CALL SIGNING ANALYTICS: A Proactive Approach to Getting the Most from STIR/SHAKEN

By Ihab Al Shayeb, VP Technology

Since the telecommunications industry adopted packetized voice communications in the early 2000s, the global telephony infrastructure has shifted from circuit-switched networks, also called Time-Division Multiplexing (TDM) networks, to Internet Protocol (IP) based networks. Specialized IP protocols were developed to support Voice Over IP (VOIP) services and Session Initiated Protocol (SIP) and Real-Time Transport Protocol (RTP) emerged as the ubiquitous technology to connect voice calls around the world.

Today, the majority of voice communications services rely on SIP/RTP connectivity including mobile phone calls, and almost all international voice calls connect through SIP/RTP. Packet networks have significant benefits over legacy TDM infrastructure, namely cost. The global voice communications networks have grown substantially due to the simplicity and lower cost nature of IP-based packet networks.

Unfortunately, when it comes to transmission and presentation of phone numbers to user devices and within telecommunications internal call records, VOIP and SIP lack the inherently secure nature of legacy TDM based networks. In VOIP and SIP networks, the calling party phone number is easily manipulated or changed without affecting the call routing and connectivity.

As a result, phone number manipulation has become a rampant problem in the global voice communications ecosystem. Fraudulent or malicious actors routinely manipulate phone numbers to enable billing fraud, social engineering, and surveillance evasion. In the United States, dodgy marketing companies use automated “robocalls” to systematically call through phone number ranges, seeking to prompt vulnerable consumer action.

Unwanted robocalls are the number one complaint from US consumers about communication services. The Federal Communications Commission (FCC) and Federal Trade Commission (FTC) received approximately six million complaints in 2018 and, more disturbingly, Americans reported $1.48 billion in 2018 lost to fraud originated from robocalls.

In response, on March 31, 2020, the FCC approved the mandate for licensed telecommunication voice carriers to implement STIR/SHAKEN. As of June 30, 2021, large carriers (those with more than 100,000 subscribers) must be compliant or face regulatory fines. Smaller carriers have until June 30, 2022.

At a high level, STIR provides the ability within SIP to authenticate caller ID and SHAKEN defines the end-to-end architecture to implement caller ID authentication using STIR. A list of relevant standards and specifications is published at https://www.1routegroup.com/resources/.

A key part of the phone number spoofing problem is that bad actors are continually changing their calling behavior, such as the numbers they call from and who they are calling. The way to make STIR/SHAKEN truly valuable is to incorporate analytics-based solutions for real-time action. LATRO’s Versalytics is a highly versatile analytics solution that consists of multiple detection methods. It integrates with the STIR/SHAKEN STI-Authentication Service and/or STI-Verification Service interfaces, performing deep analysis on the calling and called phone numbers, proactively detecting fraudulent activity, and preventing revenue damaging call manipulation attacks.

STIR/SHAKEN protects the network from caller ID spoofing but does not tell you whether a call is good or bad (i.e. legitimate or fraudulent in nature). It is the job of Versalytics real-time analytics to help you determine whether the call is good or bad. But STIR/SHAKEN is important because it significantly improves the quality of Real-Time Analytics. Take the following example to show this in action.

Suppose an enterprise customer, Jimmy’s Bakery, uses +966 11 222 3333 as the number they call from (their enterprise pilot line). Now imagine there is a fraudster who is spoofing Jimmy’s number.

Using STIR/SHAKEN, Jimmy’s calls are signed with a digital signature and the fraudster’s calls are not. Without the STIR SHAKEN certificate, it is hard for Real-Time Analytics to tell the difference between Jimmy’s genuine calls and the fraudster’s calls. With the signature, Real-Time Analytics can easily tell the difference and distinguish between Jimmy’s calls (allowing them through) and the fraudster’s calls (blocking them).

Telecom operators implementing the FCC-mandated STIR/SHAKEN framework should consider an incremental investment in Call Signing Analytics. With an additional, small budget, the benefit of analyzing voice traffic in real-time will pay back many times over in stopping fraud.