October 27, 2021

FCC Proposes STIR/SHAKEN Implementations with Gateway Carriers

The communications industry developed the STIR/SHAKEN framework in coordination with federal regulators to prevent robocalls. Now that companies have successfully implemented the framework, many consumers are surprised to learn that they still receive annoying robocalls. Understandably, many people feel frustrated by a problem they believed would have been solved by now.

FCC STIR/SHAKEN Implementations on Gateway Carriers

A closer look at the issue reveals why robocalls continue to reach North American households: the calls originate overseas.

Gateway carriers connect international calls to phone networks within the United States. Currently, the FCC does not require gateway carriers to use STIR/SHAKEN call authentication. This loophole makes it possible for robocalls that originate overseas to reach Americans. The FCC hopes to change the situation soon to put an end to forbidden robocalls.

What Is a Gateway Carrier?

Gateway carriers connect calls from overseas to IP networks within the US. Since gateway carriers operate outside of the US, the FCC does not have jurisdiction over them, which makes it very difficult to enforce the STIR/SHAKEN mandate.

Currently, the FCC is considering a few new rules that would help prevent gateway carriers from sending robocalls to US networks. The most recent plan would force gateway providers located in the US to adopt STIR/SHAKEN technology. If they cannot authenticate calls from overseas, they must refuse to connect the potentially illegal calls from getting passed on to US IP networks.

Technically, overseas call centers could continue placing illegal robocalls. The rule would simply force US-based carriers to authenticate incoming calls.

How Carrier Tiers Affect Attestation Ratings

Call authentication relies on a chain of trust (also called a “triangle of trust”). The chain involves three major steps:

  • A policy administrator manages integrity certificates.
  • A governance authority coordinates with the policy administrator to generate certificates.
  • A certificate authority creates a secure telephone identity (STI) and sends it to the service provider to show that it has SHAKEN network approval.

The authentication process creates three levels of authentication grades:

  • A: Full attestation
  • B: Partial attestation
  • C: Gateway attestation

Most calls that originate overseas fail to get Grade C attestations, which means the carrier cannot authenticate the call’s origin.

If these calls came from within the US, they would fail the STIR/SHAKEN protocol and never reach their intended destinations. Since they come from outside the US, they’re allowed to pass through to US IP networks despite only reaching Level C. It’s a loophole that the FCC plans to close as quickly as possible.

FCC Proposes Changes to Gateway Carriers

The STIR/SHAKEN framework does its job very well. It has already significantly reduced the number of domestic robocalls. STIR/SHAKEN has also helped lower the amount of call spoofing that happens within the US.

Unfortunately, scammers have pivoted to overseas call centers so they can avoid the new regulations and continue robocalling Americans. Despite the improvements, problems persist for American households and businesses.

Gateway Carriers' Responsibility

The FCC wants to impose three major changes on gateway carriers to make STIR/SHAKEN even more successful. Those plans include requiring all US gateway carriers to:

Making US gateway carriers responsible for the calls they let pass to US IP networks will probably play the most significant role in stopping overseas robocalls from reaching the US. Since these companies operate within the US, they must abide by FCC regulations. Now that they have gotten the FCC’s attention for letting a minor loophole damage the performance of STIR/SHAKEN, it’s just a matter of time before regulators rein them in.

Practically everyone in the US will benefit from this action. Businesses will gain more control over their brand reputations, and households will receive fewer unwanted calls from potential scammers.

Protecting Your Business Numbers While the FCC Expands Its Reach

The FCC and phone service providers have spent years developing the STIR/SHAKEN framework. It will also take some time for the FCC to expand its reach and bring gateway carriers under control.

In the meantime, your business numbers could suffer from call spoofers operating overseas. Call spoofing makes it possible for scammers to call consumers with your phone number. When someone answers the phone, they will see your number on their caller ID. Depending on the number, the caller ID might also show your business’s name.

It only takes one spoofed call to damage your number’s reputation.

Monitoring Your Phone Number Reputation

Caller ID Reputation gives you the most effective way to monitor your numbers' reputation while the FCC continues improving STIR/SHAKEN regulations to stop overseas robocalls and spoofers. With Caller ID Reputation, you can see when a service provider or smartphone app blocks your number. You can’t change the number’s reputation, but you can stop using it and assign new numbers to your staff members.

Poor number reputation can damage all types of organizations, including hospitals and small businesses as well as call centers. Contact Caller ID Reputation today to learn more about protecting your numbers.

See how Caller ID Reputation® can support your business!

Caller ID Reputation Benefits