SHAKEN/STIR: Can I sign my own calls?
Some service providers may be eligible to sign their own calls in the SHAKEN/STIR framework- we take a look at the requirements.
By Fiona McDonnell
Unless you’ve been living under a rock (or somewhere without a phone signal), you’ll know that over the last 3 years there’s been a huge increase in the number of spam and fraudulent calls across the United States. In order to combat this problem, the FCC (Federal Communications Commission) announced new rules to combat fraudulent robocalling. The framework is called SHAKEN/STIR, an acronym for Secure Handling of Asserted information using toKENs (SHAKEN) / Secure Telephony Identity Revisited (STIR).
As expected, the FCC has devised very clear standards to govern who is able to partake in the framework and in what capacity. Most customers will require their telephony provider to carry out call signing to comply with SHAKEN/STIR. However, some service providers are eligible to sign their own calls, even if they buy their numbers from Telnyx.
What do I need to sign my own calls?
Some companies may think that signing their own calls will result in a greater transparency over which attestation level they receive. There are a number of steps you’ll have to take if planning on signing your own calls. Firstly the company needs to be approved by the Secure Telephone Identity Policy Administrator (STI-PA) who is in turn vetted by the Secure Telephone Identity Governance Administrator (STI-GA). But it doesn’t stop there, the company will also need to fulfill the following requirements:
- Have a 499A (A Telecommunications Reporting Worksheet) on file with the FCC;
- Have an Operating Company Number (OCN), this is used to identify CLEC and Reseller usage data
- Have a robocalling mitigation plan filed with the FCC
- Have obtained valid certificates from an approved Certificate Authority
- Have implemented a SHAKEN/STIR solution on their network.
UPDATE: MAY 2023 - More recently, the FCC has stated that small Service Providers need to sign their own calls. Since June 30, 2022, small service providers are expected to sign their outbound calls with their own SHAKEN tokens.
Telnyx will continue to sign calls we receive that are unsigned, but Telnyx is not responsible for your compliance with FCC regulations.
How is Telnyx implementing SHAKEN/STIR?
If you’re getting Telnyx to sign your business calls, you can sit back & relax, we’ve taken care of everything for you. As a carrier, we have been approved by the STI-PA to participate in the SHAKEN/ STIR framework and are fully SHAKEN/STIR compliant*.
Today, Telnyx is authenticates every outbound call with a valid U.S. Caller ID that originates on the Telnyx platform and is abiding by the attestation levels listed above. We are also passing on SHAKEN/STIR headers of customers who have their own authorization toKENs along the PSTN.
Inbound calls with A attestation and a valid token will now have the 'verstat' parameter added to P-Asserted-Identity headers.
*Telnyx will sign and attest to any outbound call that is not signed by our customer. Customers, however, should be aware of any applicable regulatory requirements to directly participate in the SHAKEN/STIR ecosystem and to sign their own calls as mandated by the Federal Communications Commission. Telnyx will pass SHAKEN signatures along that we receive in any outbound calls.
What Attestation to expect
All calls on the Telnyx network receive an attestation without any action required from the customer.
If the number you’re using is on a Telnyx portal account, you do not send HVSD calls, and you have not received complaints, then your calls will receive an A attestation. If it is anyway unclear whether or not you can use that number and/or you have had a complaint or a questionable use case, you can expect to receive a B attestation. Read more on attestation in our earlier blog post.
More recently, the FCC issued a 2nd Report and Order regarding the implementation of STIR/SHAKEN. While reaffirming its original order establishing a June 30, 2021 deadline and strongly encouraging adoption of Internet Protocol networks, the FCC also acknowledged a number of open issues and gave special consideration to certain types of providers and call scenarios.
How to increase attestation
If you’re concerned about a B or C attestation rating, Telnyx can help. If you are a committed customer, don’t have any tracebacks or vendor complaints for fraudulent activity, and have a Know Your Customer process in place you could be eligible for an attestation adjustment. Reach out to your customer success manager for more information.