How to monitor SHAKEN signer reputation
There’s been considerable concern over improper attestation by some SHAKEN signers. Terminating service providers should use call analytics to measure the reputation of authenticating service providers. In this article, we’ll provide a simple example and suggest ways to expand it for deeper analysis.
We’ll build this report using our ClearIP software product. Perhaps users of other software can relate this example to their application to get their ideas flowing.
ClearIP retains considerable call details for every call it processes. Twelve months of data is available for reporting within seconds of when the call was placed.
Sample report for SHAKEN signer reputation
Let’s build a simple report with just the core elements to monitor and assess the reputation of the SHAKEN signers. This report requires that you are using ClearIP for STI Verification and Reputation Monitoring.
The report is built within ClearIP by navigating to Analytics, SIP Reports. It requires only a few configuration settings:
- Date Range: your choice, but let’s use Previous Week for this one.
- Filters:
- STI Verification Status: Successful
- Reputation Lookup: Yes
- STI Verification Attestation Indicator: Does Not Equal C
- Other report configuration options:
- Group by STI Verification Service Provider Code
- Sort by Average Reputation Score, Descending
- Include Reputation Scores and STI Verification Attestation Indicator Counts.
We filtered on Attestation Does Not Equal C because we want to focus on calls where the authenticating signer claims to know the caller and possibly the caller’s right to use the calling number. If you’re interested in learning which authenticators are prolific signers of likely robocalls with C-level attestation, then you can omit this filter.
Figure 1 shows sample output using demonstration data, not live production data, with the Service Provider Code obfuscated. This report provides a quick overview of SHAKEN signer attestation levels and average calling number reputation.
Considerations
- Think about the sample size in the Count column. If the sample size is small, perhaps fewer than 100 calls, then you might not have enough data to draw strong inferences about the SHAKEN signer’s reputation. For example, one blast of bad traffic could make a SHAKEN signer look like a bad actor. Larger sample sizes are better.
- Consider how you configured call flow and STI Verification in ClearIP—there are flexible options for this. Depending on your configuration, you may be performing STI Verification on other calls in addition to inbound calls for termination. If so, you might want to filter out those other calls from this report. Those filters would be configuration-dependent.
- You may wish to break the statistics into smaller groups, such as by STI Verification Service Provider Code, and by STI Verification Attestation Indicator. This can give powerful insight into a SHAKEN signer’s attestation practices, provided you have a large enough sample size to draw strong inferences.
- You can also build similar reports to focus on other call attributes, such as invalid calling number, or incorporate such attributes as sub-groups within the SHAKEN signer reputation report.
Figure 2 shows sample output using demonstration data, not live production data, with the Service Provider Code obfuscated. This report provides attestation-level subgrouping and statistics on reputation scores and invalid and high-risk phone numbers.
You may find other innovative ways to slice-and-dice call analytics by SHAKEN signer to gain greater insight into their call authentication behavior.
Next steps
Terminating service providers can use the results of these reports to improve their call analytics policies. This can help them better protect their subscribers from possibly illegal robocalls.
Terminating service providers can also dig into the details of bad traffic and work with the SHAKEN signer and/or the direct upstream provider to mitigate the bad traffic.
As terminating service providers get better at using SHAKEN signer reputation analytics, they can put pressure on SHAKEN signers and direct upstream providers to mitigate bad traffic and reduce traceback exposure.
TransNexus solutions
TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.
Contact us today to learn more.
ClearIP delivers the fastest, easiest, most-precise prevention of toll fraud, robocalls and TDoS attacks. It’s ready-to-go with STIR/SHAKEN.
Learn more about ClearIP