prevents the CID from being altered en route to its destination (call recipient).
A call recipient’s carrier does a corresponding lookup on the certificate to confirm that the call came from a valid source.
The STIR protocols will help greatly to prevent Spam/Scam Robocallers originating and terminating calls over VoIP/SIP based networks.
How will this work on non-VoIP systems? This is where the SHAKEN part comes into action. Signature-based Handling of Asserted information using toKENs is what will come into effect after a call from a VoIP system is handed off to a cell phone provider. For example, calling from your work line to your spouse’s cell phone. STIR will validate your CID information and hand it off to the cell phone provider. SHAKEN then takes over to authenticate the call to its destination. As of 2019, multiple agencies and major PSTN (Public Switched Telephone Network) carriers have been ironing out the details on exactly how this will work.
When is all of this coming to fruition?
Well, despite Verizon’s request to extend the deadline, STIR/SHAKEN goes into effect on June 30th 2021 in the US and September 30th in Canada. There is a provision in place for rural and smaller carriers that petitioned the FCC allowing them an additional year, with a June 30th 2022 deadline.
Another notable date is September 28th of 2021. This is when the FCC is mandating additional robocall prevention services, where all phone companies must block/refuse calls based on the Robocall Mitigation Database.
What does this mean for the VoIP industry?
As anyone in the Telecom/VoIP industry will tell you, we are in one of the most regulated industries in the country. This may put a nail in the coffin for some smaller carriers who do not have the funds to invest into upgrading their own infrastructure and for those who have been operating without being fully complaint. Companies not implementing STIR/SHAKEN and interfacing with the Robocall Mitigation Database as per FCC Acting Chairwoman Jessica Rosenworcel "Our message to providers is clear. Certify under penalty of perjury the steps you are taking to stop illegal robocalls, or we will block your calls."
Need help making sense of all of this? Give us a call or contact us via email at firstname.lastname@example.org to begin the conversation.
Our co-founder and Chief Technology Officer, Michael A. Barson, brings two decades of VoIP Telecommunications expertise to VoIP Doctors clients and partners every day. We help businesses and other VoIP providers to navigate the details and ensure that they are set up for success. The VoIP Doctors platform guards against security threats and service interruptions to keep your business moving forward.
With warm wishes for a safe and productive season,
Mike & Hala