March 18, 2020

How Does Call Authentication Work With SHAKEN/STIR Framework?

| | |

How Call Authentication Works With SHAKEN/STIR

No one, other than scammers, like call spoofing technology that lets criminals hide their phone numbers. The problem with call spoofing has gotten so bad that the FCC has mandated the adoption of a SHAKEN/STIR caller authentication framework that will prevent scammers from taking advantage of consumers.

Caller ID authentication will do good things by preventing crime. The new technology, though, has legitimate businesses worried that they cannot keep up with the mandate.

Instead of fretting about the effects, learn about the current state of caller ID authentication and how you can prevent your numbers from getting blocked or mislabeled as scams. A little knowledge now should help your company reach its customers even as the new technology becomes popular.

Who Is Developing SHAKEN/STIR Call Authentication Technology?

A lot of companies are developing call authentication technology. Most major phone service carriers want to roll out authentication features that make their customers feel safe. AT&T and T-Mobile have already started using SHAKEN/STIR call authentication across their networks. This isn’t an issue that businesses will have to worry about in the future. It’s an immediate problem that anyone relying on outbound calls needs to address today.

Plenty of app developers are also making stand-alone software for smartphones. These apps rely on users to report spoofs and scams, so they don’t work across networks, yet. As more people get tired of spoofed numbers, though, you can expect more numbers to get blocked. Users may also mistakenly identify spoofed numbers, which could put call centers at risk.

Before SHAKEN/STIR can become truly effective, the entire industry needs to adopt the standard. Considering AT&T and T-Mobile are two of the biggest service providers in the U.S., though, you can’t sit on the sidelines to see how the technology will evolve.

Why Is SHAKEN/STIR Call Authentication Necessary?

SHAKEN/STIR call authentication has become necessary for two reasons:

  1. Millions of people in 2019 were targets of robocalls and call spoofing.
  2. The FCC is taking the problem so seriously that it has sent letters to most cellular phone providers and issued a mandate to adopt call authentication technology.

If cell phone companies don’t start using call authentication, they will eventually face threats of fines from the FCC. They don’t want that trouble, so they’re investing in technologies that make the government happy and protect their customers.

SHAKEN/STIR call authentication will reduce the number of scams that criminals commit over the phone. It probably cannot eliminate the threat, but it will help consumers significantly.

The unfortunate side effect is that some of your business’s phone numbers might get flagged. The right software can help keep your numbers clean and tell you which numbers have flags.

How Will Call Authentication Actually Work?

Call spoofing is surprisingly easy for motivated criminals with the right software. They can spoof practically any phone number, including those of your close friends, loved ones, and companies that you trust.

To make matters even worse, no one currently has a way to completely prevent call spoofing.

Industry-wide adoption of SHAKEN/STIR will combat the call-spoofing problem. The authentication system involves a lot of coding that takes training to understand. You don’t need any special skills to know the basics of how call authentication will actually work, though, because it requires five steps.

The 5 steps of caller ID authentication

  1. The outbound caller’s service provider (AT&T, Verizon, etc.) receives a request and checks the call’s origination.
  2. The outbound service provider uses an authentication service to ensure the call’s origination.
  3. The service provider generates a token and uses an SIP header (see below)* to pass the token to the receiving person’s service provider.
  4. The receiving service provider authenticates the token and verifies that the origination corresponds to the correct number.
  5. The receiving service provider decides whether it should connect or block the call.

*An SIP header contains information like:

  • The calling and receiving phone numbers.
  • A timestamp of the call.
  • The attestation level.
  • The call’s origin location.
  • An authentication signature.
  • The certificate repository’s location.
  • An encryption algorithm.

If you want to learn more about the details of how call authentication works, read this blog post from last year.

How Will Call Authentication Affect Your Business?

Call authentication is not a scheme intended to target legitimate businesses from reaching their existing and potential customers. The government, app developers, and service providers want the technology to prevent robocalls and call spoofing used by scammers.

In fact, a lot of people believe that effective caller authentication will help businesses. Theoretically, calls coming from legitimate businesses will display a “Caller Verified” message that tells consumers it’s safe to answer the phone.

Reducing the number of robocalls and spoofs should also improve consumer confidence. As long as you call from a reputable number, you will have more opportunities to reach potential leads. When people don’t need to worry about scams, they can feel better about answering all calls that don’t come with warnings.

With that said, no one knows exactly what will happen when SHAKEN/STIR rolls out across the telecom industry. There could be some unforeseen consequences that disrupt your business’s operations.

Fragmentation of call blocking data

It’s also unclear how legitimate businesses can dispute warnings or resolve issues. At the moment, the FCC doesn’t have a department set up to handle complaints from businesses that receive flags accidentally. If your phone numbers get flagged or auto-blocked, then you could have a very difficult time reaching clients. Who knows if you’ll ever have a chance to use the number again?

You don’t have to wait and see how SHAKEN/STIR call authentication will affect your business. Caller ID Reputation’s software can protect your company or call center by managing your outgoing calls, monitoring your numbers to determine whether they have flags, and alerting you to flagged numbers that could prevent you from reaching your customers.

Improved call authentication is a good thing, but you can’t take any chances. Reach out to Caller ID Reputation to protect your reputation today and after SHAKEN/STIR becomes an industry-wide standard.