SHAKEN/STIR Makes Its Grand Entrance
In my last article, I focused attention on telecom fraud and its continued global rise. With organizations and carriers hit with losses of $29.2 billion in 2017, and even more expected in 2019 and 2020, it was definitely worth a look at this expensive enterprise issue. One of the areas that I briefly discussed in the article was the SHAKEN/STIR protocols that carriers and the FCC are attempting to push out in an effort to stem the robotide of fraudulent robocalls, but that has become “so two months ago.” SHAKEN/STIR has made its grand entrance.
In late March, AT&T and Comcast heralded the arrival of the first SHAKEN/STIR verified call exchange to be successfully passed between the two carriers. This authenticated exchange between two major U.S. carriers -- a milestone claimed to be the first of its kind -- was able to identify both a verified call as well as a spoofed call at initiation and notify the termination point of the validity of the caller ID information being presented to the terminating carrier.
Up until this successful deployment and testing of SHAKEN/STIR at the carrier level, end users had very few ways to combat the ever-increasing numbers of robocalls received daily. From the enterprise phone, to their personal cell phones, these robocalls -- estimated at 5.2 billion calls per month in January 2019, up from 2.3 billion observed in January 2016 -- have not only been annoying, they have been time-consuming and expensive, too.
According to a recent bill introduced in the North Dakota legislature (House Concurrent Resolution No. 3005), “small businesses in the United States waste an estimated 20 million hours per year dealing with illegal, unsolicited, and unwanted robocalls, translating to at least $475 million in lost productivity annually.“ From pleas to legislative bodies at both the state and federal levels, to ignoring calls, to attempting to deploy software solutions on internal phone systems, businesses small and large have been looking for a way to stop the madness and regain control.
But to be honest, the success of AT&T and Comcast in the SHAKEN/STIR call pass is only a (very) preliminary step in regaining governance over telecom. Why? The answer is complex:
- Carriers have not yet determined what -- if any -- information they are going to pass through to the end user’s telecom system. At this point the receiving carrier noting that the call is unverified does little to alert the end user of the potentially fraudulent call.
- The SHAKEN/STIR blocking and identification protocols can only address SIP-initiated calls and only those initiated domestically. This leaves an entire pathway -- including TDM -- for calls to still make it through (Atis.org).
- SHAKEN/STIR protocols are not only a carrier-based solution and will require implementation on the enterprise network system. Sadly, not all enterprises have the time or resources to deploy solutions to block these calls effectively.
That is not to say that SHAKEN/STIR is not an exciting proposition, but simply that the excitement of the first successes from the carrier must be tempered. Ultimately, the concerted efforts of legislation, carriers, and enterprises will bear fruit at the hands of SHAKEN/STIR; it simply will take time, energy, and money. What are the next steps? From a high-level perspective:
- Government – Legislation must continue to push carriers to continue SHAKEN/STIR implementation across their platforms in an effort to stop, or at least identify, the calls as they are initiated. In late January 2019, a “Stop Robocalls” bill was introduced in the U.S. House of Representatives to strengthen the bite behind the FCC’s pursuit of robocallers, reconfirm the need for proper CID information, and address consumer consent to receipt of such calls -- a great first step.
- Carriers – The carriers must continue to test and roll-out the SHAKEN/STIR protocols in an effort to reintroduce confidence to the sound of a ringing phone. The larger carriers must also work to ensure the smaller carriers -- where more TDM-based calls pass through -- can keep up with the rapid technological advances.
- Enterprise – While remaining cautious, enterprise telecom teams should begin to look at the multitude of software and hardware-based options that are hitting the marketplace to strengthen their environment, while continuing to give guidance to their internal users as to how to handle these robocalls.
With a healthy dose of reality from each of the actors, and an understanding that the robocall solution will take time and will require significant investment on the part of the government, carriers, and enterprise to combat, that glimmer of hope provided by AT&T and Comcast in late March as they shared call data does make one thing certain: The 1,500 robocalls received per second in 2019 are finally and squarely in the sights of the very entities that can stop them. It has been a long time coming, and yet, we still have a long way to go.