Robocalling faces a new Robocop with US TRACED Act
Robocalling has been an intrusive annoyance to millions of people on a day-to-day basis to the extent that they no longer pick up their phones to calls from outside their contact lists. This is costing carriers revenue due to fraudulent traffic pumping as well as for legitimate business rate calls and causing time-consuming delays for enterprises of all types. The good news is that recent US regulation to stamp out robocalling has been enacted and there are now robust verification solutions to make people trust their ringing phones once more, writes George Malim.
The irritation of receiving intrusive robocalls, is very real for consumers and comes in addition to the financial impact of frauds perpetrated using robocalling. As a consequence, voice communication has lost its trusted position as a means to communicate with customers, this is particularly acute for enterprises looking to communicate with customers who do not have the enterprise number in their address books. It is estimated that almost 50% of US mobile traffic was composed of scam calls in 2019 and 75% of all calls are left unanswered when it comes from an unidentified or unfamiliar number.
Take for example an insurance company trying to progress a customer’s claim and it’s clear that, if the customer doesn’t answer the phone, the claims adjuster can’t gather information and make an offer of settlement. If each call takes multiple attempts or falls back onto other channels such as email, a relatively short process can be extended with delays caused to the insurer and the customer, as well as additional costs associated with repeated calling and administration.
Fortunately in the US, which saw more than 48 billion robocalls in 2018, regulation has been enacted to stamp out the practice. Robocalling, from relatively innocuous roots has become so intrusive that something had to be done. Telecoms carriers are fully behind this because they are suffering lost revenues from decreased business rate calling and, although customers do not hold them responsible for robocalling, carriers are expected to act to stamp out the practice.
A perfect storm of complaints to the Federal Communications Commission (FCC), Senate and Congress, has resulted in new legislation, called The Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED). This could see robocallers fined up to US$10,000 per call by the Federal Communications Commission (FCC). However, of more immediate use will be the component of the legislation that requires carriers to verify caller identities.
Robocallers SHAKEN and STIRRED
This is seeing US carriers roll out a caller verification service based on the SHAKEN (Secure Handling of Asserted information using toKENs) and STIR (Secure Telephony Identity Revisited) protocols. These enable a cryptographic method that utilises public and private keys so the caller ID can be verified. The high level of encryption means the caller ID info can’t be tampered with from end-to-end thereby enabling the calling number to be verified to the consumer.
The aim behind this approach is to get people to trust voice calls again, but carriers can’t act in isolation because caller verification needs to happen for calls that originate and terminate in different carriers networks. An independent policy administrator is therefore required to ensure only legitimate and trusted entities can participate in the SHAKEN/STIR Caller ID ecosystem.
It’s important that the integrity of service providers and certificate authorities are maintained so that service providers are able to legitimately sign calls. In the US, the secure telephony identity (STI) Policy Administrator confirms which service providers are authorized to request STI certificates and reviews and approves STI-certificate authorities who issue them. Service providers that meet certain criteria can register with the STI-Policy Administrator. In the US, three key components are required: FCC documentation 499, which are filed by interstate or international telecommunications providers in the US to register for the Universal Service Fund,, an operating company number (OCN) and direct access to telephone numbers from the North American Number Plan and Pooling Administrators.
In the US, iconectiv is the Secure Telephone Identity Policy Administrator and the company’s TruReach Certify platform acts as the foundation to ensure that only legitimate and trusted entities can participate in the SHAKEN/STIR ecosystem. This means not only the market leaders Verizon, AT&T and Sprint can offer verified calls but also the large number of regional, local and other carriers.
This capability will become even more important as nations outside of the US adopt caller authentication in their efforts to stamp out robocalling. Although, the US is currently the largest robocalling market, as it becomes harder to operate in the US due to regulation and network capabilities, bad actors will move to other nations to focus their activity. Carriers in other markets are therefore already looking at how to defend themselves and their customers from robocalls.
Since the SHAKEN/STIR framework and iconectiv’s TruReach Certify platform are based on a series of industry specifications, they are available to other countries. Upon deployment, it will provide the same levels of carrier authentication, caller validation and secure certification as in the US.
The arrival of voice over IP (VoIP) made it easy and cheap to generate spoof robocalls that insert information such as invalid caller ID numbers and the purpose of SHAKEN/STIR is ensure that the CallerID can’t be tampered with and no one can manipulate the call header. This means fraudsters won’t be able to influence the system and the circle of trust between carriers, service providers, enterprises and customers can remain unbroken in the new ecosystem.
A further asset in the anti-robocalling armoury is that the recently passed TRACED Act that doesn’t just demand caller verification as a means to prevent robocalls but it also set out financial penalties for violators and enables carriers to block certain type calls. The implementation of SHAKEN/STIR also enables that robocalls can be traced back so perpetrators can be prosecuted and work is underway to extend the traceback framework to incorporate this. A fact of robocalling is that they should be traced back to their originating switch in almost real-time, so carriers can shut down sources of robocalls much faster.
Only by turning the tide and re-assuring users that callers are verified coupled with network capabilities for blocking and penalties for robocallers and scammers will the slew of fraudulent and intrusive robocalls end. The prize for carriers is multi-fold: minimising the telco fraud from traffic-pumping, plus happy subscribers and a return to higher levels of business rate calling as the voice call once again becomes an efficient, convenient and trusted method of communication.