STIR/SHAKEN – things you need to know and do

 

By Simon Woodhead

You’re hopefully aware that STIR/SHAKEN is coming in the USA and where we stand with it. See we’re 1%ers if not. 

As it stands, the 99% of eligible operators who are not yet in a position to comply have until 30 June 2021 to do so, or until December 1st to plead ineptitude and request an extension. Simwood is ready and other carriers are ready, so this is happening and going to affect your life long before 30 June 2021.

So what exactly does it mean? If you have numbers from a US carrier, they will be receiving STIR/SHAKEN tokens from already compliant peers for inbound calls. We are, but very few of them so far.

Our present understanding is that we’re only allowed to pass those on to bona fide carriers, so anyone else, and this includes resellers, so called CPaaS as well as end-users, are reliant on their upstream carrier to process these. Our intention is to filter invalid calls to our US numbers as we intend to do in the UK per GC c6, but as in the UK, we need to wait until we have a critical mass of calls that will pass before setting that active. Bear in mind though, STIR/SHAKEN is about tracking back the originator of robocalls, not necessarily blocking them, so other carriers may elect to do nothing with invalid attestations.

Whilst we can’t pass the token through, we are already passing through a derivation of it to eligible Simwood customers. This includes confirmation of whether the signature was valid, the level of attestation (which I’ll explain shortly), as well as key other pieces of intel to enable our customers to determine whether to trust the call. This of course is only possible on Simwood issued numbers or numbers ported to Simwood. 

When it comes to outbound calls, we have to apply a digital signature to the call, or perhaps you do. If you’re a bona fide carrier you’ll be able to get your own certificate and do so, but most will be reliant on their carrier doing it. However, calls are not merely signed, they are attested to a level of confidence. The level of attestation is significant and affects what other networks do with it, but will itself be dependent on the relationship between you and the carrier.

In the olden days a given line or circuit had a number attached to it. Carriers could change caller ID but end-users or smaller operators could not. VoIP has reversed that and indeed many providers and indeed many CPaaS rely on consuming inbound services in one place, outbound in another, and changing the CLI as the applications requires. STIR/SHAKEN will kill this model due to attestation.

If you send a call to Simwood with a CLI that does not represent a number we have on-net, we can only attest your call at the ‘B’ or more likely ‘C’ level. Some operators may choose to filter ‘C’ calls, as all unsigned calls will pick up a ‘C’ attestation at the first legitimate operator they hit – it basically says ‘trace it back to us but we don’t know if it is real or not’. Indeed, robocallers spoofing your numbers will get a ‘C’ too – they’ll just be traceable back to the operator that gave it to them. You want an ‘A’ attestation on your calls in order to sail through any filters but also to benefit from a “verified” checkmark on some wireless carriers. Expect consumers to only answer “verified” calls in the future.

LevelNameDescription
AFull AttestationThe carrier attests that the originating phone number is known to belong to the customer sending the call.
BPartial AttestationThe carrier attests that it know that the call came from a particular customer, but does not recognize the originating number.
CGateway AttestationThe carrier attests that the call comes from a known gateway or service provider, but doesn’t know the customer or the originating number.

In short, this takes us back to the linkage between inbound and outbound. If you want an ‘A’ attestation, which you do, then you need to be sending outbound calls through the same carrier that the number you’re using as CLI is with. Any resellers or CPaaS in the middle will need to do the same. Perhaps, rather than an inbound carrier, an outbound carrier and a CPaaS, you just need a one-stop shop for all. Naturally, I’d contend Simwood is the best option there!

There is a window of opportunity to create real competitive advantage here as your Enterprise customers aren’t going to want to wait until June 2021 or even later to get their “checkmark” on mobile phones. They want it now, and you can give it to them by working with us to give them an ‘A’ attestation on all their calls.

Those who are bona fide carriers who are struggling with STIR/SHAKEN have until December 1st to request an extension. Come and talk to us though because we can probably help you make the whole journey less stressful!