STIR SHAKEN

STIR/SHAKEN Verification Tool

Check Stir Shaken attestation levels and avoid being wrongly labeled as “spam”. Maximize call answer rates, protect your brand reputation, and successfully execute outbound calling campaigns.

Are you Stir Shaken Compliant?

The Federal Communications Commission (FCC) requires voice service providers to implement STIR SHAKEN framework to impose call authentication technology on Voice over Internet Protocol (VoIP) calls and business communications in North America.

By Being Stir Shaken compliant you can protect your phone numbers from call blocking, spoofing, and spam tagging and deliver an accurate and consistent call display to increase contact rates and engagement while protecting brand reputation.

Easily Verify That Your DIDs Meet STIR/SHAKEN Requirements

As more carriers start to roll out STIR SHAKEN authentication, phone numbers and call sources will be meticulously verified for attestation levels. Our BYOC STIR/SHAKEN Verification tool can help you identify your attestation levels and assist you to build trust and confidence in your voice calls.

Ishay Korn
VP IT Services

STIR is an acronym for the Secure Telephone Identity Revisited (STIR). SHAKEN is an acronym for Signature-based Handling of Asserted Information Using Tokens (SHAKEN).

Customer retention improves with STIR/SHAKEN confidence. The FCC STIR/SHAKEN mandate creates the USA standards that enable both CPaaS, UCaaS, and CCaaS providers & end-users to verify that a call is really from the number shown on the Caller ID. The goal is to reduce robocalls from spoofed numbers.

Fast. Easy. Complete.

BYOC STIR/SHAKEN Verification Tool is the only easy-to-use tool that allows you to quickly check Stir Shaken authentication of multiple numbers and obtain in-depth analysis of your certificate levels! It all adds up to improving customer engagement & end-user call experience.

The STIR/SHAKEN verification tool is very versatile; it can be used by end- enterprises/companies and UCaaS/CPaaS/CCaaS providers alike!

This tool enables you to:

  • Check STIR/SHAKEN on bulk DIDs
  • Troubleshoot any issues
  • Get recommendations on fixes
  • Verify that the fixes worked

46%

Americans receive spam every day

2,034%

robocalls happen per second

1 in 5

Americans lose money annually

$29.3B

billion amount consumers lost to phone scams

Why Use The IDT STIR SHAKEN Verification Tool?

This tool ensures:

  • Your voice calls have high answer rates
  • Your carrier is not rejecting your calls due to low certification levels
  • Calls are not branded as scam/untrustworthy

All of these can harm the performance of your app as well as customer retention efforts. Start cleaning up your DIDs.

 

What are Attestation Levels?

In a STIR-SHAKEN call, the originating service provider attests via data in the SIP header to their relationship with the caller and the caller’s right to use the calling number.  One part of the data is the Attestation level.  There are three levels of attestation that can be applied to a call:

“A” Attestation — Full

The voice service provider knows the end-user customer and their right to use the phone number.

“B” Attestation — Partial

The voice service provider knows the end-user customer but not the source of the phone number.

“C” Attestation — Gateway

The service provider has originated the call onto the network but cannot authenticate the call source e.g., international gateway.

Once a call has been given an Attestation level, that level may not be changed by another carrier.

Understand STIR-SHAKEN and know about the obligations you may have under its rules

 

What is STIR-SHAKEN?

STIR-SHAKEN is really two things:  a technology and a policy.

STIR/SHAKEN is a technology framework designed to reduce illegal robocalls. STIR stands for Secure Telephony Identity Revisited. SHAKEN stands for Secure Handling of Asserted information using toKENs. STIR/SHAKEN combines a trusted Caller ID authentication process along with the introduction of an automated traceback capability.

STIR-SHAKEN is also a policy, created by the U.S. government and implemented through a series of rules for the purpose of stopping illegal robocalls from reaching U.S.-based called parties.  The policy creates a new U.S. regulator – the Industry Traceback Group – to work with carriers to trace illegal robocalls back to the originating carrier.

STIR-SHAKEN generally applies to carriers originating, transporting and terminating IP-based calls to the U.S. when those originating and terminating phone numbers are associated with a U.S. state or territory, i.e., the United States and are in the North American Numbering Plan Format 1+(NPA)(NXX)(XXXX).

While this may seem surprising to many non-U.S. carriers, STIR-SHAKEN rules apply and obligations extend to the relationship between U.S. carriers and many foreign carriers.

Is your U.S. or non-U.S. Company subject to STIR-SHAKEN?

The FCC’s rule to register in the Robocall Mitigation Database and to file an Robocall Mitigation Plan (“RMP”) covering all calls you originate but for which you do not create a STIR-SHAKEN header applies to what the FCC calls a “voice service provider” (“VSP”).  Is your company a VSP?  Ask yourself a few questions:  Do you:

  1. Have customers who originate calls on your IP network using a calling party and called party phone number associated with the United States and are in the North American Numbering Plan Format 1+(NPA)(NXX)(XXXX)?
  2. If you answered “Yes,” do you directly or via third-party carriers transmit those calls for termination to the United States, including its territories, e.g., Puerto Rico and Guam, where the calls are, in fact, terminated?

If you answered “No” to one or more of these questions, you may not be subject to the FCC’s STIR-SHAKEN Rules.

However, if you answered “Yes” to these two questions, then you are likely subject to the FCC’s STIR-SHAKEN Rules for those calls subject to the STIR-SHAKEN Rules, so please keep reading.

If you are subject to the STIR-SHAKEN rules, What are your obligations under the U.S. LAW?

