Is Your Voice Provider Compliant with the STIR/SHAKEN Standards?

In our last post, we discussed some of the FCC regulations that impact Voice over IP (VoIP) providers. Specifically, providers must pay into the Universal Services Fund (USF) and meet FCC reporting requirements. Some providers that resell VoIP and unified communications (UC) services don’t realize their responsibilities. They face the risk of an FCC audit, which puts their customers at risk of rate increases or service disruptions.

Robocall Regulations

The USF is just one of the FCC’s requirements. A newer regulation involves the implementation of the STIR/SHAKEN caller ID authentication standards. The standards are designed to combat robocalls that fraudulently “spoof” caller IDs.

Large voice service providers began implementing the STIR/SHAKEN standards in June 2021. The FCC gave small non-facilities-based voice providers a one-year extension until June 30, 2022. Small facilities-based voice providers had to implement the standards by June 30, 2023. All providers must also file a Robocall Mitigation Plan describing the steps the provider has taken to reduce the risk of illegal robocalls.

 

The Robocall Problem

According to the TNS 2023 Robocall Investigation Report, Americans received 70 billion robocalls in 2022. Although that number is large, it represents an 11 percent decrease from 2021. TNS attributes the decrease to the implementation of the STIR/ SHAKEN standards by major carriers. The report also notes that 73 percent of robocalls originate from VoIP numbers.

Robocalls are more than a nuisance. Fraudsters use robocalls in scams to get the victim to send them money or reveal credit card numbers and other personal information. In one common scam, fraudsters pretend to be Amazon representatives who try to access the victims’ accounts. Fraudsters also pose as tax preparers and target individuals who receive tax lien notices. The scammers try to get personal information and even bogus fees.

 

The STIR/SHAKEN Standards

Studies show robocall recipients are more likely to answer if the caller ID or number is familiar. One common tactic is to spoof the number so that it appears to be in the same local area as the recipient. The recipient might assume a neighbor is calling.

The STIR/SHAKEN standards work together to authenticate caller ID information. Developed by the Internet Engineering Task Force, the Secure Telephony Identity Revisited (STIR) protocol creates a digital signature for each phone call. The digital signature includes the call’s origin information and the caller’s identity. The digital signature is then embedded in the Session Initiation Protocol (SIP) messages used to route the call to its destination. Secure Handling of Asserted Information Using Tokens (SHAKEN) was developed by the Alliance for Telecommunications Industry Solutions to provide a framework for implementing STIR technology.

The Secure Telephony Identity Policy Administrator (STI-PA) serves as the trust authority. STI-PA selects certificate authorities and gives each service provider a token for acquiring public and private keys. When someone places a call, the originating service provider encrypts and signs the call details using its private key. The terminating service provider uses the originator’s public key to access the call details and verify them through a certificate authority.

 

Why Compliance Is Critical

All voice providers are now required to implement STIR/SHAKEN, and the FCC is showing no tolerance for noncompliance. On Oct. 3, 2022, the agency announced it would remove seven providers from the Robocall Mitigation Database if they didn’t demonstrate compliance within 14 days. Removal from the database would block all calls from the providers’ customers.

GDS is fully compliant with the STIR/SHAKEN standards.

FCC Chairwoman Jessica Rosenworcel said, “If a provider doesn’t meet its obligations under the law, it now faces expulsion from America’s phone networks. Fines alone aren’t enough. Providers that don’t follow our rules and make it easy to scam consumers will now face swift consequences.”

GDS is fully compliant with the STIR/SHAKEN standards. Our customers can rest assured that their service will continue uninterrupted. They are also protected from illegal robocalls to the extent the latest technology will allow. Contact us to discuss your business voice communications needs.

 

 

 

Benefits of Managed IT Services from Global Data Systems

  • Strategic Managed IT: We help you solve your technology related business problems.
  • Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
  • Support: When you need help simply call our 24x7x365 support number.
  • Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.

Contact Managed Services Provider, Global Data Systems >