The Battle against Robocallers Gets Teeth – Round 4

By Alan Percy, Senior Director of Product Marketing, TelcoBridges

The battle to stop illegal robocalling is about to get teeth with introduction this week of the TRACED Act, introduced as a bill to the US Senate by Senators John Thune (R-S.D.) and Ed Markey (D-Mass)

Introduced as S.3655, the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, which includes:

  • Requires the implementation of means to verify the accuracy of caller identification information by voice providers (both legacy and VoIP service providers)
  • Improves enforcement of violators with increased fines of up to $10,000 per call and extends the statute of limitations to three years
  • Aligns various federal law enforcement agencies to prosecute illegal robocallers and report to Congress on the effectiveness of their prosecution efforts.

“The TRACED Act targets robocall scams and other intentional violations of telemarketing laws so that when authorities do catch violators, they can be held accountable,” said Thune. “Existing civil penalty rules were designed to impose penalties on lawful telemarketers who make mistakes. This enforcement regime is totally inadequate for scam artists and we need do more to separate enforcement of carelessness and other mistakes from more sinister actors.”

“As the scourge of spoofed calls and robocalls reaches epidemic levels, the bipartisan TRACED Act will provide every person with a phone much needed relief,” said Markey. “It’s a simple formula: call authentication, blocking, and enforcement, and this bill achieves all three. I thank Chairman Thune for his partnership on this effort, and look forward to seeing this legislation through to its passage.”

A key element of the TRACED Act is implementation of caller identification verification, accomplished via the SHAKEN framework, giving operators a means to identify and trace the origin of illegal robocalls.  As Eric Berger, FCC CTO explains in a podcast interview, “with this technology we will actually know where these calls are coming from…and will able to find the originating offender”

As an innovative network equipment and software company, TelcoBridges has been closely following the development of the STIR/SHAKEN framework, preparing both our FreeSBC session border controller and Tmedia media gateways to be part of the framework implementation.

To learn more about the STIR/SHAKEN framework and how to implement it in a service provider network:

TelcoBridges products help meet the requirements of the TRACED Act, find out how by contacting sales@telcobridges.com

Battling Robocallers – Round 2

By Alan Percy, Senior Director of Product Marketing, TelcoBridges

The battle to tame fraudulent robocalling made some significant advancements this week as the SIP Forum released two new technical reports.

If you’ve been following along, you know that fraudulent robocalling and caller-ID spoofing have become the tools-of-the-trade for criminals trying to trick unsuspecting victims into their scams.   (By now you’ve come to realize that you can’t trust the caller-ID on your phone.) The FCC and the CRTC have put deadlines in front of the carriers, requiring implementation of secure caller-ID technologies to prevent spoofing of caller-ID.

To address these requirements, the ATIS and SIP Forum announced this week the release of two key specifications needed to standardize the user experience and APIs needed for implementation of SHAKEN.


The first specification Technical Report on a Framework for Display of Verified Caller ID (ATIS-1000081) defines a standard user experience for calls from known callers, likely SPAM callers, suspect and potential fraudulent callers with color icons and information on screen-based devices.   The specification details the user experience study that went into the graphical images, providing data on real-world user responses and behaviors to the information displayed.

The second specification Technical Report on SHAKEN API for a Centralized Signing and Signature Validation Server provides a proposed RESTful API for the implementation of the SHAKEN specification, used to authenticate and verify caller-ID for network-based calls.  This recommendation is an alternative to the SIP-based mechanism as specified in the SHAKEN recommendations, as is currently used by a number of vendors, including TransNexus and TelcoBridges.

“These two new resources are critical to helping service providers implement SHAKEN,” said ATIS President and CEO Susan Miller. “They are products of ATIS’ continued collaboration with the SIP Forum and are instrumental to industry efforts to address the robocalling problem and maintain consumer trust in the voice network.”

“The SIP Forum is committed to working together with ATIS to continue to develop the operational documents for the SHAKEN Framework, and these two new reports provide important additional guidelines and details essential to the successful deployment of the SHAKEN standard,” said SIP Forum Chairman Richard Shockey.

In addition to the above announcement, we’ve made significant progress with TransNexus on their SHAKEN fraud prevention framework, recently posted detailed configuration notes on how to configure both FreeSBC and TransNexus OSPrey server and completed our bench testing milestones.

Looking ahead and demonstrating the level of interest on the topic, a dedicated track and session on Robocalling is scheduled for SIPNOC 2018.

To learn more about STIR/SHAKEN, view the recording of our Battling Robocallers webinar and/or sign-up for one of the TransNexus Discover SHAKEN events.

