Shaking up caller ID
The FCC is tightening up its rules for voice calls routed into the us, which may offer new revenue opportunities for carriers, writes Alan Burkitt-Gray
The US telecommunications regulator is about to tighten its rules on voice traffic entering the country, in a move to reduce what most of us call “nuisance calls” but Americans call “robocalls”. The changes by the Federal Communications Commission (FCC) will require the voice industry to spend lots of money in the hope that consumers will come to trust incoming calls once again.
As a result, there will valuable opportunities for wholesale service providers that can offer profitable services to fixed and mobile operators in enhancing calling line identification (CLI) services (or “caller ID”).
The name to hold close is Stir/Shaken, which Wikipedia says is a Bond-like development of “Stir”, an acronym of “secure telephony identity revisited”.
The “Shaken” addition means, according to the same source, “signature-based handling of asserted information using tokens”.
I don’t understand either. But at home in London, the caller ID list on my BT landline phone includes numbers claiming they’re for callers from Cornwall, Derbyshire, Manchester and Newcastle upon Tyne. They weren’t. The callers were lying, just as they were lying about being from BT, trying to help with a non-existent broadband problem, or Microsoft, trying to fix my computer.
That’s what, for the US market, Stir/ Shaken is trying to end. But it is a complex problem and it is expensive for the industry to fix. For example, all those calls to me all had credible, but false, caller IDs.
The first stage of the FCC’s rules came into force at the end of June 2021. As we reported in Capacity at the time, “30 June marks the last day for US phone companies to implement ID authentication using technical standards known as Stir/Shaken”.
The FCC issued an order in March 2021 stating that all originating and terminating voice service providers must implement Stir/Shaken in the internet protocol (IP) portions of their networks by 30 June 2021.
When paired with call analytics, the move was intended to help protect US consumers from the fraudulent robocall schemes that cost US residents approximately US$10 billion annually, according to FCC figures.
The idea was that all calls should have valid caller IDs. The FCC pursued a multipart strategy to combat robocalls using spoofed numbers – issuing hundreds of millions of dollars in fines for violations of its rules; expanding those rules to include foreign calls and text messages; enabling voice service providers to block certain clearly unlawful calls before they reach consumers’ phones; and clarifying that voice service providers may offer call-blocking services by default.
The FCC said the benefits of eliminating “the wasted time and nuisance caused by illegal scam robocalls” will exceed $3 billion a year. FCC chairwoman Jessica Rosenworcel said: “I’m encouraged to see the increasing availability of robocall blocking tools for consumers… Stopping robocall scammers from bombarding consumers and businesses takes a whole-of-network approach. Call-blocking consumer tools are a critical part of this approach, along with Stir/Shaken implementation, network-level blocking, and ensuring gateway providers don’t let illegal robocall campaigns onto our networks.”
Eli Katz is one of the experts. He is CEO of XConnect, which he founded in 2004. A year ago, the business was bought by Somos, a US company that administrates the North American Numbering Plan (NANP), which covers all fixed and mobile phone numbers in Canada, the US and its territories, and some Caribbean countries. XConnect itself runs number information services in much of the rest of the world, answering more than 30 billion queries a year – a number that Katz says is doubling annually.
“There’s a substantial spam robocall issue in the US. Unfortunately, after implementation of Stir/Shaken at a significant cost to the US industry, the initial results are not what the industry would have liked. The FCC anticipated it though,” Katz says.
The FCC’s rule change is also a revenue opportunity, he says. “On a global basis, the industry would significantly benefit from restoring trust in caller ID, both in the voice and messaging ecosystems. In the good old days, trust was there – but we’ve lost that.” There is also the possibly of providing identity services, he says.
He talks of “rich caller ID” also known as “branded calling”. For example, when your phone rings, or a message arrives, it could show a logo from your bank or a green tick to show the number has been checked.
The problem is that “any IP communications provider can manipulate the CLI, and trust has been eroded. Now the industry is trying to restore it to reduce spoofing, spamming and fraud”.
Katz explains how this happened: “Generators of fraudulent calls have moved offshore – to avoid the Stir/Shaken legislation. Now they are generally outside the US.”
Because the FCC had applied the rule at US level, it did not include calls that came from outside the US but still had a +1 country code followed by a US area code. Apparently calls from foreign numbers are still let through. The FCC recognises that it cannot make rules for non-US companies, but if Americans are reluctant to answer calls coming from a foreign number, this is less of an issue.
The other complication is why calls from outside the North American Numbering Plan area can use a real +1 country code. For this, Katz has a simple explanation: the calls could be from overseas call centres; from people who live in North America calling home while travelling overseas (calls from US mobile phones will have a +1 prefix); or from companies that use communications platform as a service (CPaaS).
For example, Capacity is based in the UK, and I and my colleagues have +44 office numbers that we can use to make calls via Microsoft Teams on our laptops or smartphones from anywhere in the world. When we do, the number is shown with a +44 prefix, even if we call a UK number from outside the UK. Each of these explanations is legitimate, but Stir/Shaken has taken a further step to reduce nuisance calls: validating caller ID.
The Stir/Shaken rule now applies to all calls coming into the US with a +1 country code followed by a US area code. And the onus to stop nuisance calls by checking numbers has moved to the wholesale carriers that transport the calls from Asia, Europe, or anywhere else.
When a call comes into the US now, the FCC requires that its CLI is validated, to ensure that what the caller ID system presents is a valid number – that means a number assigned to real person or organisation, not one from an unallocated range or an unallocated +1 800 toll-free number.
But the number could also be from a different list from the CLI, called “Do Not Originate” (DNO). These are numbers that can be called, but are never used to make calls. Therefore a DNO number should never appear in the CLI of an incoming call.
Organisations that use DNO include bank call centres, which are on the DNO list to avoid spoofing and vishing. Katz notes that Somos is a provider of DNO information in the United States.
But those carriers must ensure that a caller ID is also authenticated or attested. In other words, that the call not only has a real CLI, but originates from that number. The originating number, in the industry’s jargon, is the A-number, and the recipient’s is called the B-number.
Katz calls this change in the rules “a double tsunami”, saying: “For the first time in long time, national regulations are impacting international calling in substantial way. The issue we are finding is that the ability for carriers or operators to validate an A-number is relatively unusual feature – not just access to data but also the capabilities of the platform.”
Katz notes: “XConnect and Somos are providing a full suite of service options to enable pragmatic and timely solutions for validation.”
The FCC has not given a date for when it will begin enforcing its tighter rules. But Katz suggests the US regulator “could be quite aggressive”, and points to September or October 2022 as likely times for implementation. So, get ready.