In one of our previous blogs, we addressed one of the most recent industry concerns. We went about STIR/SHAKEN, robocalls, and what it all represents for Bicom Systems.
This time, we’ve gone through some of the most often asked questions on this subject. All in the name of clarifying this complex topic for both professionals and non-experts.
1. What is STIR/SHAKEN?
Due to the increase in illegal robocalls, Congress passed the TRACED Act in 2019, requiring all telephone operators to implement call authentication at no cost to their consumers. Robocalls are now more than simply a nuisance; they are a menace to public safety and welfare.
STIR stands for Secure Telephony Identity Revisited, a set of technical standards developed by the IETF (Internet Engineering Task Force). Its purpose is to validate the caller’s identity.
SHAKEN is an acronym for Signature-based Handling of Asserted information using toKENs, a framework developed by the ATIS (Alliance of Telecommunications Industry Solutions) focusing on implementing STIR standards in the networks of voice service providers.
It is a set of rules and procedures that raise the security level of calls to a higher level. It achieves the aforementioned by verifying caller ID and assigning a “digital fingerprint’ to each call.
2. How does STIR/SHAKEN Work?
In essence, it blocks unwanted calls and thus protects loyal users of your network. It does this by assigning a ‘digital fingerprint’ in the form of an encrypted certificate to each call. The certificate serves to confirm the legitimacy of the number behind the call. Each telecom operator must obtain certificates from the STIR/SHAKEN Certified Authority (CA).
3. What does FCC stand for?
FCC is an abbreviation for the Federal Communications Commission. The FCC has requested service providers to provide a solution to combat illegal call spoofing and protect their customers from hackers due to the massive quantity of illegal robocalls across all major networks.
4. What is the implementation deadline?
The implementation date was June 30, 2021. Smaller businesses with fewer than 100,000 subscriber lines have an extra two years.
5. Who Must Comply with the STIR/SHAKEN Rule?
All major telephone companies had to implement STIR/SHAKEN by June 30 last year, as instructed by the Federal Communications Commission.
6. Who is not subject to the law?
STIR/SHAKEN currently applies only to calls originating from VoIP (Voice over Internet Protocol). It does not apply to businesses that are not registered as voice service providers.
7. Do operators in Canada have to implement STIR/SHAKEN as well?
Yes, carriers in both Canada and the United States must use STIR/SHAKEN call authentication solutions. Each country has its own legislature and implementation deadlines.
When it comes to other countries, many regulators in Europe are monitoring the implementation of STIR/SHAKEN in the US and Canada. They have already launched the development of initiatives in their countries.
8. What Is Bicom Systems Doing?
Bicom Systems’ PBXware is the first and most mature Professional Open Standards Turnkey Telephony Platform on the market. Since 2003, PBXware has delivered flexible, dependable, and scalable new-generation communication solutions to SMBs, companies, and governments throughout the world by combining the most cutting-edge technologies.
In PBXware version 6.4.3, we have implemented the STIR/SHAKEN ‘Call Filtering’ option and added the ‘Pass PAI Header’ option to support Polycom phones STIR/SHAKEN Caller ID Validation.
Also, to increase the chance of a higher attestation level, PBXware owners should make sure a valid Caller ID leaves the system (Caller ID should be within the DID range).
SIP-service providers must support STIR/SHAKEN since they sign calls so that the terminating provider knows it is a legal call.
9. Is Bicom Systems compliant with the STIR/SHAKEN rule?
As previously stated, we have taken all necessary efforts to secure PBXware users; however, because Bicom Systems is not a VSP company (Voice Service Provider), we do not comply with the STIR/SHAKEN law.
10. Is SMS text messaging covered by STIR/SHAKEN?
No, STIR/SHAKEN does not now apply to SMS/text messaging; it only applies to phone calls.
11. Are call centers required to implement STIR/SHAKEN?
No, it is the telecom operator’s responsibility to implement the STIR/SHAKEN call authentication standard. Call centers must adopt processes and modify their architecture in order to achieve the highest possible “attestation level,” ensuring that their calls do not end flagged as spam.
One option is to purchase phone numbers from an operator that has already implemented the STIR/SHAKEN protocol and has declared their numbers as “secure.”
12. What are the STIR/SHAKEN attestation levels?
The STIR/SHAKEN framework relies on three different levels of call attestation, with the (A) attestation being the one with the highest level of confidence by the service provider:
- Full Attestation (A): The caller and the origin of the call are known to the operator, and the call is marked as safe.
- Partial Attestation (B): The user dialing the number is approved by the service provider, but the provider cannot verify the origin of the call.
- Gateway Attestation (C): The service provider has authorized the call on the network but cannot verify the originator of the call (e.g., the call is routed through an international gateway, or the user making the call uses outdated equipment).
13. Will STIR/SHAKEN keep your phone numbers and brand name safe from ID spoofing?
Yes, STIR/SHAKEN will aid in the prevention of illegal call spoofers by misusing brand reputations and illegally using non-registered phone numbers on Caller ID by utilizing three levels of attestation, as mentioned above.
14. Is the cost of calls and/or numbers going to increase as a result of per-call validations?
No, due to the FCC and the TRACED Act, which requires carriers to provide users with free anti-robocalling solutions.
15. What impact will STIR/SHAKEN have on consumers?
When more operators adopt the STIR/SHAKEN standard, it will be possible to confirm telephone numbers and their origin. There is currently no method to make this happen, but operators are attempting to discover the best approach to provide confirmed calls to their customers.
If the call can be authenticated, a symbol on the call screen or a verification date can be used to alert the user. If this is not the case, the user may be warned that the Caller ID has not been confirmed.
The goal of these notifications is to provide the user the option of accepting or rejecting the call if he has any reservations about the source.
The TRACED Act and the implementation of STIR/SHAKEN technology are the most recent steps in the telecommunications industry’s fight against rising cyber-attacks and cyber-crime, which affects worldwide communication and the global economy. The infrastructure that supports this massive, ever-changing organism is evolving and increasing, providing greater opportunities for cybercriminals to use it for illicit purposes, putting the telecoms sector and its consumers in danger. STIR/SHAKEN technology mitigates this risk by deploying a standardized system of devices, software, and protocols across the telecommunications infrastructure; additionally, STIR/SHAKEN is a solution that safeguards information transmitted by Internet Service Providers as well as subscribers’ voice and data records.
We hope that we have adequately described and clarified this complex subject, and if you have a want or need to learn more about it, please visit the following links:
- The Federal Communications Commission (United States): www.fcc.gov,
- Canadian Radio-television and Telecommunications Commission (Canada): www.crtc.gc.ca.
- Bicom Systems – Official Blog: blog.bicomsystems.com
All details presented in this document are for informational purposes only and do not constitute any form of legal or regulatory advice. Bicom Systems highly recommends that all voice services providers seek consultation from legal and/or telecom compliance experts regarding your company’s obligations for STIR/SHAKEN and all other FCC rules and regulations.