Are you fed up with calls claiming to be from the telecom regulatory authority, customs officials, or courier services like FedEx—threatening punitive action for suspicious packages supposedly sent in your name? Often originating from international numbers and displaying misleading caller IDs, these calls prey on consumers who may not be tech-savvy or who think they are simply fulfilling their civic duties. In reality, they are scams designed to extract sensitive information, leading to financial losses and fraud.
Despite multiple measures implemented by the Department of Telecommunications (DoT) and the Telecom Regulatory Authority of India (TRAI), these fraudulent activities continue unabated. Why have local regulations failed to rein in these relentless scammers? In this article, we will delve into the underlying reasons these deceptive calls persist, examine why the government struggles to curb them, and explore more effective strategies for India to manage spam activities—given the inherent limitations of the current system.
Understanding the Structure of a Typical Telecom Network
To understand why regulators struggle to curtail telecom fraud, it’s essential to first understand how a typical communication network operates. The diagram below illustrates a simplified representation of such a system.
In general, there are two types of communication infrastructures:
- Conventional Telecom Systems (Green Squares):
These are traditional telephone exchanges and switches located within the country. They are interconnected and ultimately connect to an international gateway switch (marked as “E” in the diagram). This gateway handles calls entering or leaving India’s telecom network, routing them to the appropriate foreign destinations. - IP-Based Systems (Cloud Icons):
Modern technology enables voice calls to be carried over the internet using IP-based systems, represented by the blue cloud shapes. These can be hosted on commercial servers located both inside and outside the country. Crucially, IP-based networks can interface directly with conventional exchanges within India or with similar switches abroad, as shown in the diagram. This flexibility means calls can easily route internationally through various digital networks that may be beyond India’s direct regulatory control.
While calls placed and managed entirely within the country fall under the strict regulations set by the Department of Telecommunications (DoT) and the Telecom Regulatory Authority of India (TRAI), once a call traverses international borders, it leaves the jurisdiction of Indian authorities. At that point, compliance depends on the regulations and enforcement capabilities of foreign governments and their telecom frameworks.
How Spammers Exploit a Multi-Layered Global Structure
Most spam calls may appear to originate internationally, but in reality, many are orchestrated from within the country by spammers who skillfully exploit this complex, multi layered network. Here’s how they do it:
Spammers register with international, cloud-based VoIP (IP calling) services that lie outside India’s legal jurisdiction. These services, along with their physical infrastructure, are often based in regions with lax regulatory oversight. As a result, they are not bound by Indian KYC norms or the TCCCPR regulations designed to combat spam.
Once connected to a foreign VoIP system, spammers route their calls into India through an international gateway switch. At this point, the call appears as a standard incoming international call. Since the call’s origin has passed beyond India’s borders and through a foreign provider, Indian authorities face jurisdictional limitations. Without direct oversight of the VoIP provider, and with no effective means to verify the caller’s true identity, spammers can operate with near impunity.
This loophole is what leads to the steady flood of spam calls that overwhelm Indian consumers. Regulators watch helplessly as their existing domestic rules and enforcement mechanisms lose effectiveness once calls slip into this transnational web of unregulated VoIP networks.
Why Service Providers Can’t Block These Calls
Once calls enter this transnational web of unregulated VoIP networks, enforcement mechanisms lose much of their effectiveness. Service providers face significant challenges in identifying whether an incoming international call is genuine or spam, as these calls often originate from legal international jurisdictions where local regulations do not apply.
Spammers frequently use caller ID spoofing capabilities provided by IP-based systems to make calls appear as if they’re originating from local numbers. For calls displaying a local CLI, operators could, in theory, verify the authenticity by checking if the caller is genuinely roaming outside India. However, performing such a verification requires complex database searches and additional processing before allowing the call to proceed. This would not only be expensive but would also degrade the user experience for legitimate customers.
As a result, operators find themselves unable to take strong action against these spam calls without causing significant service degradation for genuine callers. Meanwhile, government authorities lack jurisdiction over the foreign VoIP companies providing these services, and indiscriminately blocking them could trigger international backlash and disrupt legitimate international business communications. Ultimately, under the current circumstances, both operators and regulators are largely forced to remain passive observers.
How is the Problem Tackled Internationally?
Some countries, notably the United States, have begun implementing an industry framework called STIR/SHAKEN to curb caller ID spoofing. STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs) work in tandem to authenticate and verify caller identities. Under this system, when a call is placed, the originating service provider attaches a digitally signed token—essentially a secure “certificate of authenticity”—to the call’s signaling data. The terminating provider uses a public key infrastructure (PKI) to validate this token. If the signature checks out, the call can be presented to the user as verified; if not, it’s flagged as unverified, informing the recipient that the caller’s identity could not be confirmed.
