CLI authentication update – Do you know your customer?

Find out how Netaxis CLI Authentication Service can help you reduce spam and fraud, while meeting telecoms regulations requirements.

In 2021 the UK Telecoms Regulator Ofcom, as part of their efforts to reduce spam and telecoms fraud, introduced new origin-based surcharges for internationally originated calls to UK geographic or mobile numbers where a CLI is missing, corrupt, malformed or unknown. 

Pre-defined charge bands as high as £2 per minute were applied based on destination (UK mobile/fixed) and varied by source country code. This resulted in a mad scramble by UK based communications providers to put systems in place to enable compliance with the Ofcom rules.

At the time Netaxis, based on their powerful and highly flexible Session Routing Engine, introduced the very well received cloud based CLI Validation service to good effect.

Two years down the line, as National Regulatory Authorities step up their fight against Robocalls and spam it is worth considering where this type of service could be used.

Table of Contents

The problem

This is perhaps best illustrated with a quote from the USA Federal Communications Commission:

"Frustration and anger at unwanted robocalls is something we all agree on. Many of us no longer answer calls from unknown numbers and, when we do, all too often find them annoying, harassing, and possibly fraudulent. Consumers are not the only losers when this happens; legitimate callers have a hard time completing the calls consumers do want to receive."

From a personal perspectiveI often don’t answer a call if I don’t recognise the calling number to the point where I keep my ‘landline’  phone switched off unless I specifically want to call someone where I may be on hold for some time (eg bank or airline) and therefore want the comfort of handsfree on a desktop phone.

What is being done about it?

The FCC has been leading the fight when it comes to regulation in this area and at the end of 2019 introduced the TRACED Act whereby voice service providers had to implement technologies that would block Robocalls. The only technology identified as being able to do the job was STIR/SHAKEN and most of the references to this subject since 2019 have been based around the name of the technology rather than the Act itself.

Whilst being the only game in town, STIR/SHAKEN has a number of issues not the least being that for it to work every service provider has to adopt it. This includes international operators sending calls to the USA which in a world where only USA based carriers have been mandated to support the tech will cause huge issues with the prospect of people outside the USA being unable to call into the USA as their calls are likely to be blocked as potential spam.

Moreover STIR/SHAKEN is also only applicable to all IP networks so calls carried over old PSTN networks would not be screened.

The FCC has given various groups of providers different implementation deadlines over recent years, moving U.S. networks closer to full coverage: 

The Largest Voice Service Providers were required to have implemented STIR/SHAKEN by June 30, 2021 followed by ‘Non-Facilities-Based’ Small Providers – by June 30, 2022. ‘Facilities-Based’ Small Providers were given until June 30, 2023 as were Gateway Providers.

Intermediate Providers ie carriers with no retail activity that receive unauthenticated IP calls directly from domestic originating providers must use STIR/SHAKEN to authenticate those calls by December 31, 2023.

The FCC is still trying to decide what to do re Non-IP Networks.

Post implementation the FCC is prepared to heavily fine service providers found to be delivering Robocalls. Because of this the industry has taken an aggressive stance and as the technology implementation is far from perfect and there are reports of large numbers of genuine calls being blocked. The FCC has had to provide the industry with ‘safe harbor’ or immunity from prosecution to avoid litigious American citizens from taking their service provider to court for blocking good calls.

International implementation of STIR/SHAKEN

As already mentioned STIR/SHAKEN only works if universally adopted. This means All countries outside the USA need to support the initiative and the government in France has already enacted a law to this effect.

This is all well and good but here’s the rub. All countries need to implement the tech in the same way and this area is so complex that we are already in danger of different countries implementing different flavours of Robocall blocking, even within the EU. When you consider that a similar approach needs to be looked at for messaging where spam is also seen as a big problem then you can understand why progress here is not going to be very fast. In fact a snail would look speedy in comparison.

Here in the UK Ofcom is trying to figure out what to do. The UK, one of the earliest markets for telephony, also stands out as a country that will find it even harder to implement a solution. STIR/SHAKEN relies on there being a single numbering database containing information on CLIs. The UK does not have this single numbering database which is one of the reasons that here we are miles behind other countries in implementing efficient number portability. 

Ofcom has historically left this to industry to sort out and UK industry has never been able to speak with one voice on this subject due to vested interests.

Earlier this year as part of their ruminations on what to do in this space Ofcom put out a Consultation: Calling Line Identification (CLI) authentication – a potential approach to detecting and blocking spoofed numbers. The Comms Council UK (CCUK) provided an excellent and well considered response to this consultation. The whole response can be seen on the CCUK website but needless to say there is a serious concern within the industry that the regulator could impose conditions that would be very difficult if not impossible to meet in the UK.

At a time when the whole industry is trying to sort itself out in readiness for the switching off of the PSTN slated for 2026 it is considered totally impractical or cost effective to have to adopt STIR/SHAKEN before that time. Even to the extent where STIR/SHAKEN might need to be implemented on ageing equipment that might not be in production beyond the switch off.

Industry response to STIR/SHAKEN - Know your customer

If you can make it the SIP Forum has a three day conference mostly focussed on “the Call and Text Authentication Ecosystem”. This will be invaluable for Communications Providers looking to get their brains around this issue. As an aside I was on the board of the SIP Forum during the early years of SIP. I digress.

Another initiative is one driven by the Cloud Communications Alliance (CCA) who organised a conference in Antwerp the day before the Netaxis Inspiration Day. During the afternoon I chaired a workshop on how industry might get together to ensure that solutions to the Call Identification Authentication problem worked across multiple countries.

We had representatives of Trade Associations from around Europe and the USA in attendance. The conclusion was that an ongoing dialogue needs to happen internationally and the CCA is picking up the reins on this.

One of the interesting aspects of this whole subject is that any solution is really down to knowing who your customers are and therefore being able to trust them. The Acronym KYC, or Know Your Customer has come to the fore and there have been conferences on the subject eg SIP Forum KYC Summit 2023.

When you think about it this is something most businesses should have a handle on. Otherwise how could they ensure that they continue to serve their customers appropriately on an ongoing basis.

How can Netaxis help?

Netaxis is a supplier of software and services to the communications industry. Our customers are mostly Tier 1 and Tier 2 communications providers who use our Fusion platform to integrate and automate voice and UCC services and our SBC As A Service platform for call management and security.

Part of the functionality within these services is provided by an API driven SRE routing engine that is already the power behind our CLI Authentication Service. The ability to easily access multiple external databases perfectly positions the SRE for use in a multitude of STIR/SHAKEN based services and solutions.

Contact Netaxis here for more information. If you need to know your customer you should talk to us. 🙂

More To Explore

Want to enhance your UC proposition?

Our teams can recommend the best-of-breed technology to complement your network and Netaxis services perfectly.