What is robocalling?
Let’s cover the basics- a robocall is a phone call that uses a computerized autodialer to deliver a pre-recorded message. While often associated with fraudulent schemes or scams, robocalls can also be used for good- such as spreading information quickly and widely, like public service announcements or emergency warnings.
Sometimes robocalls sound just like robots but with advancements in technology, it is becoming more and more difficult to distinguish robocalls from phone calls with real humans. However advancements of this type mean they are increasingly being used to commit fraud and scam unknowing people on the other end of the line.
This phenomenon has resulted in people being more reluctant to pick up the phone than ever before for fear they’ll end up the victim of a robocall scam. Phone call pickup rates in 2019 were at an all time low, with only 52% of all calls received by Americans are answered. And when the call comes from an unidentified number, the unanswered rate goes up to 3 of 4. For businesses that depend on phone calling as the main method of contact with customers, this is a huge issue- and it’s only getting worse.
According to Hiya, a staggering 58.5 billion robocalls were made to American mobiles in 2019, an increase of 22% on the 2018 figure.
Intro to SHAKEN/STIR
To help stem the issue with robocalling, the Federal Communications Commission (FCC) announced new rules to combat fraudulent robocalling. The framework is called SHAKEN/STIR, an acronym for Secure Handling of Asserted Information using toKENs (SHAKEN) / Secure Telephony Identity Revisited (STIR). So what does it really mean, who is involved and how will it work?
Understanding SHAKEN/ STIR
To start understanding the framework, we’ll break it down step-by-step:
The basic SHAKEN/STIR framework
- The calling party initiates a phone call through the originating service provider, which then contacts an internal authentication service to verify the caller ID number. The authentication service assigns an attestation level to the call and generates a signed token.
- The token is included as a header in the SIP INVITE and passed along to the terminating service provider, which contacts an internal verification service for analysis.
- The verification service reaches out to a certificate repository to validate the signature on the token.
- The call is completed to the recipient, and the terminating service provider can either pass along the verification results to the called party or take additional action, such as blocking the call.
- Originating service providers assign an attestation level to calls made on their network and assign a signed token.
On December 30, 2019 the TRACED Act was signed into law which directs voice service providers to implement SHAKEN/STIR by June 30th, 2021.
That’s all great, but what is an attestation I hear you ask? SHAKEN/STIR has a three-level system to categorize the essential information about the caller into levels of “attestation” for the call. The different levels describe the level of trust or proof a provider has in the caller’s right to use that particular number. The levels are:
Full Attestation (A): The provider knows the customer, knows they have a right to use the originating number, and knows that the call originated on their network. For numbers purchased in the Telnyx portal you should expect to recieve an 'A Attestation'.
Partial Attestation (B): The provider knows the customer but the customer may be using another provider's phone number. The call is legitimate but the provider can’t fully attest because of missing information.
Gateway Attestation (C): The provider can’t verify the customer or the phone number and has no way of knowing whether the call is legitimate. The originating provider will still attest to the call in order to mark that the call originated on their network.
Telnyx is well-aware of gaps in attestation levels for unique enterprise use cases legitimately spoofing numbers. Telnyx is working with industry groups and participants to identify opportunities to bridge this gap. Currently, Telnyx is looking at industry specifications on Delegate Certificates which would allow enterprises to provide originating service providers proof of having access to certain numbers. Similarly, Telnyx is investigating using two-factor-authentication methods as proof of TN ownership.
Who is involved?
There are different teams involved in the SHAKEN/STIR network (and they all have particularly long names). It’s a little easier to understand if we draw it out:
- The Secure Telephone Identity Governance Authority (STI-GA) manages the SHAKEN/STIR infrastructure and vetting of the Secure Telephone Identity Policy Administrator.
- The Secure Telephone Identity Policy Administrator (STI-PA) vets voice service providers and approves participants in the SHAKEN/STIR framework.
- The Secure Telephone Identity Certificate Authorities (STI-CA) provide the certificate requesting and managing infrastructure to STI-PA approved participants. Check out the list of approved certification authorities to see which one best suits your needs.
How is Telnyx implementing SHAKEN/STIR?
Telnyx has been working diligently to meet the SHAKEN/ STIR implementation deadline of June 30th, 2021, set forth by the FCC. We have been approved by the Secure Telephone Identity Policy Authority (STI-PA) and have completed initial rounds of testing with various industry participants.
Telnyx is now exchanging authenticated traffic with a handful of providers to begin the fight against robocalling. Today, Telnyx is authenticating every outbound call with a valid U.S. Caller ID that originates on the Telnyx platform and is abiding by the attestation levels listed above. Customers can send their own identity header that Telnyx passes along to the PSTN. Customers should see calls with identity headers come through.
Various industry developments around unique enterprise use cases continue to be addressed by industry bodies, and Telnyx will continue to update customers on what to expect in terms of SHAKEN/STIR capabilities.
Share on Social