Beyond STIR/SHAKEN: Carriers Need a Multi-Layered Approach

Beyond STIR/SHAKEN: Carriers Need a Multi-Layered Approach

January 3rd, 2019 - Telecom, Identity and Protection

In 2019 U.S. telecom service providers will move forward at varying speeds in the implementation of STIR/SHAKEN – initially across the major tier one phone carriers. TNS’ Paul Florack, Vice President of Product Management, considers how the FCC-sponsored call detection framework will provide a key foundational layer in attacking bad actor robocalls as part of a multi-layered approach to the bad actor robocall threat.

We are certain that a layered approach to the bad actor robocall threat will continue to be required. Based on our own analysis of more than 1 billion network events every day and our broad view across the public switched telephone network as a signaling, IPX and routing hub for over 500 providers, we believe there are a handful of key components for carriers and other stakeholders to consider as part of an effective multi-layered approach.

Call authentication does not address call intent

If those whose work has been focused on detecting and addressing nuisance and illegal robocalls know one thing, it is that bad actors change tactics quickly. STIR/SHAKEN authenticates that a call has not been spoofed, but does not determine caller intent. While call authentication is an important component of rooting out bad numbers, bad actors may still make these calls by registering numbers which, while registered to the callers, are authentically theirs.

So while the call originator isn’t spoofing the number and won’t be able to use the same unauthentic spoofed number over an extended period of time, they can still be effective by changing tactics. It is entirely possible that bad actors will register blocks of numbers, make fraudulent calls, burn through the numbers quickly, drop them, get a new set of numbers and start the process again.

Layered analytics are key

A better understanding of the intent of a call is the work of the real-time analytics layer (i.e., the analytics server). Further, depending on the provider, the analytics server is available for all types of carriers across all networks, whether VoIP or TDM, via ENUM, SIP, AIN, or RESTful API, or all of the above. This layer is already in play today with the major carriers on many devices.

Advanced machine learning methods for blocking robocalls using real-time AI in combination with big data gleaned from the network addresses the constantly changing identities of robocallers. This methodology makes it possible to create an algorithm which can detect call patterns without requiring crowdsourced reporting. As an additional input to this model, crowdsourced feedback allows the analytics provider to layer in context.

Supplementing the unstructured data provided by the machine learning methods, crowdsourced data allows the analytics layer to provide information at a more granular level, such as whether a telephone number is being used to offer free cruises or is a legitimate call from a bank with a fraud alert related to a credit card.

Enforcement and follow-through is required

The FCC continues its exploration of methods to pursue bad actors, including blocking and tracebacks. Naturally, STIR/SHAKEN will play a significant role with respect to blocking and traceback efforts. In addition, analytics providers will be explaining the complex role they play in overlaying context for robocalls that do not involve spoofing and providing the FCC with further insights regarding additional steps that can be taken to address this ongoing problem.

STIR/SHAKEN is indisputably an essential foundational layer to combat spoofing and other robocall tactics, which is why carriers are rightly investing in deploying the STIR/SHAKEN authentication standard in their networks or evaluating STIR/SHAKEN deployment options. Given that we are unlikely to see an all-IP network for several years, carriers should maintain both a short- and long-term focus and expect that bad actors will focus on all available paths leading up to widespread network implementation.

Find details for your appropriate TNS representative on our contact page