In this article, we talk about what actions are being planned for and taken by the caretakers of the telephony ecosystem (the FCC and the major service providers) and what you as an enterprise can do to protect yourself, your employees, and your customers from the robocall pandemic.
Robocalls are one of the few topics that seem to have bipartisan support, as well as support across various arms of the government – the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) are both pushing hard on robocall restrictions. And within the FCC itself, the previous Chairman during the Trump era, Ajit Pai, and the current FCC Chairwoman, Jessica Rosenworcel, have pushed aggressively for measures to stamp out illicit robocalls.
Legal Actions
The FCC had already been issuing notices to companies that were indulging in or enabling illicit robocalling. In 2021, it sent out notices to 14 companies. As of July 2022, it has already sent out 14 more notices, warning companies of legal or regulatory actions if they do not cease their behavior.
In parallel, the FTC has also been taking filing and winning cases against illicit robocallers – the most recent win being against Redwood Scientific Technologies Inc., which it won in March 2022 (the case was filed in 2018).
Hitting where it hurts – the pocket
The FTC’s actions are aimed at impacting illicit robocallers by hurting their finances. In the case of Redwood Scientific, the verdict disbarred the owners from all robocalling activities and businesses; it also imposed a USD 18 million fine on them.
The FTC has also taken action against 151 companies that fail to abide by the Do Not Call Registry, with 147 resolutions, $178 million in civil penalties, and $112 million in restitution or disgorgement.
The FCC has been aggressive too: In 2021, the largest FCC fine ever was issued against a group of telemarketers based in Texas – $225 million – who made approximately 1 billion illegally spoofed robocalls over a span of 5 months in 2018. This is in addition to a bunch of other fines that it has been issuing over the past few years.
In 2022, the FCC also proposed its largest ever robocall fine ever – USD 45 million – against a company conducting an illegal robocall campaign to sell health insurance under false pretenses.
In addition, it has also collaborated with state attorney generals to work on illicit robocallers within their states. Most notably, the FCC is working with the AG of Ohio to file cases against two men who were responsible for 8 billion ‘auto warranty renewal’ spam robocalls. The FCC also asked service providers to stop all calls from the two accused, an action that reduced the number of these auto-warranty spam calls from 5 million to 1 million per day.
STIR/SHAKEN
The TRACED Act, signed by Donald Trump, in Dec 2019, among other things, required telecom service providers to implement STIR/SHAKEN across their networks, a capability that makes it far more difficult to spoof Caller-IDs because the callers are authenticated.
The FCC has pushed all service providers to implement STIR/SHAKEN, and has been using the stick to make sure that implementation has been taking place – it has started investigating Bandwidth Inc and Vonage Holdings for not fully implementing STIR/SHAKEN in committed timeframes. As of July 2022, more than 75% of all companies have implemented either STIR/SHAKEN or an equivalent system to mitigate robocalls through authenticated Caller-ID. The rest of the companies have implemented STIR/SHAKEN across their IP networks, but have yet to implement it on the non-IP networks. The result has been a 47% decline in spam/cam robocalls compared to last year.
Companies are now forbidden from connecting with other providers who are not certified for STIR/SHAKEN implementations.
International Robocallers
As many as 2 out of 3 robocalls in America now come from outside the USA. To tighten the screws on these international robocallers, the FCC is making gateway providers use STIR/SHAKEN, register in the FCC’s Robocall Mitigation Database, and comply with traceback requests from the FCC and law enforcement agencies to help figure out where the illicit robocalls are originating from.
Startup Innovation
The FTC even sponsored competitions to identify innovative approaches to stopping or mitigating robocalls and at least two companies have emerged because of this – Robokiller and Nomorobo. There are other providers like Truecaller and Hiya which also do the same. Nearly all of them offer apps that users can download and install on their smartphones, and in addition, they also offer API services that service providers can use to identify, tag, and block spam/scam callers.
Are these measures enough? In an ideal world, not a single illicit robocall would be made, but that is an impossibility. Most of us would settle for a massive reduction – from 11 robocalls per day to far less – maybe 1-2. But that will need more than what the current measures achieve. Until making these calls becomes far more expensive, and as long as there are enough people who get scammed, illicit robocalls are here to stay.
Protecting employees from robocalls
What can a company do to protect employees from robocalls? The most obvious solution is to go in for a service that:
- Blocks call from known scam numbers or unauthenticated numbers
- Flags call from suspected scam numbers
- Allows calls from authenticated/known safe numbers
A service such as this would ideally be on the call path, inspecting all incoming calls, and acting on them. It would also collect information from your employees (post-call) and use that to refine the flag/allow calls. With crowdsourcing and AI in place, a well-managed service could dramatically lower the number of illicit robocalls your employees receive, saving them time, keeping them focused, and protecting them from risks.
Assertion’s SBC Security too provides such a service – if you’d like to know more, let me know.
Have more questions? Send me an email at securityeducation@assertion.cloud
About Assertion:
Assertion® is a leading communication security solutions provider that empowers companies to Collaborate Confidently. Our ultimate goal is to secure every conversation through our advanced AI-enabled collaboration security solutions. We also provide holistic infrastructure security for over 38 collaboration products, including full-stack collaboration security solutions for the UC and CC stack.