Registering as a Voice Service Provider with the FCC

By June 30, 2021, you must register as a Voice Service Provider (“VSP”) with the FCC.  Certifications, identification information, and contact information must be submitted via a portal on the FCC’s website.

As a VSP, beginning June 30, 2021, you must assist the FCC, ITG, or other authorized U.S. entity in inquiries regarding illegal robocalls you may have (knowingly or unknowingly) originated, transmitted, or terminated, and you need to undertake good faith efforts to ensure that you are not willfully transmitting such calls.  If you are subject to the STIR-SHAKEN Rules, you must abide by them:  failure to do so may result in U.S. carriers being absolutely prohibited from receiving voice service traffic from you.

Of equal importance when you register as a VSP, you must also certify to the FCC as to whether all, some or none of your voice service calls originated on your IP network are signed by you using STIR-SHAKEN protocols.  What does it mean to sign calls using STIR-SHAKEN protocols?  We’ll discuss that below.  But first, let’s assume that at least initially, none or at least some of your voice service calls will be signed.  If less than all of your voice service calls are signed using STIR-SHAKEN protocols, these unsigned calls are subject to what the FCC calls a Robocall Mitigation Program.  A RMP is, essentially, an explanation of the steps you are taking to ensure that you are not originating illegal robocalls.  One way may be through knowing your customers and the traffic they originate.  Other ways may be through studying the traffic you originate and looking for indicators of illegal robocalls.  If you look on the FCC’s registration website, you will see many carriers that have filed RMPs.  A review of these plans may provide suggestions for you to adopt into your own RMP.

A critical component of a RMP is your stated commitment to respond fully and in a timely manner to requests from the FCC, ITG or other authorized U.S. entity.  When thinking about signing your calls using STIR-SHAKEN protocols and developing an RMP, keep in mind the FCC’s stated goal:  that the only voice traffic to traverse voice networks in the U.S. is from those voice service providers that have either fully implemented STIR-SHAKEN on their entire networks or that have implemented a RMP on those portions of their networks that are not STIR-SHAKEN-enabled.

Certifications, identification information, and contact information must be submitted as part of your RMP via a portal on the FCC’s website here on or before June 30, 2021.  Instructions for submitting a certification and this information can be found here.  VSPs must submit any necessary updates because of changes to their certification, identification information, or contact information to the Commission within 10 business days of the change.

The Robocall Mitigation Database is available on the Commission’s website here.

A list of VSPs that have submitted certifications, may be downloaded from here.

What exactly are STIR-SHAKEN protocols?

When a call is made, a SIP invite is initiated by the calling party. The originating voice service provider receives it and checks the source of the call and calling number to determine the attestation level.

The originating service provider – either on its own or via a third-party authentication service – creates an encrypted SIP identity header that includes:

  • Originating party number
  • Called party number
  • Current date and timestamp
  • Attestation level
  • A unique origination Identifier for traceback

Then, the SIP Invite, along with the SIP identity header, is sent to the intermediate or terminating provider, who – either on its own or via a third-party service – attempts to verify the SIP invite.

What are Attestation Levels?

In a STIR-SHAKEN call, the originating service provider attests via data in the SIP header to their relationship with the caller and the caller’s right to use the calling number.  One part of the data is the Attestation level.  There are three levels of attestation that can be applied to a call:

Full or “A” Attestation:
The voice service provider knows the end-user customer and their right to use the phone number.

Partial or “B” Attestation:
The voice service provider knows the end-user customer but not the source of the phone number.

Gateway or “C” Attestation:
The service provider has originated the call onto the network but cannot authenticate the call source e.g., international gateway.

Once a call has been given an Attestation level, that level may not be changed by another carrier.

How do carriers obtain authorization to implement a SIP Header including Attestation Level?

To become authorized to implement SIP Headers with an Attestation Level, a voice service provider must file an application with the Secure Telephone Identity Policy Administrator (“STI-PA”).  The STI-PA is a company called “iconectiv” and the information they provide on how to obtain a Service Provider Account is found here

The Service Provider Token Access Policy requires that Voice Service Providers seeking to register also meet three criteria:

  1. Have a current form 499A on file with the FCC;
  2. Have been assigned an Operating Company Number (“OCN”); and
  3. Have certified with the FCC that they have implemented STIR/SHAKEN or comply with the Robocall Mitigation Program requirements and are listed in the FCC’s Robocall Mitigation Database.

You can file for an FCC 499A from this page

You can obtain an OCN from this page (If you are not a telephone company, you can apply for an IP Enabled Service OCN (“IPES OCN“))

We have discussed the requirements for #3 above in this article.

What happens if you are not in compliance with the FCC’s STIR-SHAKEN Rules?

If you are not in compliance with the FCC’s STIR-SHAKEN Rules – specifically, if you are not registered with the FCC and with (at least) a RMP on file as discussed above – beginning September 28, 2021, for those calls you originate that are subject to the FCC’s STIR-SHAKEN Rules, no voice service provider will be able to accept these calls for termination in the U.S. because it will be a violation of U.S. law to do so. 

How can IDT help you comply with the FCC’s STIR-SHAKEN Rules?

If you are registered with the FCC and have a RMP on file, we will be able to accept your calls after September 28, 2021:  we will assign them the appropriate Attestation level.  There are some additional things IDT can do to help you to comply with the FCC’s STIR-SHAKEN Rules. We cannot be your legal counsel; we cannot help you fill out forms and we cannot provide legal advice.  If you would like to better understand what we can do for you, contact IDT Express sales team.

 

Recommended Readings

  1. TRACED Act Implementation
  2. Robocall Mitigation Database Opens; Filing Instructions and Deadlines