Today, telecom fraud exists on a much larger scale than in the past. A few decades ago, most of the fraudsters were local, but now telecom fraud has gone international. Two big reasons for this change are technology and the low cost of internet access. The Internet is now readily available around the world and many fraudsters, regardless of where they live, feel less threatened by the ability of enforcement officials catching up with them.
There is evidence of illicit robocalling from all the major countries around the world, not just the ones we would typically think of as our adversaries, but also from friendly countries too. The level of cooperation between countries varies across the world. The FCC Enforcement Bureau has worked closely with its counterparts in countries such as India. For example, the FCC Enforcement Bureau here in the U.S. directly engaged in helping get some of the illicit call centers in India shut down and getting fraudsters arrested in India, under Indian law, with the support and help of the agencies in India. This is an example of a country where a large problem existed, and to some extent still does, but through cooperation successful large scale enforcement actions have taken place.
On the other hand, there are also other countries that really don’t cooperate with us and we’re on our own to manage the fraud. This means that our West Telecom Services (WTS) Network Operations Team must be very diligent. We have to take great care regarding who we allow to interconnect to our network and originate traffic onto our network. We have a rigorous onboarding process to help us weed out any bad actors.
Not all Spoofing is bad
It’s important to keep in mind that not all spoofing is bad. Caller ID spoofing enabled by technology can be used for great purposes. For instance, a women’s shelter may be permitted to spoof outbound telephone calls using authorized telephone numbers that are set aside for them to use for that purpose in order to help protect the safety and well being of the residents.
The battle that the industry is fighting against the “bad guys” is complicated by the fact that what the bad guys do is also what is authorized by some legitimate parties. When we’re trying to combat the illicit spoofing problem and fighting the bad guys, we have to be careful that we don’t inadvertently block the legitimate approved spoofers. It’s critical that their calls are completed and that their locations are protected from those who might want to harm them.
The good news is that once the STIR (Secure Telephony Identity Revisited) and SHAKEN (Secure Handling of Asserted information using toKENs) which are the frameworks created to identify illegally-spoofed Caller-IDs and to help prevent the completion of illicit robocalls are deployed, the illicit spoofers will have a much harder time continuing to do, on such a large scale basis, what they’ve been getting away with over the past few decades.
Intrado businesses generate over 4.2 billion consumer-desired voice notification or messaging calls per year. Regulator-mandated controls haven’t yet been put on text messaging to the same extent as voice calling. There will continue to be an evolution of how the industry addresses the completion of messaging, both for voice and for text.
The CTIA, originally known as the Cellular Telephone Industry Association, but now just referred to as CTIA, is an organization made up of a consortium of industry members. It’s an industry-lead group that produces best practices that are well known in most parts of the industry. There have been updates about text messaging just last year, and there probably will be another update this year and in 2021. The intentions are to ensure that the legitimate text messages get through unencumbered, but that we don’t end up with as severe of a problem for texting as we’ve had over the past several years on the voice calling side with respect to illicit robocalling. The CTIA has attempted to always be in front of it with respect to text messaging.
Of course, even the best practices can become less effective as a result of shifts in the tactics of bad guys who generate illicit robotexts, and as a result, CTIA has shown a commitment to update the best practices from time to time. In fact, the FCC has, to a very large extent, acquiesced to the CTIA best practices for the completion of high-volume text messaging within the industry. That process is fundamentally different from the way it works on the voice side of this business.
Click here for an overview of the CTIA Messaging Principles and Best Practices.
What to expect in 2020
Currently STIR and SHAKEN are deployed modestly in the industry. Both AT&T and Verizon now say that they have STIR and SHAKEN deployed for some calls. Some other companies in the industry have begun to deploy, STIR and SHAKEN too. Intrado Corporation and West Telecom Services (WTS) LLC are in the deployment stages of STIR and SHAKEN. By the second half of the year it’ll be harder for the bad guys to continue to illicitly spoof Caller ID. There will also be greater confidence that the Caller ID information shown is accurate.
Additionally, there has been some expansion into the practices that help inhibit the entry of illicit high-volume texting. There’s still more work to do on both the voice and the text side, however, 2020 should be an important year, particularly on the voice side of the business. We should start to see improvement through the reduction of illicit robocalling and illicitly spoofed Caller ID.