AT&T and Neustar Execs Share Thoughts on STIR/SHAKEN Success
On November 11, industry veterans Linda Vandeloop, Assistant Vice President External Affairs Regulatory at AT&T, and Jimmy Garvert, Senior Vice President and General Manager of Caller Identification Solutions at Neustar, were featured on an executive broadcast by Network Media Group (NMG) about restoring trust to the phone channel.
In addition to providing an update on where things stand on STIR/SHAKEN implementation across the industry, they shared best practices on three fronts: robocall mitigation, vetting services, and branded calling. Here’s a recap of what they had to say.
View the full 16-minute video.
STIR/SHAKEN implementation making gains ahead of looming deadline.
Things have gone surprisingly well, said Linda, “This is a group of people who've worked very hard together. And you know, it can be a contentious industry. Some of the members of the board have never agreed on any issue! But this has been such an amazing, committed, dedicated, collaborative process.”
Overseeing STIR/SHAKEN implementation is the Secure Telephone Identity Governance Authority (STI-GA), a governing body comprising service providers representing every segment of the industry, as well as an administrator, and a technical committee. This board sets up the Policy Administrators (PAs) that authorize service providers' ability to get a token and approve certificates to make sure calls can be authenticated and exchanged with other carriers.
- To date, fifty-five service providers have registered with the STI-PA to be able to sign their calls with STIR/SHAKEN authentication.
- Approximately 15 carriers publicly announced they’re deploying STIR/SHAKEN in parts of their network. When fully deployed, these 15+ major carriers represent 70% of all active phone numbers in the U.S.
AT&T and Neustar have been pioneers in STIR/SHAKEN, collaborating with other Communication Service Providers (CSPs) and regulators to create STIR standards and develop the SHAKEN framework. AT&T is one of the vanguard carriers that has been testing and exchanging STIR/SHAKEN enabled traffic since 2018. Neustar is co-author of the STIR standards, and the exclusive provider of the ATIS Robocalling Testbed.
ATIS serves as the industry interoperability test facility to validate the effectiveness of caller authentication standards developed by the Internet Engineering Task Force (IETF) and ATIS. Specifically, ATIS developed “Signature-based Handling of Asserted information using toKENs” (SHAKEN) as an implementation framework for service providers to better combat robocalls and call spoofing on IP-based networks. The testbed has been a huge accelerator for carriers looking to meet the June 2021 deadline, with over 60 participants working to ensure STIR/SHAKEN interoperability across carriers.
CSPs and enterprises unite to protect consumers.
Service providers have been instrumental in the success of STIR/SHAKEN so far. Linda, who is also chair of the STI-GA, noted, “AT&T started working on implementation years and years ago with the development of standards. We've been exchanging testing and traffic with other carriers since 2018. It was a big infrastructure commitment, we had to make some changes to our infrastructure, to the software. And we've already started exchanging traffic.”
That’s great for consumers, but enterprises have unique challenges in addressing the impact of STIR/SHAKEN on their business, how implementation will impact them, and what they can do about it. Jimmy pointed out, “STIR/SHAKEN is a framework that works incredibly well at the consumer level…But, because enterprises can have multiple lines, utilize multiple carriers, that creates a more complex situation. We've seen carriers really taking on that challenge.”
“STIR/SHAKEN will only confirm that a call is not spoofed,” said Linda, “So, we need other tools like analytics to confirm or enable blocking and labeling, traceback to find the source of the calls, and also enforcement to get them to stop.”
Carriers are stepping up with ways to ensure enterprise calls don’t get mistakenly marked as spam or blocked, and also to collaborate with enterprises so they can get the highest attestation levels on their calls. Various methods are already being tested, either by having enterprises originate signed calls or ensuring a robust enterprise vetting service for carriers to grant the highest attestation. Ultimately, that helps the end consumer who will be able to trust that the call originator is who they say they are, so they pick up the call.
Robocall mitigation not a choice any more.
In their recent Second Report and Order, the FCC granted extensions for STIR/SHAKEN deployment to certain service providers, including: smaller CSPs, those unable to obtain a certificate, ones scheduled for discontinuance, and those with non-IP networks. However, CSPs subject to an extension need to implement a robocall mitigation program on the portions of their networks that are not STIR/SHAKEN enabled.
That mandate was reinforced by the North American Numbering Council (NANC) Call Authentication Trust Anchor (CATA) Working Group’s Best Practices for the Implementation of Call Authentication Frameworks. They note: VSPs should implement robocall mitigation programs in addition to call authentication programs, for both IP and non-IP networks. Specifically, the working group recommended monitoring subscriber traffic patterns to identify behaviors consistent with illegal robocalling and take action when illegal robocalling campaigns are identified.
Carriers like AT&T are already leveraging analytics to address robocalls on their networks. And Neustar also offers analytics solutions to help carriers better understand the traffic that is originating from their network and ensure they’re taking the appropriate actions to prevent illegal phone calls. This includes the ability to inform customers about their inbound traffic, by pre-labeling the call in the base Caller ID field.
Vetting is vital.
But to be effective, robocall solutions must be paired with customer vetting. “To get that extension,” continued Linda, “the service provider must implement a robocall mitigation program to prevent robocalls from originating on the network. That involves vetting of customers before they establish service, making sure they're reputable, monitoring the traffic and looking for suspicious traffic patterns. And when those are identified, then do some investigation and take action as appropriate.”
Key steps to addressing the robocall issue include:
- Vetting customers before they establish service
- Validating their right to use a number
- Monitoring traffic and looking for suspicious traffic patterns, and
- When identified, investigate and take appropriate action
Vetting ensures that all actors are truly who they say they are, and to prevent any illegal phone calls from originating on a network. “Enterprises often have different several different [service providers]. So, AT&T may have a customer who is using a number that they got from another provider. We want to be able to give that trusted customer an ‘A’ attestation. If we have a source that can tell us, ‘yes’, that customer has the right to use that number, then we can give that enterprise an 'A' attestation. And that helps with the trust of the telephone call.”
Leveraging the valuable real estate on smartphone screens with rich data.
But there’s another tool to help restore trust in calls. Now that the call authentication framework is in progress, there’s a real chance to revolutionize voice calling with Branded Call Display (BCD). BCD informs consumers with logos, verification status, and call reasons, even before they answer, as well as URLs and callback numbers in the call history log for completed or missed calls.
In addition to providing more context and identifying details on legitimate phone calls, along with a check mark that shows the call has been authenticated, enterprises can let consumers which calls to trust … and answer. Jimmy added, “What we'll see over this next year or more, is an increase of enterprises using this manner of getting their calls authenticated and then presenting more information down to the end consumers, just starting to create that trust back in the voice calling channel.”
The evolution towards a trusted phone ecosystem over the past four years has been exciting and demonstrates a real team effort among regulators, carriers, and enterprises. As the largest provider of call authentication software and identity solutions in the marketplace today, Neustar offers expertise and solutions to help customers comply with regulations, improve the outbound call experience, and restore trust to the phone channel. Learn more about our Trusted Call Solutions and Branded Call Display.