SHAKEN/STIR, what do I need to know?
Over the last couple of years, the number of spam phone calls has been on the rise- SHAKEN/ STIR aims to change that trend.
By Fiona McDonnell
Over the last couple of years, the number of fraudulent and spam phone calls being made to American phone numbers has been steadily on the rise. To help combat this problem the Federal Communications Commission (FCC) has developed a new framework SHAKEN/ STIR- which stands for Secure Handling of Asserted information using toKENs (SHAKEN) / Secure Telephony Identity Revisited (STIR).
What is SHAKEN/STIR?
SHAKEN/STIR is a new technology standard developed by industry experts to combat the rise in fraudulent robocalls and illegal phone number spoofing.
In the framework, originating service providers assign an attestation level to calls made on their network and assign a signed token that is included as a header in the SIP INVITE which is passed to the terminating service provider (TSP). The signature on the token is validated by a verification service and the call is sent to the recipient. The TSP can either pass along the verification results to the called party or take additional action, such as blocking the call.
What is Attestation?
SHAKEN/STIR has a three-level system to categorize the essential information about the caller into levels of “attestation” for the call. The different levels describe the level of trust or proof a provider has in the caller’s right to use that particular number, with attestation levels ranging from 'A' to 'C'.
What are the differences between A, B, and C attestation?
Full Attestation (A): The provider knows the customer, knows they have a right to use the originating number, and knows that the call originated on their network. For numbers purchased in the Telnyx portal, you should expect to receive an 'A Attestation'.
Partial Attestation (B): The provider knows the customer but the customer may be using another provider's phone number. The call is legitimate but the provider can’t fully attest because of missing information.
Gateway Attestation (C): The provider can’t verify the customer or the phone number and has no way of knowing whether the call is legitimate. The originating provider will still attest to the call in order to mark that the call originated on their network.
For an in-depth review of the requirements for each level, check out our previous post which takes deep dive into attestation.
What attestation can a Telnyx customer expect?
Telnyx customers who have purchased numbers from Telnyx can expect to receive an A attestation. If a Telnyx customer is using a number that is not on the Telnyx portal, the customer will be assigned a B attestation.
Telnyx customers with HVSD traffic can expect B attestation.
Is there a way that Telnyx customers can have their attestation increased?
Customers who would like to receive an A attestation should consider porting their numbers over to the Telnyx portal. With Fastport, customers can port their numbers to Telnyx in just a few clicks while maintaining complete control and transparency throughout the porting process.
In the case where this is not possible, the customer must meet the below requirements to be considered for increased attestation:
- They must be a committed customer
- They cannot have any Traceback complaints or subpoenas related to fraud.
- They should have a KYC (know your customer) vetting system to ensure that bad actors cannot get on their network.
Will Telnyx customers be notified if we add attestations to their calls and what attestation they received?
Telnyx is fully compliant with SHAKEN/STIR and, as such, all calls originating on the Telnyx network will receive an attestation. There is no action required from the customer.*
The customer will not be notified of the attestation it receives from Telnyx but customers should be able to predict attestation level based on the requirements outlined in the above questions. *Telnyx will sign and attest to any outbound call that is not signed by our customer. Customers, however, should be aware of any applicable regulatory requirements to directly participate in the SHAKEN/STIR ecosystem and to sign their own calls as mandated by the Federal Communications Commission. Telnyx will pass SHAKEN signatures along that we receive in any outbound calls.
Can providers block inbound calls based on attestation?
Providers are not allowed to block calls based solely on attestation level, but the FCC has provided safe harbors to terminating providers who leverage authentication data to influence their filters. For more information on how to ensure your calls do not get caught by terminating spam filters, check out this support article.
How does Telnyx plan to handle attestations for self-service customers?
If the self-service customer provides all the required information on sign-up, and they have bought/ ported numbers to Telnyx they will receive attestation A.
In the case of MSPs, does Telnyx only provide 1 Token?
Yes, Telnyx provides just 1 Token for all customers, inclucding MSPs. As a participant of the Industry Traceback Group, Telnyx strongly encourages every customer leveraging termination services through Telnyx to register as an ITG participant so that we can work together to end illegal robocalls and protect consumers from fraudulent behavior.
Is there an additional cost for customers who want to authenticate traffic?
The FCC has mandated that service providers cannot charge for SHAKEN/ STIR services and so it will be free to all Telnyx customers.
What happens to inbound calls that are signed by other providers/ customers?
Customers will see inbound calls with identity headers come thorugh. Inbound calls with A attestation and a valid token will now have the 'verstat' parameter added to P-Asserted-Identity headers.
If you still have questions surrounding SHAKEN/ STIR and Traceback, please get in touch with our team of experts.