What is STIR/SHAKEN?
STIR/SHAKEN is a framework of interconnected standards. STIR and SHAKEN are acronyms for the Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) standards. This means calls traveling through interconnected phone networks would have their caller ID “signed” as legitimate by originating carriers and validated by other carriers before reaching consumers. STIR/SHAKEN digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify a call is in fact from the number displayed on Caller ID.
Is there a timeline for when STIR/SHAKEN will be implemented?
FCC Wireline Competition Bureau announced voice service providers are required to file certifications of their implementation of the STIR/SHAKEN caller ID authentication framework by the June 30, 2021 deadline for the Robocall Mitigation Database submission.
What is required for Vitelity customers to comply with the upcoming requirement for implementing STIR/SHAKEN?
The FCC requires all voice service providers to certify their traffic is either fully, partially or not yet signed with STIR/SHAKEN. All certifications must be signed by an officer in conformity with FCC Rule 1.16.
For voice service providers certifying “some or all” of the calls they originate, they are subject to a Robocall Mitigation Plan (RMP). Such providers must submit additional information with their certifications including the type of extension or extensions received under the FCC rules, specific reasonable steps taken under an RMP to avoid originating illegal robocalls, and a commitment to respond to traceback requests and to cooperate with investigating and stopping illegal robocalls.
STIR/SHAKEN certification and Robocall Mitigation Program requirements are not applicable to Vitelity retail customers that are consuming Vitelity services as an end user.
Do I need to register with the FCC?
The FCC has clarified “all voice service providers — not only those granted an extension” are required to file certifications in the Robocall Mitigation Database. A voice service provider must possess an FCC Registration Number (FRN) to submit a certification.
- If you are a voice service provider and would like to submit a certification, and you have an FRN, please click the “Log in” button found on the FCC Login Page
- If you wish to submit a certification, but do not have an FRN, please click “Create Account” found on the FCC Create Account Page After creating an FRN, please return to the FCC Robo Mitigation page to login.
What are the requirements of the certification letter if my organization needs to file?
Note, the Robocall Mitigation Database is publicly available, and you can download and read other provider certifications as examples.
Will Vitelity customers be required to make any changes on their network in order for STIR/SHAKEN to work properly?
As part of STIR/SHAKEN compliance, Vitelity will sign and provide attestation for outbound call services. No changes are required by Vitelity customers as this is an inter-carrier connection.
Alternatively, if a customer chooses to self-sign calls, we will pass through attestation headers, but must contact Vitelity support for this configuration.
Hosted STIR/SHAKEN services (where Vitelity would sign on your behalf with your certificate) is only supported on the Inteliquent platform and is not supported on the Vitelity platform.
Will there be any interruption to Vitelity services?
No impacts to calling services are expected while Vitelity’s STIR/SHAKEN solution is implemented. However, Vitelity could change attestation based on complaints received via industry robocall mitigation channels, with any attestation change affecting all traffic originating from the account in question.
How do you verify everything is working as planned?
Vitelity is providing signed authentication, where calls will be signed using our keypair and certificate. No network changes are required on any customer equipment, Vitelity will perform all the work, including lab testing and deployment of certification. You will receive a notice when STIR/SHAKEN signing is live for outbound calling.
Are there additional STIR/SHAKEN service support options for Vitelity customers?
If you’re not a wholesale partner or value-added reseller — As a Vitelity platform end user, STIR/SHAKEN support is included at no charge. For wholesale partners or value-added resellers, we are including STIR/SHAKEN support through the end of the calendar year at no charge.
For inbound calls, we will enable enhanced CNAM and the option to pass verstat ID in SIP headers. Enhanced CNAM will be optioned on by default. Passing verstat ID will be off by default. We will expose those configurations in the Vitelity customer portal in July 2021, and you will receive a maintenance notification with a date when those features will be available. Enhanced CNAM will be provided at no additional charge for phone numbers with CNAM service option selected.
What is attestation in practice?
Simply put, it is the process of investigation to determine a caller’s legitimacy. Many would call it the most important part of STIR/SHAKEN.
In the STIR/SHAKEN process, attestation occurs when the originating telephone service provider verifies the call’s source and call number to attest the incoming number’s authenticity.
“Attestation” is a very important concept within STIR/SHAKEN. This allows the service provider signing
the call to “attest” to their level of confidence that the caller does have permission to use the number
they are calling from.
A – Full Attestation: Authenticated the calling party is authorized to use the calling number
B – Partial Attestation: Authenticated the call origination but cannot verify the party is authorized to use the calling number
C – Gateway Attestation: Not able to authenticate the call source or authorized use of calling number
Does STIR/SHAKEN eliminate robocalls or fraud by itself?
Unfortunately, no. STIR/SHAKEN digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify a call is in fact from the number displayed on Caller ID. Thus, STIR/SHAKEN provides a verified originating service provider to identify where the call originated so if there is an issue with robocalling or fraud, the call can be traced, and the issue can be addressed with the originating service provider. The FCC order on participation in the Robocalling Mitigation Database provides a framework for handling the response, ensuring the originating carrier has contacts and is committed to participation in addressing robocall and fraud mitigation.
If a call is signed and validated via STIR/SHAKEN, does that indicate anything about the content, quality, or legitimacy of the call?
Again, unfortunately no. A validated call (TN-Validation-Passed) simply means the call was signed and an attestation provided by the originating service provider, and the authentication header was validated by the terminating service provider. STIR/SHAKEN by itself does not guarantee legitimacy of a caller, it makes it easier to trace and shut down abuse.
Additional Robocalling Mitigation Database Important Dates and Requirements
Equally important as the June 30, 2021 deadline for database submission, intermediate providers and terminating voice service providers will be prohibited from accepting traffic from voice service providers not listed in the Robocall Mitigation Database as of September 28, 2021.