FCC STIR/SHAKEN Policy
Living in the era of aggressive marketing can be stressful. One of the annoying aspects consumers have to put up with is robocalls. While respectable companies may use robocalls for their sales and marketing strategies, scammers use phone number spoofing to steal money and information.
On June 30, 2021, the FCC (Federal Communications Commission) took decisive action to combat illegal robocalls. According to the new law, all big American phone providers like AT&T, Comcast, T-Mobile, and Verizon must use caller ID verification technology to make sure all calls are really made from the number displayed on the recipient’s phone.
The majority of consumers is currently savvy enough to understand that an unknown number on their caller ID could mean that a scammer is calling. Accordingly, they avoid picking up the phone unless the number is familiar.
That’s where spoofing comes in. Spoofing is disguising the caller ID from the call recipient.
For example, when a consumer sees that Amazon is calling, it may not be the marketplace at all. It could be a scammer, who poses as an Amazon representative.
Identity thieves can use spoofing to pretend that they are calling from a credit card company or the IRS in order to trick you into sharing sensitive information.
One of the most sizeable number spoofing scams occurred back in 2019. At that time, criminals used this tactic to pretend to be Chinese Embassy representatives and deceived people into transferring money into their accounts.
According to the FCC, U.S. consumers get 4 billion robocalls per month. While some of them are legal, others are made through spoofing. It’s cheap and easy to make mass robocalls to consumers while changing the caller ID in the process. The more of these calls scammers make, the more chances they have of achieving their criminal goals.
Before the COVID-19 pandemic struck, illegal robocalls were slowly losing popularity. However, when coronavirus landed people at home, scammers came back in full force.
According to a phone company that providers call management services, in March 2021, U.S. consumers received about 4.9 billion robocalls. Half of them were made by scammers.
Illegal robocalls may include:
- Sales calls from companies you don’t want contacting you.
- Pre-recorded messages with highly appealing yet non-existent offers.
- Calls that demand you cover a non-existent debt while sharing your sensitive data.
Robocall spoofing leaves consumers vulnerable to fraud since they have no way of finding out who is on the other end of the line. The only way to battle this problem is for communication providers to take action.
Not All Robocalls Are Illegal
It’s worth noting that not all robocalls are illegal. To make a legal robocall, the company must have written permission from the consumer that clearly states their agreement to receive such calls. The company doesn’t have the right to force you into giving this permission in exchange for the products and services it offers.
Other types of legal robocalls are:
- Political calls about candidates running for office
- Charities asking for donations
- Debt collection calls
- Informational messages (appointment reminders, flight delays)
If a robocall is none of the above, it’s highly likely to be a scam.
What the FCC Has Done in the Past
Over the past few years, the FCC has been working hard to fight illegal robocalls and spoofing. The Commission has been targeting scammers directly.
In March 2021, a health insurance telemarketer was slapped with a $225 million fine. The Texas-based scammer has been posing as Blue Cross Blue Shield and Cigna to sell short-term insurance plans to consumers.
In the past, the FCC regularly issued recommendations that encouraged people to ignore unknown numbers. However, legacy tech in the telephone system allowed scammers to fake phone numbers and practice robocall spoofing without restrictions.
In March, the FCC formed a “Robocall Response Team” that focused on coordinating anti-robocall efforts. The Commission collaborated with FTC, DOJ, and state attorneys to fight against illegal robocalls.
If the FCC suspects that a company is violating the rules, it sends out cease-and-desist letters.
The STIR/SHAKEN Policy
The STIR/SHAKEN policy is a set of protocols and standards aimed at battling caller ID spoofing.
- STIR — Secure Telephony Identity Revisited
- SHAKEN — Secure Handling of Asserted information using ToKENs
STIR is a protocol for providing the recipient information within a digital signature. It helps the digital signatures to be verified at the end location (devices). SHAKEN focuses on implementing STIR within carriers’ networks.
These standards create the framework to make sure that all SIP-signaled calls come with an attached certificate of authenticity. The certificate is a digital signature that allows service providers to verify called ID. This helps eliminate illegal robocalls and prevent scammers from using Called ID spoofing.
Implementing the STIR/SHAKEN Technology
Starting June 30, the Federal Communications Commission requires all big providers to take advantage of the STIR/SHAKEN technology. It can help them verify that the Caller ID data transmitted by the caller matches the caller’s real phone number. The technology also allows providers to block illegal robocalls.
Companies that have fewer than 100,000 subscribers can take advantage of an extension until June 2023. However, the FCC may shorten this extension.
It’s important to understand that the new rule doesn’t eliminate phone scams altogether. It only takes care of the illegal spoofing process.
If the caller’s phone number matches whatever is displayed on your caller ID, the call won’t be blocked. However, it could still be a scammer, trying to sell you something or gain access to sensitive information. That’s why all FCC recommendations about unknown numbers still stand.
Battling Unwanted Calls
While FCC is making significant progress protecting consumers from illegal calls and scams, new technologies appear every day. That’s why it’s imperative to be vigilant about any robocalls that come your way, especially if you don’t expect any communications from a particular company.
The best way to make sure the call is real is to hang up and call back using the organization’s official phone number. For more information about communication security, please contact our team at any convenient time.
ECW Computers is an information technology company. Headquartered in Deerfield Beach, FL, we specialize in providing unique, specially-tailored Managed IT solutions to businesses in Fort Lauderdale, West Palm Beach, Miami and across South Florida.