What is BASE STIR/SHAKEN? How is that different than the full STIR/SHAKEN implementation?
What was expected for the June 2021 deadline was the implementation of the Base STIR/SHAKEN, or STIR/SHAKEN Standard, which is targeted at the internet IP-based service providers (non-IP providers will not be implementing it) to address Enterprises.
This means a SIP infrastructure is needed to add the certificate to attest the call. It assigns a telephone identity to be attached to the SIP invite, which is then transported over the SIP network to the terminating service provider, who does the reverse. The certificate is then validated and signed by the relevant key that has been attested, and they can choose how to terminate the call.
Does STIR/SHAKEN stop all robocalls?
While STIR/SHAKEN will help identify the origin of harmful robocalls, it will not completely eliminate all illegal robocalls for good. It's important to note that not all robocalls are harmful. Many legitimate companies communicate all sorts of information via 'robocalls’ especially automated communications such as appointment reminders, delivery notifications, school closures, etc.
While the STIR/SHAKEN framework allows authentication of calls between originating and terminating service providers, it is not a silver bullet solution. It cannot determine the illegitimacy or legitimacy of the intent of an incoming call. It cannot validate that an incoming call with an A-level attestation has originated from an actual phone number, which is not being 'made up' or stolen from a legitimate business, organization, or consumer.
It is the responsibility of the originating service provider to ensure the caller is authorized to use the calling number and, if so, apply the A-level attestation, which indicates that status. Because the signature of the signing service provider cannot be spoofed, they are putting their reputation on the line when they provide A-level attestation.
The STIR/SHAKEN framework cannot weigh in on whether the content of the call itself is potentially malicious or unwanted, making call blocking and labeling analytics relevant despite the framework.
How does STIR/SHAKEN stop illegally spoofed calls?
The absence of STIR/SHAKEN technology allowed bad actors to easily misrepresent themselves with impunity when illegally "spoofing" or hiding behind a falsely presented calling telephone number. STIR/SHAKEN should aid in successfully identifying service providers who permit the origination of such calls. STIR/SHAKEN technology adds a cryptographic signature to a call. Verifying that signature identifies and proves which service provider(s) signed the call. With the improved ability to trace back to the origination of illegal activity, STIR/SHAKEN can assist government and telecom entities' ability to identify and stop the source of the illegal robocalls.
However, it is impossible to guarantee illegal spoofers won’t slip through the cracks and end up with a STIR/SHAKEN attested call. Illegal call spoofing may still occur and is not solved or fully protected by STIR/SHAKEN because it can happen at origination before the call gets to the signing provider. Then it is up to the service provider to decide if they have enough information to give it an A-Level Attestation certificate. They might (especially if it’s a crooked carrier), which could result in an illegally spoofed number provided with a green checkmark and deemed a “verified” and “trusted” call. Since STIR/SHAKEN is a new technology still being tested out in the United States, it’s still vulnerable to potential fraudulent activity.
When calls are blocked, is an entity going to get notified that its calls are blocked?
This is still considered a bit of a mystery… When the call reaches its destination, the service provider has to decide if the call is an authenticated call or not. Analytics engines analyze aspects of the call for patterns like call volume, time of day, consumer-installed apps on devices that perform call blocking, originating IP, etc., to determine if the call is fraudulent, meaning you could get blocked due to other factors that may be at play.
Call blocking issues typically arise when businesses are originating calls and it’s hard to determine where exactly those calls are coming from. Attestation information gets lost in the call path and terminating carrier analytics could potentially block the call. When this happens, there isn’t a response sent to the originating provider notifying them that the call got blocked but there is an active discussion about introducing an error code transmission in the future.
My carrier completed STIR/SHAKEN, so why are my/my client(s) calls still being labeled?
External to the STIR/SHAKEN call authentication framework are 3rd party algorithms deployed at the wireless carrier level, known as call reputation analytics. These analytics have been deployed across mobile networks since late 2017 and are responsible for calls labeled as “Potential Spam,” “Spam,” “Scam,” “Scam Likely,” “Fraud Alert,” etc. that get assigned to phone calls at termination. Even if the originating provider signed the call with A-level attestation, the terminating provider may still label the call as ‘Spam.’
This could happen if the phone number itself is deemed as a number spamming consumers repeatedly, especially with short-duration calls, or if it was previously designated as a spammer before you used that number.
These technologies will continue to deploy in parallel with STIR/SHAKEN, so if you’re hearing reports from your agents that your calls are ringing through as “Spam” or equivalent, this is due to reputational analytics, not STIR/SHAKEN.
While STIR/SHAKEN does aim to lessen the number of illegal robocalls originating and traversing the network, it does not filter for legal spam calls. STIR/SHAKEN call authentication seeks to achieve the identity verification status of the originating caller as a legal entity and the level to which they have the right to call using those numbers (Attestation Levels A, B, & C). STIR/SHAKEN may have verified your calls and identity, but this does not necessarily mitigate spam labels associated with your numbers. Your numbers could still get labeled as Spam or Nuisance based on various factors like aggressive or inconsistent dialing practices or consumer complaints. In a post-STIR/SHAKEN deployed world, you will still need to implement call blocking and labeling solutions to mitigate spam tags from associating with your numbers and brand.