Skip to main content

STIR/SHAKEN Gets the Boost It Needs

picture of the capitol building

New FCC regulation targets gateway providers letting robocalls into the US

In the past two years, there’s been an estimated 8% decline in robocalls in the US since the major communications service providers (CSPs) were required by the Federal Communications Commission (FCC) to implement STIR/SHAKEN call authentication. Nevertheless, the overall number of spoofed calls and robocalls remains far too high. In 2022, the FCC discovered over 8 billion robocalls were made during a four-year period from just one auto warranty scam based out of Panama — where the FCC has no authority and STIR/SHAKEN doesn’t exist, making it harder to stop.

The international robocall threat is huge. An industry group found 65% of CSPs transmitting illegal robocalls were either foreign based or gateway providers (i.e., US carriers offering a path, or gateway, for international carriers to terminate calls in America). The FCC realized it needed to go one step further if STIR/SHAKEN was to have a meaningful impact. On June 30, 2023, a new rule went into effect stating just like US voice service providers, gateway providers are now also required to implement the STIR/SHAKEN caller ID authentication framework into their IP networks.

Why it’s time for gateway providers to fully implement STIR/SHAKEN standards

International calls coming into the US are typically managed by gateway providers. Under the FCC’s earlier regulations, it wasn’t clear if gateway service providers were required to implement STIR/SHAKEN. This left the door wide open for fraudsters to exploit. Requiring these providers to implement STIR/SHAKEN enables regulators to see which operators are allowing robocall traffic into the US and, most importantly, to block them from doing business if they continue.

Here’s what gateway providers must do:

  1. Implement and register: Each gateway provider must have implemented the STIR/SHAKEN protocol into their IP networks by the June 30, 2023 deadline and register with the Robocall Mitigation Database (RMDB).
  2. Alert and act: If the FCC identifies suspected illegal traffic coming from a gateway provider, it will notify that provider and give them 14 days to block it.
  3. Plan and prevent: The gateway provider must also develop a plan for blocking “any traffic that is substantially similar” to the flagged traffic and share their plan with the FCC. Carriers can do this with analytics tools designed to detect suspicious calling patterns like call duration, call frequency, call completion ratios, neighbor spoofing and sequential dialing patterns.
  4. Escalate and enforce: If the FCC’s initial request gets ignored, it will issue a final determination order requiring immediate downstream providers to block all traffic from the gateway provider within 14 days if they don’t comply. The final step is to remove the gateway provider from the robocall mitigation database, which essentially puts them out of business.

STIR/SHAKEN and the Industry Traceback Group: A one-two punch

On May 23, 2023, the FCC announced it had issued its first final determination order against a gateway provider that, despite repeated warnings, was passing along a massive number of scam calls impersonating a major financial institution. This type of fraud can have devastating consequences on consumers.

Read: How Financial Institutions Can Prevent Costly Phone Scams and Improve the Call Experience for Customers

While it’s too early to measure the full impact of the new gateway order that just went into effect, STIR/SHAKEN and the increased enforcement it enables are already delivering change. According to the FCC, there’s been a 99% drop in auto warranty scam robocalls, and an 88% month-to-month drop in student loan scam robocalls. That may in part be due to the FCC’s enforcement activities. In April, 2023, the FCC issue a fine of close to $300 million for auto warranty scam robocalls made by the largest illegal robocall operation the agency has ever investigated.

The Industry Traceback Group (ITG) is a consortium of companies from across various communications industries that collaborate on behalf of the FCC to trace, source and ultimately, stop illegal robocalls. Hundreds of domestic and foreign providers have agreed to give the ITG the actionable information it needs for both private and public law enforcement referrals.

A key value of STIR/SHAKEN is it helps improve traceback capabilities. STIR/SHAKEN helps mitigate robocalls by ensuring calls are not spoofed, while traceback enables enforcement agencies to identify and prosecute bad actors. In addition, under the new ruling, gateway providers must also maintain a current ‘Do Not Originate’ list of phone numbers that should never be allowed onto their networks.

It's our hope as these robocall mitigation efforts take effect, fewer call fraud schemes will be successful and phone calls will once again become a trusted communications channel. But, as an industry, we can’t slow down our efforts — especially considering new advancements in generative AI and voice deepfakes. Fraudsters will continue to leverage every advantage to succeed. It’s up to us to stay one step ahead.

Learn how TruContact™ Caller ID Authentication, Powered by Neustar®, helps communications service providers (CSPs) reduce call spoofing by digitally signing calls using STIR/SHAKEN authentication. Our award-winning TruContact™ Branded Call Display, Powered by Neustar®, takes call authentication a step further by enabling enterprises to let customer know the call has been verified, and can be trusted.

Do you have questions? Our team is ready to help.