Robocalls up sharply in October
Robocalls in the U.S. were up sharply in October, reaching the highest level seen since the start of the pandemic. Here’s what’s happening.
Robocalls Reach Highest Point Since Start of Pandemic
Figure 1 shows that robocalls reached their highest point for 2022 in October. This is also the highest monthly robocall tally since robocalls dropped in April 2020, at the start of the pandemic.
The red line shows robocalls in October as a baseline for comparison with other months. The green dotted line shows the upward trend in robocalls this year.
The bar chart in the lower part of Figure 1 compares the robocalls in each month with the same month in the previous year, 2021. For January through July 2022, robocalls were generally lower than the same month in 2021. However, robocalls are up year-over-year for August through October.
Since April 2020, Octobers have set the high point for robocalls each year. In the past, October robocall spikes were driven by fraudulent calls related to health insurance open enrollment. There is no indication yet that last month’s robocall surge was driven by such scams.
Call authentication is not yet helping to prevent illegal robocalls
Call authentication is not sufficient to prevent illegal robocalls by itself. However, call authentication makes call analytics much more effective, particularly for calls that were signed with full A-level attestation.
Third-party signing exploit undermines STIR/SHAKEN
Unfortunately, call authentication is not much help when calls are signed with partial B-level or gateway C-level attestation. These attestations don’t rule out caller ID spoofing. There are plenty of robocalls signed with such attestation levels.
Many Robocalls are signed with B or C attestation
Figure 2 shows that almost a quarter of the calls signed with B-level attestation and almost a third of calls with C-level attestation are also identified as robocalls by call analytics. Many of these signed robocalls are facilitated by robocall-friendly providers that arrange for their calls to be signed by a downstream third-party signer using its own SHAKEN certificate.
Because the third party does not have an authenticated relationship with either the caller or their calling number, such calls are typically signed with C-level attestation. Some of these calls are incorrectly signed with B-level attestation by third-party signers that interpret the customer to be the upstream voice service provider, not the caller.
Third-party signers typically don’t know anything about either callers or their claimed calling numbers. Many robocall-friendly Originating Service Providers leveraging the third-party signing exploit are not registered in the SHAKEN ecosystem, so they can’t be held accountable by the SHAKEN governance structure.
This is how robocall-friendly providers evade the accountability that the STIR/SHAKEN framework is intended to provide.
Non-IP SHAKEN exemption undermines STIR/SHAKEN
Despite Increased SHAKEN Participation, Signed Calls Stuck at 23%
Figure 3 shows a steady increase in both the number of SHAKEN authorized voice service providers approved by the STI Policy Administrator (blue line) and the number of different providers observed originating calls signed with STIR/SHAKEN (green line). These lines are measured by the number of providers on the left vertical axis.
The red line shows the percentage of calls received at termination with STIR/SHAKEN information intact. This line is measured by the signed call percentage on the right vertical axis. The percentage of signed calls received at termination has been flat throughout 2022, dropping slightly from around 24% at the beginning of 2022 to 23% in recent months.
One would expect the percentage of signed calls at termination to rise along with participation. Instead, signed calls have remained flat because so many calls cross a non-IP barrier along the call path where the SHAKEN PASSporT is lost.
STIR/SHAKEN can be made more effective by enforcing a few simple requirements:
- Require originating voice service providers to register with the STI-PA, get their own SHAKEN certificate and use it to have their calls signed. This will increase the percentage of calls signed by originating providers with full attestation—the most useful kind.
- Phase out the non-IP SHAKEN exemption and require providers that rely on non-IP network technology to either convert to IP or implement one of the SHAKEN-for-TDM methods. This will enable SHAKEN PASSporTs created by originating providers to survive transit to the terminating provider.
TransNexus solutions
TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.
Contact us today to learn more.
Updated December 7, 2022, the number of robocalls in October 2022 in the chart was changed from 5.490 B to 4.572 B.
Our STIR/SHAKEN products:
- Work with your existing network
- Support SIP and TDM
- Affordable, easy to deploy