Telephone service providers must implement the new STIR/SHAKEN framework by the end of June and certify compliance in a new publicly available database.
The Federal Communications Commission is moving ahead with a program requiring telephone service providers to verify the origins of phone calls—potentially eliminating spoof and robocalls—and is creating a new public database to track compliance among carriers.
This summer, telephone service providers in the U.S. will be required to comply with the Secure Telephone Identity Revisited, or STIR, and Signature-based Handling of Asserted Information Using toKENs, or SHAKEN, which requires tracking and accurately displaying the true caller ID of incoming calls. Compliance with these standards will be tracked in a new Robocall Mitigation Database and posted publicly for all to see, according to a notice posted in the Federal Register.
The program was created in late 2019 with the passage and signing of the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, or TRACED Act. The FCC released the standards in March 2020 with a deadline for service providers to comply by the end of June 2021.
Multiple carriers asked for an extension this year, but FCC denied those petitions in March.
Today, scammers and other bad actors can spoof the origins of a call by routing it through several providers, masking their true identities. This program—and the associated database—looks to prevent that.
Under the STIR/SHAKEN framework, carriers are required to verify the origin of a call, including when it is placed and on the receiving end, even if the opposite ends of the call are handled by different service providers.
“STIR/SHAKEN digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify that a call is in fact from the number displayed on Caller ID,” according to the FCC.
As carriers come into compliance, they will need to register with the newly created Robocall Mitigation Database, which will include certification that the service provider meets the STIR/SHAKEN standards, as well as contact information for a real person at each company who will be responsible for maintaining that compliance.
That information will be published on a public website and “available for download … to ensure transparency and accountability for implementing robocall mitigation programs,” the notice in the Federal Register states.