This verification process significantly enhances user confidence. It doesn’t automatically classify calls as spam or legitimate, but it does provide vital context. Users can see when a call’s caller ID has been authenticated and when it hasn’t, making it far more difficult for scammers to impersonate banks, government agencies, or familiar local numbers. In essence, STIR/SHAKEN helps restore trust in what users see on their caller IDs.
However, there are some practical limitations. The STIR/SHAKEN framework requires IP-based (SIP) signaling, which is inherent to 4G and 5G networks. Legacy 2G and 3G systems, which rely on older SS7 signaling, are not compatible with the end-to-end cryptographic checks STIR/SHAKEN demands. Consequently, the full benefits of STIR/SHAKEN only manifest in modernized, all-IP networks. Moreover, while the system works well within a single country’s network, international calls passing through regions without STIR/SHAKEN support may lose their verification status. Until the global telecom landscape sees widespread adoption of IP-based interconnects and universal verification standards, some gaps will remain, highlighting the need for additional strategies—such as indicating call origin—to help protect consumers from malicious calling practices.
Why Can’t India Implement a STIR/SHAKEN System?
Although India has advanced toward IP-based 4G and 5G networks, a significant portion of the country’s telecom infrastructure still relies on legacy 2G and 3G systems, which use SS7 signaling. These older systems are not compatible with the end-to-end authentication required by STIR/SHAKEN. Without fully transitioning to an IP-based environment, it’s simply not feasible to implement the framework’s cryptographic verification protocols on a wide scale.
Additionally, even if the technical barriers were resolved, STIR/SHAKEN’s effectiveness depends heavily on the integrity of the subscriber identification process. If mobile SIMs are obtained using forged documents, the trust foundation crumbles. Since the system relies on accurate KYC (Know Your Customer) information to verify a caller’s legitimacy, any gaps in the verification process undermine its core purpose. In short, for STIR/SHAKEN to be meaningful, both the telecom infrastructure and the KYC protocols must be robust and reliable—conditions that are not yet fully met in the Indian context.
Then What Could Be a Solution in the Indian Context?
The fundamental goal of an effective telecom system is to give users enough context to make informed decisions about incoming calls. Some operators, like Airtel, have tried addressing this by employing AI-based spam detection systems that label calls as potential spam. However, these solutions are not flawless. Occasionally, genuine calls get flagged as spam, eroding consumer trust and prompting people to disregard even legitimate warnings.
Instead of attempting to classify calls as spam or not, operators could provide a simpler, more reliable piece of information: the approximate origin of the call. For instance, tagging calls based on their originating telecom circle or indicating that they entered the network through an international gateway offers valuable context without making subjective judgments. This approach leverages existing infrastructure and avoids the complexities of end-to-end caller authentication or perfect KYC enforcement.
Knowing whether a call originates from a local circle, a distant region, or an international route empowers the user to apply their own judgment. They might be more cautious if a call unexpectedly comes from overseas or a far-flung region known for fraudulent activity. Since displaying circle-level or international gateway origin data is technically feasible under legacy SS7 signaling, operators can implement this strategy without waiting for full IP migration or global interoperability.
Furthermore, providing location-based context is less likely to raise privacy concerns than pinpointing exact user details. By offering a non-intrusive, readily available indicator of call origin, Indian operators can enhance user awareness and reduce the risk of digital scams—a practical and immediate step toward mitigating the menace of spam and fraudulent calls.
Conclusion
The challenges posed by spam and fraudulent calls in India are deeply rooted in both technological and regulatory complexities. Legacy 2G and 3G infrastructures, reliant on SS7 signaling, cannot easily adopt advanced verification frameworks like STIR/SHAKEN, which require IP-based networks and airtight KYC enforcement. Meanwhile, spammers exploit international VoIP gateways and caller ID spoofing to bypass local regulations, leaving telecom operators and government authorities with limited options to intervene.
While global initiatives like STIR/SHAKEN offer valuable lessons, India’s unique telecom landscape demands more immediate, pragmatic measures. Providing users with location-based context—such as indicating the call’s originating circle or whether it entered through an international gateway—can offer a simpler, yet effective way to empower consumers. This additional layer of transparency enables users to make more informed decisions without compromising privacy or waiting on a full-scale network overhaul.
In the end, the solution lies in striking a balance between technological innovation, regulatory enforcement, and user empowerment. By combining incremental improvements—like origin tagging—with ongoing infrastructure upgrades and stronger KYC protocols, India can take meaningful steps to restore trust, reduce fraud, and enhance the overall security of its telecom ecosystem.