STIR/SHAKEN statistics for December 2021

There was a sharp uptick in signed robocalls received in December 2021. Read all about it in this article on STIR/SHAKEN statistics from the last month in 2021.

These statistics come from service providers using ClearIP software to verify signed calls and perform robocall prevention on calls their subscribers receive.

We were encouraged by the 12% drop in robocalls reported in December.

Figure 1: U.S. Monthly Robocalls Were Down 12% in December 2021

Did the evolving SHAKEN ecosystem do this? Not exactly—the story is a bit more complicated, with a few surprising twists and turns.

Signed robocalls by attestation level

For several months, we’ve been reporting on the high percentage of robocalls signed with SHAKEN attestation levels B (partial) and C (gateway). This showed up again in the December numbers, with a vengeance.

Figure 2. Calls and Robocalls by SHAKEN Verification Status — December 2021

In figure 2, the blue line shows the percentage of calls that were robocalls for each SHAKEN attestation level. The green horizontal line shows the overall robocall percentage for all calls.

Notice that the robocall percentage among calls signed with B (partial) or C (gateway) attestation were three times higher than the overall robocall percentage.

We’ve noticed this problem since July 2021. It really took off in December.

Figure 3: Robocalls by SHAKEN Verification Status – July–December 2021

Whoa! Notice the huge jump in December for robocalls with partial attestation (orange bar) and robocalls with gateway attestation (grey bar).

We have a green line in figure 3, which illustrates the overall percentage of robocalls across all calls per month. Calls with B (partial) and C (gateway) attestation were much more likely to be robocalls than unsigned calls. This pattern doubled in December!

Attestation level usage by provider type

Obviously, not all calls with either B or C attestation are bad calls. There are many bona fide situations where signing calls with these attestation levels is the right thing to do.

However, robocallers, and providers that enable their traffic, are getting their robocalls signed with these attestation levels. So, we gotta ask…

Who’s signing these robocalls with B and C attestations?

Figure 4: Attestation Ranges by Provider Type

The box-and-whisker chart in figure 4 shows the percentage range of attestation assignments for providers in each provider type category (e.g., CAP/CLEC, ILEC, etc.). The X in each box shows the average percentage of providers in that category who used a particular attestation level. The height of the box shows the percentage range of attestation usage by each provider type. Some boxes have a line extending from the top or bottom; these are used to show an outlier in that group.

Figure 3 shows that non-interconnected VoIP carriers signed 62% of their calls with B attestation. It’s a narrow range, too, among these providers.

Next comes interconnected VoIP carriers, who signed 38% of their calls with B attestation. However, this is just an average across a very wide range.

We’ve found that some of the biggest users of B attestation are downstream intermediate providers, interconnected VoIP, that sign calls for their upstream service provider customers. In December, one of these signed 84% of its calls with B attestation, while another signed 79% of its calls with B attestation.

These downstream intermediates sign these calls using their own SHAKEN certificate, not the certificate for the upstream provider. Yet, many of the upstream Originating Service Providers claimed a complete SHAKEN implementation in their robocall mitigation certification, though they have no SHAKEN certificate.

These same providers also send lots of robocalls.

That’s the problem. This is how robocallers, and the providers who enable them, have found a way to hide in plain sight within the SHAKEN ecosystem: get a downstream provider to sign robocalls with B or C attestation and claim a complete SHAKEN implementation.

Originating service providers signing calls

SHAKEN participation continues to grow.

Figure 5. SHAKEN OSP Participation by Month

December 2021 saw a 5.5% increase in the number of providers observed signing calls.

Verification status and errors

Figure 6. SHAKEN Verification Status Over Time

We continue to see that about 24% of calls received were signed using SHAKEN. Clearly, call authentication has stalled, given the current participation requirements.

Our thoughts

We’ll start with the good news: Robocalls were down 12% in December.

But we must face the bad news too: Robocallers, and service providers that carry their calls, have established a comfortable presence squarely within the SHAKEN ecosystem.

To be fair, SHAKEN call authentication wasn’t designed to prevent robocalls. It was intended to make call analytics and robocall prevention more effective—an essential piece in a larger solution framework.

The explosive growth of robocalls among signed calls demonstrates that the solution components are not yet assembled in an effective way.

What will it take to turn this around?

1. Robocall Mitigation. USTelecom, Verizon, and others have urged the FCC to require both SHAKEN and robocall mitigation. It should be both, not either/or. Neither is sufficient to prevent robocalls without the other. They work great together.
2. Accountability. Providers are signing robocalls, and they should be held accountable based upon their affirmative obligation to prevent their customers from originating illegal calls.
3. Close the downstream provider loophole. There are thousands of providers that claim a SHAKEN implementation, but a much smaller number approved to do SHAKEN by the Policy Administrator. The Commission should require SHAKEN approval to claim a SHAKEN implementation.
4. Phase out the non-IP SHAKEN extension. SHAKEN for TDM standards have been approved and are commercially available. These are the criteria the FCC established for phasing out the non-IP extension. These requirements have been met. This will bring a much higher percentage of calls into the SHAKEN ecosystem. Widespread call authentication, combined with effective robocall mitigation, will turn this around.

TransNexus solutions

We offer STIR/SHAKEN and robocall mitigation solutions in our ClearIP and NexOSS software platforms. We can make your STIR/SHAKEN deployment a smooth process.

We provide an STI-CPS, the TransNexus CPS, which is available to any SHAKEN-authorized service provider free of charge. It’s part of the national network of STI-CPSs. We can also provide a private STI-CPS, either hosted or on-premises, to service providers.

Contact us today to learn more.