The problem of illegal robocalling is massive, and massively expensive. The FCC tells us that US consumers are deluged with unwanted calls, receiving over 100,000 of them every minute, and that 47% of those calls are illegal scams. Fraudulent calls of this nature impact 43 million American consumers per year and cost approximately $10.5B in total losses. This equates to $244 of loss per targeted consumer.
Given the wide prevalence of unwanted calls, an increasing number of consumers have completely lost faith in the integrity of the public telephone network and no longer answer incoming calls. Legitimate calls from people and enterprises without nefarious intent have become unplanned collateral damage, and legitimate businesses are experiencing increasing difficulty reaching their legitimate customers.
To combat the pervasive and growing menace of the vexing problem of illegal robocalling, the FCC (USA) and the CRTC (Canada) have mandated that carriers must implement the STIR/SHAKEN framework by Sep 2020 in Canada and Jun 2021 in the USA.
Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted information using toKENs (SHAKEN) together, are a set of standards that provide a method for securely signing calls at the network of origination and then verifying those call signatures at the network of termination.
This has the intent of restoring faith in the public telephone network by eliminating one of the key contributors to the deluge of unwanted calls, fraudulent robocalls, and specifically those robocalls that spoof the calling line ID to increase the likelihood that the call’s receiver will answer it. STIR/SHAKEN does this by digitally signing known trusted calls at their point of origination in a way that cannot be tampered with downstream. When such calls are terminated at their destination, the destination service provider checks for the presence of a digital signature, and if found, verifies it. The results of this verification (no signature, failed verification or successful verification) are included with the call termination and an indicator of this status is displayed on the called party’s device.
This approach creates a circle of trust that consumers can rely on. If an incoming call displays a “Verified” indication, the presented identity of the caller can be trusted to be correct. If the same call does not present such an indication, the consumer knows to approach that call with caution. Due to the nature of the digital signature process, fraudsters cannot break into this circle of trust and spoof a valid signature and are thus fully locked out. Integrity is restored and consumers can begin to trust their telephone network once more.
In many ways, STIR/SHAKEN seeks to return the telephone network to its original pre-Internet state, where every subscriber was directly connected to their service provider, the telephone network itself was a closed impenetrable environment, and every call could be trusted to come from the caller it said it came from. Today’s public telephone network is based on very different (and very open) technology, and fraudsters have happily exploited that to their profit and consumer’s loss. STIR/SHAKEN seeks to re-instate the once inherent security of the public telephone network by applying modern technology to this very modern problem.
This blog was written by Michael Campbell, Product Manager for TITAN applications at NetNumber.