Communication service providers face a growing problem. As robocall attacks become more...
In the ongoing battle against robocalls, service providers can find themselves contending with a litany of obstacles. Most recently, there has been concern over the requirement of gateway providers to sign unsigned calls. With calls that originate from foreign service providers beginning to sign calls, fewer unsigned calls would hit gateway providers. Thus, for larger service providers, the cost to implement SHAKEN in their gateways seems unnecessary and excessive.
In this article, we cover:
- The current roadblocks in STIR/SHAKEN implementation.
- Service provider and carrier response to the latest pending rules.
- How a robocall mitigation service can provide relief.
Let’s take a moment to rewind back to the start of this story, relatively speaking. In June of 2021, in an effort to ensure call recipients could trust callers were who they said they were, service providers were required to implement a framework of interconnected standards known as the Secure Telephony Identity Revisited (STIR) and Secure Handling of Asserted information using toKENS (SHAKEN), or STIR/SHAKEN. By July of 2021, calls traveling through interconnected phone networks would have their caller ID signed as legitimate by originating carriers and validated by other carriers before reaching customers. As part of this effort, the FCC required service providers to certify in the Robocall Mitigation Database that full STIR/SHAKEN implementation was achieved or that a robocall mitigation program was being utilized to ensure illegal robocalls were not originating from their networks.
Consider, however, that AT&T estimates it will cost in excess of $10 million over the course of two years to implement SHAKEN in its gateways to sign unsigned international calls. And for what? It argues that international providers originating calls do not sign with STIR/SHAKEN and therefore its international gateways could only assign these IP calls C-level attestation. C attestation, it argues, authenticates nothing; it only indicates that the service provider is the point of entry to the IP network for a call that originated elsewhere. In other words, AT&T argues that there is no point in requiring the excess burden of signing an unauthenticated call when there is no material value to doing so at this point.
Indeed, AT&T points to the NANC CATA Working Groups’ efforts toward international adoption of STIR/SHAKEN as a more viable means of curtailing robocalls originating overseas. Further, it argues that C-level attestation would be most effective as a requirement for small non-facilities based voice service providers, since they have been identified as the most likely source of illegal robocalls. The FCC has in fact already shortened the original extension for STIR/SHAKEN implementation for this group considering its “greatest risk of originating illegal robocalls.”
Verizon shared a similar opinion, recommending automation of traceback rather than signing unsigned calls at gateways. USTelecom, NCTA, Lumen, and others have expressed similar sentiments in letters to the FCC.
How To Avoid Cease-And-Desist Letters
With a common goal of robocall prevention in mind, the most sensible approach to eliminating unlawful voice and text campaigns is implementation of robocall mitigation services. Solutions such as YouMail Protective Services detect and interdict unwanted traffic that would otherwise originate, traverse, or terminate networks. As interconnection between rural telecom operators and networks remains for years potentially, STIR-authenticated calls will be ineffective in terms of validation as tokens are lost prior to reaching terminating carrier networks.
Rather than taking action that sinks tens of millions of dollars and multiple years on signing unsigned calls at gateways, robocall mitigation services present a viable alternative that reduces provider risk from FCC fines and actions; lowers the risk of lawsuits, bad press, and lost customers due to noncompliance; saves IT resources by outsourcing these tasks to subject matter experts; and offers more accurate outcomes by leveraging millions of data points.
A viable robocall mitigation service should go beyond event-based analytics, utilizing content-based analytics to:
- Score telephone numbers
- Monitor telephone number behavior
- Provide traffic analysis
The ultimate goal here is for voice service providers to avoid noncompliance and/or poor management. To that end, we suggest that they consider YouMail Protective Services, including its three primary solutions: YouMail PS Score, YouMail PS Watch, and YouMail PS.
Don’t delay another moment. Schedule a demo of YouMail Protective Services today.
