The US FCC is declaring a victory against spam and spoofed robocalls, though concedes the war against scammers is unlikely to ever end. The largest voice service providers in the US now comply with the STIR/SHAKEN caller ID authentication standards, the Federal Communications Commission announced today, helping make it much tougher for spam calls to masquerade as authentic.
Caller ID was originally meant to give people confidence as to who they were answering the phone to, but techniques to hide or spoof the shown identify came quickly after. Along with it, we’ve seen numerous scams and frauds, from companies claiming to be Microsoft and promising to help with Windows issues, to purported warnings from the IRS about tax liabilities.
STIR/SHAKEN attempts to address that, at least in part, by adding validation to the Caller ID process. In fact, it’s two standards – Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) – which work together to “sign” legitimate calls at their point of origin, and then validate that signature as the call is handed off through various networks.
It’s that compliance across carriers which is key, since without adoption of the standards there’s been no way for any one provider to be entirely sure of what’s being handed over onto their network. With STIR/SHAKEN along that chain, however, the phone company of the person receiving the call can be confident that it is indeed coming from the number the Caller ID claims it to be.
As with any policy that requires multiple companies to all do the same thing and collaborate together, of course, getting STIR/SHAKEN implemented has been an uphill struggle. The FCC had given large voice service providers a deadline of June 30, 2021, to bring the IP portions of their networks into compliance.
“While there is no silver bullet in the endless fight against scammers, STIR/SHAKEN will turbo-charge many of the tools we use in our fight against robocalls,” Jessica Rosenworcel, FCC Acting Chairwoman, said in a statement, “from consumer apps and network-level blocking, to enforcement investigations and shutting down the gateways used by international robocall campaigns. This is a good day for American consumers who – like all of us – are sick and tired of illegal spoofed robocalls.”
It’s unlikely that this will stop robocalls and spoofed numbers altogether. However the FCC says that with more comprehensive logging and tracking across providers, it’ll be easier to spot potential scams earlier on, and pinpoint those responsible.
Smaller voice service providers – those with 100,000 or fewer subscriber lines – currently have until June 30, 2023 to comply with STIR/SHAKEN. However, the FCC is also considering pulling that deadline forward, after the discovery that illegal robocall scams are targeting the smaller companies now to originate the spoofed calls.
It’s also worth remembering that just because the Caller ID may be legitimate, that doesn’t mean the call itself necessarily will be. “This improved information will help verify the phone number from which the call was made – or flag that it is not verified – and help blocking services both at the consumer level and before the call reaches the consumer,” the FCC warns. “But consumers should remain vigilant against robocall scammers.”