The phone rings. Your caller ID says it’s mom. But it’s not. This is an example of caller ID fraud, where scammers use automated dialing software to disguise the name or number that shows on your phone. Caller ID fraud is rampant among illegal robocalls, and the problem is getting worse.
In 2018, caller ID fraud made up 14 percent of all complaints about unwanted calls received by the Federal Communications Commission (FCC) and 1 percent of complaints received by the Federal Trade Commission (FTC). As robocalls skyrocket as a result of the coronavirus pandemic, this number will surely increase by the end of 2020. New legislation, like the SHAKEN/STIR framework, aims to solve the issue but the problem persists. Now a new group wants to win the war against caller ID fraud.
What is VINES?
Validating INtegrity of End-to-End Signaling, VINES for short, is developing solutions to stop caller ID fraud, as well as phone fraud in general. Headed by telecommunications software and services company iconectiv, VINES is a working group formed by the GSM Association (GSMA), which represents mobile network operators around the world.
The new solutions supplement the existing call authentication technology mandated by SHAKEN/STIR. VINES plans to stop the illicit activity that results from caller ID fraud — a contentious issue in the United States.
“Illegal robocalling, caller ID spoofing, and other fraud are enormous, expensive problems for service providers and their customers worldwide,” says iconectiv CEO Richard Jacowleff “VINES brings together the global leaders in trusted communications to identify solutions that service providers worldwide can choose from to mitigate fraud and restore customer trust in communications.”
VINES and Caller ID Spoofing Legislation
VINES will work with the patchwork of legislation laid down by the US and Canadian governments to crack down on caller ID fraud.
Telecommunications service providers (TSPs) in Canada are fast at work incorporating SHAKEN/STIR protocols into their infrastructure networks. The CRTC Interconnection Steering Committee (CISC) — part of the Canadian Radio-television and Telecommunications Commission (CRTC) — wants these companies to authenticate and verify caller ID information for IP-based voice calls no later than September 30, 2020.
In an agreement with the FCC, the CRTC requires TSPs to report their efforts in achieving caller ID authentication and verification to the CISC every 6 months. However, it has yet to set out fines for non-compliance.
The Compliance and Enforcement and Telecom Decision (CETD), implemented by the CRTC, provides TSPs and consumers in Canada with additional resources (other than SHAKEN/STIR) to tackle the ever-growing problem of caller ID fraud. Through the CETD, the CRTC wants to “increase the effectiveness of other measures taken to combat nuisance calls.” These measures include:
- An industry-wide call traceback process so TSPs can track nuisance calls.
- Opt-in call filtering services for consumers.
- Blocking of nuisance calls where the caller ID is “blatantly illegitimate.”
“The STIR/SHAKEN framework is presently the only viable authentication/verification solution that can provide consumers with a measure of additional trust in caller ID,” says the CRTC. The additional measures above will complement STIR/SHAKEN, but the CRTC has yet to finalize implementation dates.
TRACED Act (US)
The Pallone-Thune TRACED Act, a bipartisan bill signed into law at the end of 2019, requires TSPs in the US to incorporate SHAKEN/STIR into their protocols. This bill supplements the Telephone Consumer Protect Act, which came into force in 1991.
Unlike in Canada, there is no set date for TSPs to verify/authenticate caller ID information for IP-based voice calls. However, the FCC has no more than 18 months after the bill passed to require TSPs to implement the framework (June 2021).
There’s another difference. The FCC has set out fines for SHAKEN/STIR non-compliance in the US. There will be a $10,000 fine for each violation of the framework, in addition to the $16,000 fine from pre-existing TCPA legislation. In other words, companies that don’t comply with SHAKEN/STIR face penalties of $26,000.
The TRACED Act also requires the FCC to set out specific rules for when TSPs can block calls that fail authentication. This is good news for genuine telemarketers who don’t want TSPs to block legitimate sales calls.
DART Act (US)
In addition to the fines stipulated under the TRACED Act, the Data Analytics Robocall Technology (DART) Act, introduced in the Senate in 2019, provides the FCC with additional enforcement capabilities to fight caller ID fraud. Utilizing data tracking analytics technology, the DART Act enables the FCC to block unauthenticated calls at their origin. This prevents caller ID spoofed calls from reaching recipients in the first place. However, it’s too early to tell how effective this technology will be.
Other Types of Caller ID Fraud
Call spoofing is, without doubt, the most common type of caller ID fraud. However, other actions impact businesses and consumers. VINES also plans to investigate the methods below to overcome caller ID fraud once and for all.
Toll bypass allows IP telephony users to make long-distance calls appear like local calls. This practice lets users avoid long-distance (toll) charges, which impacts revenue for organizations. It works like this: Users reroute calls from the public switched telephone network (PSTN) to their data network. As a result, users avoid long-distance rates when calling companies in another state orcountry, for example.
Internetwork Signaling Exploitation
Fraudsters use exploiting internetwork signaling in three ways:
- CLI Spoofing: Scammers trick call recipients by changing their name/number.
- IRSF Fraud: When scammers divert calls from their destination to another location via route manipulation. It’s called International Revenue Share Fraud, or IRSF, and it costs up to $6 billion a year. This type of call rerouting takes advantage of the roaming charges associated with SIM cards.
- Call Resizing: The act of manipulating the duration of a call to increase/reduce call costs.
Preventing Phone Fraud
While caller ID spoofing is the primary tool of scammers, there are a number of other fraudulent activities scammers use to make money. Call authentication’s primary goal is to stop caller ID fraud, with a focus on spoofing. However VINES is investigating methods to track and combat other methods such as toll bypass and internetwork signaling exploitation.