Americans received 68 billion unwanted robocalls in 2024. While that figure may seem substantial, significant progress has been made in the fight against robocall bad actors: 2024’s total unwanted robocall volume is down nearly 60% from the pre-pandemic high of 106.9 billion in 2019.
This improvement in robocall mitigation is primarily due to STIR/SHAKEN, a set of call authentication protocols introduced via the TRACED Act and adopted by the FCC. STIR/SHAKEN requires carriers to authenticate their traffic by signing it, enabling trace-back functionality — a critical element that identifies the origins of unwanted robocalls.
However, non-top carriers face a myriad of challenges that tier-1 providers do not; notably financial and operational constraints slowing their pace of network transformation away from legacy TDM equipment. As a result, many have yet to properly equip their networks with STIR/SHAKEN — exposing vulnerabilities that bad actors have been quick to exploit. Without universal adoption of STIR/SHAKEN, the telecom industry cannot trace and mitigate robocalls effectively.
In a fully realized version of STIR/SHAKEN, every phone call is authenticated at its origin and verified by terminating carriers, there would be full interoperability between all operators and carriers would have access to enhanced algorithms that detect and mitigate suspicious call activity.
To achieve thisversion of STIR/SHAKEN, non-top carriers must modernize their networks to facilitate enhanced call signing strategies.
The current state of STIR/SHAKEN
While the telecom industry has made notable gains, a stark divide remains between top and non-top carriers adopting STIR/SHAKEN protocols.
The top seven carriers — AT&T, Verizon, T-Mobile, UScellular, Lumen, Comcast and Charter — exemplify best practices in implementing STIR/SHAKEN. Interconnectivity performance between these carriers remained high in 2024, with 86% of all traffic between them being signed. Over 90% of that traffic was signed with an “A” attestation level, the highest level of call signing efficiency that ensures a call’s origins have been fully authenticated.
These carriers’ continued success stems from their thorough understanding of the FCC’s requirements and commitment to implementing SIP-to-SIP connectivity, which ensures consistent and reliable security standards for voice subscribers worldwide.
In contrast, smaller carriers’ signed traffic efforts struggle to keep pace. Among non-top carriers, fewer than 30% of calls are signed in compliance with STIR/SHAKEN. This persistent, stagnant adoption remains a significant weakness and impediment to industry-wide fraud prevention.
The success of STIR/SHAKEN depends on traceback functionality. Without that capability, the telecom industry faces two interconnected challenges:
- Bad actors can hide their attacks. Due to top carrier success with STIR/SHAKEN implementation, bad actors increasingly try to originate traffic from tiny ISPs and VoIP providers and send that traffic through multiple network hops. When coupled with campaigns whereby scammers buy large volumes of telephone numbers and use them in low-volume deployments, detecting and shutting down nefarious robocall activity becomes very difficult. By taking advantage of non-top carriers’ lack of visibility and traceback efforts, bad actors can “wash out” their activity amidst the rest of the unsigned traffic.
- Traceback becomes a highly manual process. Without the ability to use STIR/SHAKEN signature data, providers must go through legacy, high-manual methodologies to determine how a call got to its switch, then go to a provider to determine how they got the call and then to the next provider in the hop. This tedious process reduces STIR/SHAKEN’s efficiency and impact.
Former FCC Chair Jessica Rosenworcel recently advised that “providers must be active partners in the fight against unwanted and illegal robocalls. If they are not, they should not be allowed to participate in our phone networks.” A staggering 2,400 VSPs have already been flagged for failure to comply with the FCC’s Robocall Mitigation Database (RMD) filing requirements.
The clock is running out for these non-top carriers to undertake the necessary network transformation efforts. Not only do they face increased regulatory pressure to migrate away from legacy systems for proper STIR/SHAKEN implementation, but they also must contend with higher TDM costs that continue to rise for end-of-life platforms and the lost revenue opportunities available to those operating an IP network.
The route to full compliance is clear: non-top carriers’ migration from TDM to IP is an essential next step for the telecom industry if STIR/SHAKEN is to reach its full potential in protecting consumers from unwanted robocalls.
The path forward
Five years after the initial STIR/SHAKEN deployment, the FCC mandate has moved on to a new phase focused on FCC robocall enforcement and mitigation. This has exposed which carriers have diligently leveraged trace-back technologies and which have not.
To achieve a fully functional STIR/SHAKEN ecosystem, the telecom industry must foster complete SIP interconnectivity, enabling both originating and terminating carriers to authenticate and validate call traffic. Once this is accomplished, the actual value and vision of STIR/SHAKEN will be evident, delivering robust traceback capabilities that strengthen robocall mitigation efforts.
