Over a year after FCC's STIR/SHAKEN, America still has a massive robocall problem
Couldn't attend Transform 2022? Check out all the summit sessions in our on-demand library now! Look here.
There's a compelling reason why the Federal Communication Commission's (FCC) STIR/SHAKEN was so desperately called ahead of its eventual implementation on June 30, 2021. America has a nasty robocall problem to the tune of approximately 4-5 billion fraudulent robocalls every month (from 2021). And the attacks are getting fiercer and fiercer.
STIR/SHAKEN was designed in an ever-changing fraud environment. Fraudsters no longer try to extract money from telecommunications transactions; today, it's about collecting personal and financial data. Enter the “Robocall Big Bang,” where attackers around the world are exploiting vulnerabilities in current technologies to directly target end users.
Regulators know this, hence STIR/SHAKEN, a suite of technical protocol and governance framework standards intended to crack down on robocalls, most of which feature calling line identification (CLI) or spoofed caller ID. This is how scammers trick US customers into thinking they are getting a call from someone in the US when they are not. Since the operator initiating the call is supposed to "sign" and verify that each call is legitimate, STIR/SHAKEN was supposed to bring trust to end users and terminating operators (the final destination of the call). call - in this case, the United States) when verifying an incoming caller ID received over an IP network.
That's fine in theory, but BICS FraudGuard revealed a 65% increase in attack volume against US subscribers between November 2021 and February 2022.
EventMetaBeat 2022
MetaBeat will bring together thought leaders to advise on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
register hereSo what is the problem and how do I fix it?
Call traffic is not a straight line: the problem with STIR/SHAKENAt the heart of STIR/SHAKEN's shortcomings is a misunderstanding of how international voice traffic works.
International call traffic is not a straight line. Rarely will a call go directly from a carrier in one country or to a mobile network carrier in the United States. There are many "jumps" between the two: you may see traffic flowing between three or four carriers, but it's not uncommon to see up to seven or eight separate connections between carriers while traffic is spreading across the world.
If a carrier in Singapore falsely certifies that a US CLI in a fraudulent call is genuine, and if many hops occur before the US carrier's final destination, then any regulations mandating methods to certify this CLI - and therefore the call - ultimately means nothing.
As soon as you have many intermediaries in international traffic, you lose traceability. The CLI signature will only be transmitted to the various operators in the chain if the call also passes through IP networks, which is not always the case. Worse still, data protection laws and company policies often prevent carriers in the United States from tracing the origin of a call. And since foreign operators are not bound by FCC regulations, there is little incentive to implement STIR/SHAKEN.
Global adoption neededIn other words, STIR/SHAKEN forces international gateway vendors to sign CLIs (and expensively) that they have absolutely no way of knowing are genuine. All an international gateway provider in the middle can do is recognize that the call was verified by a prior carrier (if the CLI signature is passed in the SIP headers). Alternatively, they can assign a “level C attestation” to the call (the lowest level of confidence), effectively confirming that they themselves have h...
Couldn't attend Transform 2022? Check out all the summit sessions in our on-demand library now! Look here.
There's a compelling reason why the Federal Communication Commission's (FCC) STIR/SHAKEN was so desperately called ahead of its eventual implementation on June 30, 2021. America has a nasty robocall problem to the tune of approximately 4-5 billion fraudulent robocalls every month (from 2021). And the attacks are getting fiercer and fiercer.
STIR/SHAKEN was designed in an ever-changing fraud environment. Fraudsters no longer try to extract money from telecommunications transactions; today, it's about collecting personal and financial data. Enter the “Robocall Big Bang,” where attackers around the world are exploiting vulnerabilities in current technologies to directly target end users.
Regulators know this, hence STIR/SHAKEN, a suite of technical protocol and governance framework standards intended to crack down on robocalls, most of which feature calling line identification (CLI) or spoofed caller ID. This is how scammers trick US customers into thinking they are getting a call from someone in the US when they are not. Since the operator initiating the call is supposed to "sign" and verify that each call is legitimate, STIR/SHAKEN was supposed to bring trust to end users and terminating operators (the final destination of the call). call - in this case, the United States) when verifying an incoming caller ID received over an IP network.
That's fine in theory, but BICS FraudGuard revealed a 65% increase in attack volume against US subscribers between November 2021 and February 2022.
EventMetaBeat 2022
MetaBeat will bring together thought leaders to advise on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
register hereSo what is the problem and how do I fix it?
Call traffic is not a straight line: the problem with STIR/SHAKENAt the heart of STIR/SHAKEN's shortcomings is a misunderstanding of how international voice traffic works.
International call traffic is not a straight line. Rarely will a call go directly from a carrier in one country or to a mobile network carrier in the United States. There are many "jumps" between the two: you may see traffic flowing between three or four carriers, but it's not uncommon to see up to seven or eight separate connections between carriers while traffic is spreading across the world.
If a carrier in Singapore falsely certifies that a US CLI in a fraudulent call is genuine, and if many hops occur before the US carrier's final destination, then any regulations mandating methods to certify this CLI - and therefore the call - ultimately means nothing.
As soon as you have many intermediaries in international traffic, you lose traceability. The CLI signature will only be transmitted to the various operators in the chain if the call also passes through IP networks, which is not always the case. Worse still, data protection laws and company policies often prevent carriers in the United States from tracing the origin of a call. And since foreign operators are not bound by FCC regulations, there is little incentive to implement STIR/SHAKEN.
Global adoption neededIn other words, STIR/SHAKEN forces international gateway vendors to sign CLIs (and expensively) that they have absolutely no way of knowing are genuine. All an international gateway provider in the middle can do is recognize that the call was verified by a prior carrier (if the CLI signature is passed in the SIP headers). Alternatively, they can assign a “level C attestation” to the call (the lowest level of confidence), effectively confirming that they themselves have h...
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
