First STIR/SHAKEN Verified Call across Three Telcos

A group of American operators have announced they are the first to validate the originating number of a call using the STIR/SHAKEN protocol across three different networks. The claim was made by T‑Mobile US, Comcast and Inteliquent; you can see T‑Mobile’s press release here. The STIR/SHAKEN specifications permit digital signatures to be associated with telephone calls, thus preventing the spoofing of caller IDs by verifying that the originating number is genuine.

The adoption of STIR/SHAKEN has been a priority for the US market since mid-2018, when the national regulator, the Federal Communications Commission (FCC), started taking more aggressive action against fraudulent robocalls. However, American customers still await the comprehensive deployment of STIR/SHAKEN across US telcos. The FCC grew impatient in November 2018, and challenged telco CEOs to set deadlines for implementing STIR/SHAKEN. It then took until March 2019 before Comcast and AT&T connected the first cross-telco STIR/SHAKEN call in the USA. Now three telcos have shown they can collectively make STIR/SHAKEN work for a single call routed across their networks, but there are many other combinations of US telcos who will need to deliver in order to verify all calls originating within the country.

Some believe that telcos and regulators worldwide will follow the lead of North America by also using STIR/SHAKEN to prevent spoofing. This would be convenient, because the problem of fraudulent robocalls cannot be solved at a national level. More and more fraudulent calls are made across international borders, so a single-nation solution will not protect American subscribers from con artists based overseas. However, the stuttering progress in the USA suggests that the global roll-out of STIR/SHAKEN will be slow, and far from universal. STIR/SHAKEN already suffers the limitation that it can only work if the entire call is carried across IP networks. Telcos and regulators need to be realistic about the patchy protection that STIR/SHAKEN will deliver for the foreseeable future, and should also seek to encourage other methods that identify and filter calls from spammers and fraudsters.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.