In June of 2021, an FCC mandate went into effect requiring voice service providers to implement STIR/SHAKEN protocols. No, that isn’t a government-mandated happy hour at Verizon and AT&T headquarters. Instead, the rather long-winded acronym (Secure Telephone Identity Revisited/Signature-based Handling of Asserted Information Using toKENs) took aim at a simple goal: stop spam calls!
We’ve all experienced the problem. One, twice, maybe even a dozen times a day, our cell phones ring from a number we don’t recognize. The result is that millions of exasperated Americans hit the “ignore” button on billions of spam calls every year.
In fact, the FCC estimated that by the end of 2019, a whopping 50% of all telephone traffic would be spam. One look at your voicemail inbox likely shows that three years later, they were right.
But, apart from being annoying to us, why did the government get involved in the first place? Well, for one, spam calls are illegal. They cost network operators money to connect, and the ones making those calls are usually up to no good.
What’s more, a lot of spam calls are actually being answered by innocent people who then fall victim to any number of fraud schemes. Through STIR/SHAKEN, the federal government hoped to curb the problem.
The theory was sound: If carriers could differentiate calls that originated on their network from those that did not, the person answering the call wouldn’t have to worry about whether the call was spam. This differentiation is defined by the carriers as an “Attestation.” Each call, then, was to be delivered to its destination with an Attestation (A, B, or C) that matched the carrier’s confidence in the call’s origination.
In practice, however, the objective of STIR/SHAKEN proved difficult—not all call types (like VoIP phone systems) fit neatly within a classification of “spam” or “not spam.” Your deskphone or softphone could be flagged as spam purely by the way that the call originates and travels through the telephone network.
In the end, the complexity of call traffic makes it hard to rely on the STIR/SHAKEN framework exclusively as a form of validating calls. For one important group, the limitations of STIR/SHAKEN prevent it from being that silver bullet: Contact Centers.
Contact Centers Shouldn’t Confuse STIR/SHAKEN for Call Authentication
The ineffectiveness of STIR/SHAKEN Attestations to authenticate callers for contact centers may be a direct result of the fact that the protocols weren’t designed to verify or identify customers in the first place. The STIR/SHAKEN framework was designed to prevent, or at least signal, potential spam.
So, while carriers could flag, or even block, a non-certified call to an individual’s phone, businesses face far more nuanced scenarios with a larger variety of call types. A bank, for example, does not have the luxury of simply ignoring calls from unknown origins. Other problems, like the ones listed below, add to that complexity:
- Major carriers were required to adopt STIR/SHAKEN mandates, but hundreds of smaller carriers faced fewer implementation requirements. As a result, Attestation data is often lost or degraded when major carriers pass calls to smaller carriers. According to Pindrop’s analysis of a 260-million call sample, about 65% of call traffic reached its destination without any Attestation at all.
- Even when available, STIR/SHAKEN Attestations are not designed to assess risk. Call legitimacy is difficult to ascertain on calls given anything other than an Attestation A—and some of those A-rated calls were proved to be questionable by the analysis done in the Pindrop report.
- Carriers get to “choose-their-own-adventure” when assigning attestation levels, resulting in inconsistencies between carrier networks that may impact efficacy.
This report series monitors and analyzes the roll out of STIR/SHAKEN protocols, and the implications for contact centers that plan to use them for call authentication. The latest downloadable report in the series covers the time period from April 2021 before the FCC-issued mandate (June 30, 2021) through June 2022.
The report uses detailed call data analysis to share our observations, including:
- The (un)availability of STIR/SHAKEN Attestations
- The (in)efficacy of STIR/SHAKEN Attestations
- STIR/SHAKEN Attestations compared to VeriCall® Technology call risk scoring
Through Advanced Call Verification–powered by VeriCall Technology–Pindrop provides its customers with the ability to ingest STIR/SHAKEN Attestations as a data point to supplement its machine learning models and call risk assessment process, which is specifically designed for contact center authentication.
Pindrop customers interested in utilizing STIR/SHAKEN Attestations can thus leverage potentially valuable Attestation-related insight while also maintaining the ability to reliably assess call risks with a high degree of accuracy when attestation data is not present.
Download the Pindrop report to learn more. Or, chat with our experts!