Unwanted robocalls are the top most common complaint made by consumers regarding communications services. For the US alone both the FCC as well as the FTC received more than 6.8 million calls in 2018, And even more alarmingly, Americans reported $1.48 billion in fraud resulting from calls.
The consumers you have as subscribers are becoming increasingly dissatisfied and could be susceptible to being swindled by scammers. The result is that customers will be more reluctant to answer the phone, and are much more inclined to break the line.
Effective robocall solutions consist of two main components – Real-Time Analytics and STIR/ SHAKEN.
What is Real-Time Analytics?
One of the main causes of the issue is that callers who are not good constantly change their call behaviors, like the number they dial from, and the number they’re calling. Real-time Analytics (aka Reputation Database or Call Validation Treatment, CVT) is a highly-dynamic machine that analyzes data from various inputs, like live calls, crowdsourcing, and STIR/SHAKEN inputs. The data engine generates reputation scores for each of the call numbers. The scores change constantly depending on the actions of a bad caller and the score can shift from bad to good within a matter of minutes.
How can a Service Provider benefit from Real-Time Analytics?
When a terminated call is received within the network of the Service Provider and the phone to which it is directed rings the voice core of the network calls the Real-Time Analytics engine to determine the reputation scores of the caller at the moment in time. The next step is determined by the score of reputation.
- When the result is high and the call is made unnoticed to the destination and the phone will ring.
- When the caller’s score is low it will be treated based on how poor the call was. For instance, the company may block the call with an announcement, send it to voicemail or send an alert to the caller’s ID (such as ‘SPAM’) ?’), to ensure that the person who is receiving the call knows that they must approach the call with care.
It is essential to have a reliable service in which the Real-Time Analytics is always up-to-date, accurate, and based on as extensive a set of data as it is possible. It is determined by the quantity and depth of the data being received and the performance of the algorithms used in the engine for data. It is essential to ensure that the calls are received and through, but as spam filters, for emails, there are false positives to be anticipated. This is why it’s crucial to select a high-quality solution for carriers that includes a real-time Analytics engine that has a low rate of error. It should also incorporate methods for quickly fixing errors, for example, the ability to allow carriers to include numbers in the safelist and allow customers to submit issues themselves.
STIR / SHAKEN
Caller ID fake ID
Spoofing of the caller ID is the practice of deliberately faking the caller ID of the phone and is now a frequent technique employed by callers who are robocallers. Due to the rapid growth of VOIP technology, spoofing has become extremely simple. When the caller ID is disguised as something familiar, consumers will be more inclined to receive the call. For instance that a robocaller can create the impression that the caller has been from a large institution, such as the national bank or an individual phone number (‘neighbor fake’).
Spoofing is a crime and is distinct from altering the caller ID due to legitimate reasons, like in the case of a call center calling on behalf of a company and showing the ID of the company.
One of the most important aspects to combat the issue of robocalls is protecting from spoofing of caller IDs and STIR/SHAKEN is the standard that provides precisely what it says. It accomplishes this by authenticating the caller’s identity at the point of origination of the call and authenticating the caller ID at the conclusion point. This technology, when combined with Real-Time Analytics allows users to take an educated choice regarding whether to pick up the phone.
What is the process behind STIR and SHAKEN’s work?
STIR SHAKEN and STIR SHAKEN is a well-established Public Key Infrastructure (PKI) technology, which is applied to the phone network, to verify and sign the identity of the caller on the call.
When the call is initiated at the beginning of the phone call (steps (1) (2) and (2)) The Telephone Service Provider uses the authentication service, known as the STI-AS in standards, to create an electronic signature. The signature proves that the service provider has the caller ID signaled by the phone and that the call originates coming from the subscriber that is assigned the number. It is the Authentication Service that places the digital signature into a brand new SIP Identity header that flows to the network that terminates (step (3)). The signature is created using encryption techniques that are widely used online including encryption for debit and credit card transactions.
The call will be terminated at the end of your call (steps (4) through (6)) The Telephone Service Provider uses the Verification Service (STI-VS) to confirm the signature and, ultimately, to determine if the signaled caller ID is authentic and not fake.
The terminating network could perform a variety of things using the outcomes of SHAKEN verification. The most popular uses are in feeding into real-time Analytics and assisting with the traceback of calls that are not good.
What is the reason Real-Time Analytics and STIR / SHAKEN are two of the most important components of an effective solution?
STIR SHAKEN / SHAKEN shields the network from the threat of caller ID spoofing. However, it cannot tell you if the call is good or not. It’s the job of Real-Time Analytics to inform you if the call is either good or bad. But the STIR/SHAKEN feature is crucial because it greatly enhances the quality of Real-Time Analytics. Check out the following examples to demonstrate this.
Let’s say an enterprise client, Bob’s Garage uses 444-333-2222 for the number they contact (their Enterprise Pilot Line). Imagine an opportunist who has spoofed Bob’s phone number.
Utilizing STIR/SHAKEN the calls Bob are signed by digital signatures, whereas those of the fraudsters aren’t. If there is no STIR or SHAKEN signature, it’s difficult for Real-Time Analytics to discern the difference between genuine calls and fraudulent calls. With the signature, Real-Time Analytics can easily tell the difference and differentiate between his calls (allowing them to pass through) as well as the calls of the fraudster (blocking the calls).
STIR / SHAKEN Governance Model
One of the most crucial aspects of STIR and SHAKEN as a secure and trusted system that works within real network environments is the Governance Model. Deploying the Public Key Infrastructure (PKI) over the phone network requires the clear identification of who can be eligible to obtain certificates. It also requires a safe method to obtain and manage certificates, and a method to eliminate any unsavory behavior and swiftly take appropriate actions.
The Governance Model helps to achieve this by utilizing three distinct organizations.
- STI-GA: Governance Authority. Supervises the entire deployment of STIR SHAKEN and STIR SHAKEN and appoints the STI-PA.
- STI-PA: Policy Administrator. Manages the administration of certificate policy, i.e. the list of accredited CAs and those who are able to apply for the certificate.
- STI-CA: Certificate Authority. Issues certified certificates to qualifying organizations.
If a business is looking to get SHAKEN certification then they can apply to STI-PA to obtain a token that the company may use to obtain certificates from the STI CA of the choice.
In the US The STIGA is run by ATIS and was established in 2018and is made up of representatives of both major and smaller US carriers. The STI-GA was appointed by the iconectiv as its STI-PA in the year 2019.
The first set of qualification conditions to apply for SHAKEN certificates is as the following.
- Keep a current version of Form 499A filed with the FCC
- Are issued an operating Company Number (OCN)
- You can directly access telephone numbers through those who are the North American Number Plan Administrator (NANPA) and National Pooling Administrator (NPA)
In Canada, the STIGA will be in charge of the CSTGA and the PA is yet to be named.