Toggle Dark Mode
It’s been a long road, but today marks a major turning point in the war against telemarketing scams, at least for folks living in the United States, with all three major US carriers announcing that they’ve fully implemented the STIR/SHAKEN anti-spoofing protocol.
While the new technology was first mandated by the FCC back in 2018, it wasn’t until early 2019 that traditional landline carriers began to adopt support for it, and later that year that T-Mobile got on board as the first cellular carrier to support it.
Although the FCC’s mandate was initially voluntary, chairman Ajit Patel said at the time that the Commission was prepared to act if it deemed carriers weren’t moving fast enough. It obviously came to that conclusion early last year, when it set a deadline of June 30, 2021 for “all originating and terminating voice service providers to implement STIR/SHAKEN in the Internet Protocol (IP) portions of their networks.”
At the time, it acknowledged that it might need to extend the implementation deadline for smaller voice service providers. After some consideration earlier this year, the FCC confirmed that most providers “with 100,000 or fewer subscriber lines” would have until June 30, 2023 to implement the new system.
However, the FCC also pointed out that at least a few of these small voice service providers are responsible for generating a disproportionately high number of illegal robocalls, and notes those specific providers will only have until next year, June 30, 2022, to shore up their systems properly.
The Big Three
Regardless, however, the deadline for AT&T, Verizon, and T-Mobile has remained firm, and the good news is that they’ve all managed to meet it.
Since it was the first wireless carrier to jump on board two years ago, it’s probably no surprise that T-Mobile announced yesterday that all calls on its network “are 100% STIR/SHAKEN compliant.” The Un-carrier also adds that it’s filed a certification of completion of its STIR/SHAKEN implementation to make it official.
Verizon has also eagerly announced that it’s on board too, pointing out that “over 78 million Verizon customers” are now safe against “over 13 billion unwanted calls.”
While AT&T didn’t issue any kind of press release, it did tell The Verge that it too has met the deadline, filing its compliance documents with the FCC on the 29th, and that “all LTE and 5G calls originating on [its] wireless network are STIR/SHAKEN compliant.”
What All of This Means
In short, STIR/SHAKEN is a system that guarantees that the number that appears on your display when your phone rings is the caller’s actual number.
Much like e-mail, the technology behind caller ID was built in a much more trusting era. In those early days, everything was controlled by large monolithic telephone companies, and nobody foresaw a day when much more affordable voice-over-IP services would allow spammers, scammers, and robocallers to abuse the system.
Caller ID technology was designed from the beginning to allow the possibility for originating callers to set their own phone number, rather than displaying the one assigned by the telephone company.
There were several good reasons for this, including large companies that needed to display the actual direct phone numbers of staff members rather than the company’s main number. Since it’s very common for a large business to have only a handful of actual telephone lines shared by hundreds, or even thousands of employees, it was necessary to allow corporate telephone systems to assign the caller ID for each outbound call.
Unfortunately, as the telephone market opened to competition and smaller providers came along, these kinds of “trunk” lines because so affordable that a plethora of services popped up with the express purpose of charging you money to let you set your caller ID to whatever you want, and of course scammers jumped on this possibility.
After all, even the most harmless telemarketing companies know that you’re much more likely to answer a call from a local number than an 800 number or a long-distance call from a place you’ve never been. So, telemarketers will spoof random local numbers to increase the odds that you’ll pick up.
However, this also opens the door for evil telemarketers to perform more insidious tactics, such as impersonating Apple Support or Amazon Customer Service, to dupe unsuspecting users into giving up personal information like passwords or credit card numbers to an official company representative. Similar tactics have also been used to impersonate IRS agents and law enforcement officials, since far too many people still believe that the caller ID information they see on their iPhone is trustworthy.
The goal of SHAKEN/STIR, however, is to help make sure that this caller ID information actually is, by authenticating the source of the call and making sure that the information displayed to the recipient actually matches where the call is coming from. While it won’t put an end to telemarketing or scam calls, it’s going to make it much harder for them to deceive their potential victims.
While today’s deadline marks a giant milestone in these efforts, it’s important to keep in mind that the system isn’t completely bulletproof just yet. Since the FCC is still giving smaller voice providers up to two years more to get their systems in order, this leaves a crack in the door for scammers to work through.
According to T-Mobile’s press release, however, the new mandate covers around 98% of wireless customers in the U.S., and STIR/SHAKEN works between T-Mobile, AT&T, Comcast, Spectrum Voice from Charter Communications, U.S. Cellular, and Verizon Wireless as well as Altice USA, Bandwidth, Brightlink, Clear Rate, Google Fi, Inteliquent, Intrado, Magicjack, Peerless, and Twilio.
In fact, according to the FCC’s most recent statement, over 1,500 voice service providers have filed in the FCC’s Robocall Mitigation Database, and over 200 have “certified to full STIR/SHAKEN implementation.” Further, any provider not certifying to the full implementation is required to explain the steps that they’re taking to ensure that they’re not the source of illegal robocalls.
Further, starting on September 28, 2021, the FCC will be requiring all certified providers to block those other voice service providers who have not certified to at least a partial implementation. This will prevent calls from services that haven’t implemented STIR/SHAKEN at all from extending beyond their own services.
Lastly, it’s important to note that STIR/SHAKEN is mostly a US effort right now, and there’s nothing the FCC can do to enforce it for international calls and foreign providers. The FCC’s Canadian counterpart, the Canadian Radio Telecommunications Commission (CRTC) has also been on board with this since early 2018, which is important since Canada the United States share the same international country code, and has been holding its carriers to the same June 30 deadline.
Ultimately, the new protocol will increase your confidence that a North American number is valid, but you should still be very wary of calls from international numbers that you don’t recognize, as it’s still entirely possible for these to be spoofed.