Compliance Matters: Phone Spam and Bad Call Reputation
Multiple issues
Everyone who owns a phone is aware of how severe the problem of spam and outright fraudulent calls has gotten. Many people only associate telemarketing and robot dialing, or the use of an automated dialing system by marketing and sales personnel to contact as many potential consumers as possible, when we talk of unsolicited, unpleasant calls. However, “spoofers” for caller ID are much worse and are frequently combined with robot dialing to enhance noise levels.
You are aware of them. You see a local number and consider, “That could be the kid’s school, but it’s not on my list of contacts. I should probably answer it: “You hear someone in the Philippines selling, well, pretty much anything. Many times, the Caller ID will identify itself as another organization, such as the IRS or the FBI.
Unfortunately, since it’s challenging to identify fraudulent callers, it’s now up to everyone else to demonstrate their legitimacy, or, in other words, identify the bad people through the process of elimination. It has been a source of stress and difficulty for legitimate businesses to make sure they are in compliance with laws and that their calls are received and answered.
Can STIR/SHAKEN Save the Day?
As consumers, we’d like to stop receiving unauthorized robocalls and Caller ID spoofing, but as businesses, we’re wary of doing so. The Federal Communications Commission (FCC) created the STIR/SHAKEN law to combat spam calls by requiring service providers to include tiny “certifications of authenticity,” sometimes known as attestations,” with each call. These certificates basically state who the provider is, that they are aware of the caller, that the number belongs to them, and that carriers can rely on them in order to send the call through. When a company has numerous providers, it can be challenging to determine which level of attestation they have been awarded and how to move up if necessary.
In order to support the new protocols, STIR/SHAKEN has also necessitated network improvements for several providers and carriers. STIR/SHAKEN is currently a work in progress, and timelines are continually being adjusted. It has not yet been fully deployed. The most recent update is provided here.
The Calendar
* STIR/SHAKEN standards, including the following timeline, must be implemented in order to prevent or eliminate spam calls, according to legislation that was passed in 2018. (The FTC’s Canadian counterpart has a similar strategy with slightly later deadlines.)
* As of June 28, 2021, service providers like SimpSocial that have 100K+ subscriber lines must confirm their STIR/SHAKEN compliance and be listed in the FCC Robocall Mitigation Database.
* September 28, 2021: The major voice service providers ought to have finished registering, attesting to their compliance with STIR/SHAKEN, and resolving any potential network problems. As a result, any providers who weren’t completely registered should have stopped sending traffic to intermediate and terminating voice providers.
* June 30, 2023, 2022: After concluding that they account for a sizable amount of the illicit robocall traffic, the FCC extended by a year the deadline for non-facilities-based small voice carriers to adopt STIR/SHAKEN caller ID identification. The prior FCC requirement for voice service providers with 100,000 or fewer subscriber lines was a full year earlier than this one. Non-facilities-based providers are those who serve end consumers by connecting to the services of other providers rather than having their own physical lines.
* All other small voice service providers, or those situated in facilities, must comply by June 30, 2023.
Note: All carriers on the SimpSocial platform (about three-fourths of the carriers) that have confirmed their STIR/SHAKEN compliance will have a blue checkmark to the right of their listing.
Anyone who is unsure if their company qualifies as a provider should speak with a regulatory attorney right away. Visit the FCC Mitigation Database and the Code of Federal Regulations for more details on robocall certification and mitigation.
Detail of Attestation Levels
As mentioned above, the voice provider has given each company an “attestation level”:
“Full attestation,” denoted by an “A,” means that the provider is aware of the caller, can authenticate that the call came from that caller, and can identify the complete phone number as belonging to that caller. You may proceed now.
The term “partial attestation,” or “B,” denotes that the call came from a recognized customer, but the provider is unable to validate the complete number, as in “this is our client, but the extension number is not registered with us.” Some service providers, like SimpSocial, demand that the number be headquartered in North America (i.e., from a “NANPA” or North American Numbering Plan Area) in order to qualify for a “B.”
Only that “the call can be verified as coming from a known gateway, but we don’t know the caller or the number” is indicated by “Gateway Attestation,” or level “C.” These calls are frequently international calls.
Phony CallsIt should be obvious that an “A” is preferred over a “C,” but how much better or worse is “B’s”? Does anybody actually experience blocking? How is a level increased? Are there any substitutes?
The State of Calling Currently
In conclusion, smaller providers still have more than a year to go, and certain carriers and providers are STIR/SHAKEN compliant while others are not. Accordingly, some companies have received an “A,” others a “B,” yet others a “C,” and still others have not received any attestation at all. Carriers have nevertheless begun validating Caller IDs and preventing calls. Before any of the deadlines expired in March 2021, Verizon claimed to have banned over 10 billion calls.
What, then, should a lawful business do? We advise switching all of your lines and traffic to a single supplier first and foremost. The quickest approach to guaranteeing an “A” attestation is for SimpSocial to get to know every one of its customers and confirm their identities.
It should be highlighted that there are no assurances that an “A” is superior to a “B” or a “C” or superior to being unattested. It’s a terrific beginning, but the quality of the service is really what matters. (In actuality, “eavesdropping scam” calls from fresh sources are more frequently coming from “B’s” and “C’s” than from unverified sources.)
Carriers are implementing more safeguards as a result of this and the fact that customers are more annoyed than ever by scam calls. For instance, regardless of attestation level, a number with a poor history of calling and numerous complaints against it might be prohibited (i.e., numbers with a terrible history or “reputation”). Calls may also be stopped if an algorithm notices strange activity, including a rapid spike in calls from one number.
As a result, certain new tools are emerging to assist businesses in verifying the legality and integrity of their data. One of these products helps verify your business and your phone number. Another choice is number branding, which provides rich call data (RCD) content including a logo, company name, and the caller’s reason for calling. Listen to what Numeracle has to say in SimpSocial’s upcoming Industry Briefings to learn more about these solutions.
* * * * *
Let’s face it, crime is prevalent because it is profitable. The bad guys start looking for weaknesses in new calling controls like STIR and SHAKEN as soon as they are implemented. Although we anticipate STIR/SHAKEN to be beneficial, providers and enterprises still need to exercise caution. For our part, SimpSocial makes every effort to ward off dishonest clients, assign attestations appropriately, and provide the most comprehensive assistance to our true clients. You can engage in the following as a business:
Understand your attestation level.
Consolidate as much of your traffic and numbers as you can with a provider that offers reliable support.
Check the percentage of calls that are completed, especially when using new numbers.
Think about more technologies besides those mentioned above
At the end of the day, all we want are satisfied clients who return our calls. Even if we have no control over spammers, we can go most of the way there by adhering to the rules, working with the correct suppliers, and staying up-to-date on the most recent options.
Back to Blog