Battling Robocaller Fraud – Top 5 Questions

By Alan D. Percy, Senior Director of Product Marketing, TelcoBridges

Last week we hosted a webinar with our Alliance Partner TransNexus, titled “Battling Robocaller Fraud – an Introduction to STIR/SHAKEN”.  As we expected, the topic was wildly popular with a larger than normal audience attending the live event and a long list of great questions during the Q/A.

As noted by Jim Dalton, CEO of TransNexus at the start of the session, automatic dialers with pre-programmed IVR scripts (aka Robocallers) do have valid applications (reminder calls from medical offices, bill pay reminders, school closures, reverse 911…)  But they are increasingly being used as part of elaborate fraud schemes, bilking victims and stealing their identities.  As noted by the Treasury Inspector General for Tax Administration (TIGTA), over 10,000 victims have collectively paid over $54 million because of phone scams since October 2013.  And that’s just the crime that was reported.

What is STIR/SHAKEN?

In a nut-shell, STIR/SHAKEN is a framework that adds an encrypted identity certificate to the header of a SIP INVITE (the message that initiates the call), proving that the originator has permission to use the associated caller-ID.

Once the call makes its way through the various IP-based wholesale operators, the terminating operator can use a public key to examine the certificate and verify that the caller-ID is intact and rightfully being used by the originator. Calls with a valid certificate will pass to the recipient unimpeded and with the associated caller-ID, knowing it is valid.  If a call arrives without a valid certificate, the terminating operator may flag the call as possible SPAM, send the call to a Captcha-like screening application or block the call altogether.

With literally billions of unwanted robocalls being made every month, they have become the largest source of complaints to the FCC, a very popular topic for a webinar and a great source of questions.

Here’s the Top 5 questions (and answers) from the “Battling Robocaller Fraud” webinar:

#1 How will stir/shaken affect class 4 telephony?

Answer: Implementing STIR/SHAKEN only impacts the originating and terminating carriers.  The intermediary carriers (class 4) must pass the SIP identity headers without modification.

#2: Sounds great, but it depends entirely on the originating TSP to provide genuine authentication.  What guarantees do we have this will be done by all originating TSPs, especially cellular carriers?  What about calls that originate outside the US?

Answer:  As the terminating service providers begin to flag calls without certificates as potential SPAM, or begin screening calls, the originators (both domestic and foreign) will have a strong incentive to add certificates to their calls.  One of the beauties of STIR/SHAKEN is that the originators of bogus calls can be quickly found and dealt with by the regulators, making enforcement pretty easy.

#3: Does STIR/SHAKEN work only on the PSTN using SS7?  What about OTT calls?

Answer: STIR/SHAKEN depends on IP infrastructure and the certificate is lost when handing a call over to a legacy TDM network.  However, calls without a certificate can be flagged in the caller-ID by adding/substituting text in the caller-ID fields.   Other applications like Skype SIP trunks could pass this information too.

#4: Does the size of the SIP packet require carriers to use TCP instead of UDP?

Answer: No, the identity certificates do fit within a SIP/UDP INVITE packet.  However, there is a trend to consider SIP/TCP to handle traffic in the future.

#5: What role does TelcoBridges FreeSBC or Tmedia Gateways play?

Answer: When a call is originated, either the SBC or gateway passes the INVITE to the Authentication Server, which returns a signed SIP token to the SBC/gateway before passing the call to the network.

There were many more great questions (22 in all!) – take a listen to the recorded webinar, available now in the FreeSBC Video Library

More insight into STIR/SHAKEN can be found in an Understanding STIR/SHAKEN article by TransNexus article

Interested in integrating STIR/SHAKEN into your network?  Request a consultation at the Discover SHAKEN workshop from TransNexus.

Caller-ID Spoofing – No, That’s Not Your Neighbor Calling

By Alan Percy, Senior Director of Product Marketing, TelcoBridges

The phone rings and the number looks familiar, just a few digits off from your own.  You wonder if a neighbor or possibly your child’s school calling, so you answer only to hear “Congratulations, you’ve been selected for a three night vacation package”   You’ve been tricked into answering by a Robocaller, using caller-ID spoofing.  Continue reading Caller-ID Spoofing – No, That’s Not Your Neighbor Calling

Fraud and Robocalls – More Than an Annoyance

By Alan Percy, Senior Director of Product Marketing, TelcoBridges

This last week, the NY Times Tara Siegel Bernard published an article explaining the trends of Robo calls and their scams are surging.  With the International Telecommunications Week (ITW) conference this week in Chicago, Tara’s timing couldn’t have been any better.

Continue reading Fraud and Robocalls – More Than an Annoyance