As More Countries Consider International Call Authentication Standards, What Can Regulators Learn from STIR/SHAKEN?

This Industry Viewpoint was authored by Anthony Cresti, Senior Business Development Director at Neustar

Illegal robocalling knows no borders, plaguing enterprises and consumers around the world. The United States remains the primary target with 45.9 billion robocalls received in 2020, but this issue has huge international implications, and no country is immune. Naturally, telecom regulators are looking for solutions.

Call spoofing is one of the primary attack vectors used by fraudsters, so it follows that regulators are more closely evaluating call authentication as a solution. The challenge, however, is that there isn’t yet widespread adoption of a single international call authentication standard. Without one, international robocalls can still go through to enterprises and consumers. Data indicates that in the U.S. phone scams accounted for $30 billion in consumer losses in the last 12 months. At the same time, billions of legitimate international calls are being mislabeled as spam, or blocked, because the originating caller in another country cannot be confidently identified.

International standards needed but not easy

Most agree that integrated call authentication standards around the globe would be valuable. It will require collaboration among international regulators, standards bodies, network operators, and equipment manufacturers. It makes sense then, as countries investigate potential solutions to mitigate robocalls, call spoofing, and fraud, to learn from the example of the call authentication standard already in place in the U.S. and Canada.

There are a lot of lessons to be learned from the North American model of STIR/SHAKEN. STIR, or Secure Telephone Identity Revisited, has potential as the basis for a universal standard that can be deployed to define how a call is authenticated using SIP-based services. STIR has also been tested extensively in the ATIS Testbed by domestic and international carriers for many years. SHAKEN, on the other hand, was designed specifically for the U.S. and Canada. But because it deals with governance issues in how STIR efforts should be managed, it can be used by international regulators as reference. It serves as a governance model that meets the needs of domestic laws and operators while maintaining interoperability with the rest of the world.

The next stage for STIR/SHAKEN

As many have shared with the FCC in the U.S., STIR/SHAKEN has proven to be a viable call authentication process, and all signals point to aspects of it being duplicated overseas. That isn’t to say, however, that STIR/SHAKEN has been perfectly effective. Critics are quick to point out that robocalls still are a significant problem after its launch. That view is understandable yet often shortsighted; STIR/SHAKEN was designed to prevent call spoofing and is complementary with the use of analytics that help stop unwanted robocalls, which may not be spoofed. The implementation of any call authentication program should be flexible, allowing changes as regulations, carrier policy rules, enforcement, and even technology evolve to meet industry needs. This flexibility increases the opportunity for international exchange expanding the ability to stop the costly and disruptive effects of fraudulent calls.

The next critical stage in the evolution of STIR/SHAKEN is to give enterprises the ability to digitally sign and authenticate their own calls, extending trust to the point of call originations. With delegate certificates, organizations can sign their calls and more directly control their outbound call experience. They empower enterprises to authenticate calls to enhance the certainty of the origin of calls, but also give both domestic and international providers the information needed to effectively mitigate robocalls from bad actors. The success of this process is dependent upon enterprises having their numbers vetted by an outside authority through an ongoing process that validates multiple data points against authoritative data sources.

It’s also necessary to address the many calls that transit legacy TDM networks which do not support STIR/SHAKEN. In these circumstances, a call will reach the terminating carrier without the accompanying STIR/SHAKEN information to verify the authenticity of the call. The industry talks about going to an “all IP world,” but until that happens, we need an out-of-band solution that enables STIR/SHAKEN call authentication regardless of the network it traverses.

Looking abroad and to the future

While STIR/SHAKEN has been adopted in North America, it shouldn’t be assumed that this exact model will be the answer for all countries. There are considerations when implementing call authentication standards, such as local laws, social norms, infrastructure, available technologies, and interoperability between countries. The call authentication MAN Program developed in France serves as a good example of a system that is specific to its country’s needs while considering international needs. As more countries bring systems on board, the ability to decipher between legitimate and fraudulent calls will only get stronger. This brings us closer to the goal of reducing spam calls between countries and better protecting citizens, no matter where they are.

About the Author

Anthony Cresti is a Senior Business Development Director at Neustar. Over the last 20 years, Anthony has a proven track record of building products, companies, and global partnerships in the Internet, telecommunications, and technology sectors. Before Neustar, Anthony held corporate business development and strategy positions at iconectiv, Telcordia Technologies, Hawk Holdings, Qwest Communications, Icon CMT Corp., and Chemical Bank. Anthony earned his bachelor’s degree in Industrial Engineering from Rutgers University.

If you haven't already, please take our Reader Survey! Just 3 questions to help us better understand who is reading Telecom Ramblings so we can serve you better!

Categories: Government Regulations · Industry Viewpoint · VoIP