Unless you’ve been living under a rock (or somewhere without a phone signal), you’ll know that over the last 3 years there’s been a huge increase in the number of spam and fraudulent calls across the United States. In order to combat this problem, the FCC (Federal Communications Commission) announced new rules to combat fraudulent robocalling. The framework is called SHAKEN/STIR, an acronym for Secure Handling of Asserted information using toKENs (SHAKEN) / Secure Telephony Identity Revisited (STIR), and must be implemented by June 30th, 2021.
As expected, the FCC has devised very clear standards to govern who is able to partake in the framework and in what capacity. Most customers will require their telephony provider to carry out call signing to comply with SHAKEN/STIR. However, some service providers are eligible to sign their own calls, even if they buy their numbers from Telnyx.
What do I need to sign my own calls?
Some companies may think that signing their own calls will result in a greater transparency over which attestation level they receive. There are a number of steps you’ll have to take if planning on signing your own calls. Firstly the company needs to be approved by the Secure Telephone Identity Policy Administrator (STI-PA) who is in turn vetted by the Secure Telephone Identity Governance Administrator (STI-GA). But it doesn’t stop there, the company will also need to fulfill the following requirements:
- Have a 499A (A Telecommunications Reporting Worksheet) on file with the FCC;
- Have an Operating Company Number (OCN), this is used to identify CLEC and Reseller usage data
- Have a robocalling mitigation plan filed with the FCC
- Have obtained valid certificates from an approved Certificate Authority
- Have implemented a SHAKEN/STIR solution on their network.
For many smaller providers, it can be a lot of time and effort to get these docs and solutions in order. That’s where Telnyx comes in.
How is Telnyx implementing SHAKEN/STIR?
If you’re getting Telnyx to sign your business calls, you can sit back & relax, we’ll handle everything for you. As a carrier, we have been approved by the STI-PA to participate in the SHAKEN/ STIR framework and have completed initial rounds of testing with various industry partners.
Today, Telnyx is authenticating every outbound call with a valid U.S. Caller ID that originates on the Telnyx platform and is abiding by the attestation levels listed above. We are also passing on SHAKEN/STIR headers of customers who have their own authorization toKENs.
Customers should see inboudn calls with identity headers come through. Inbound calls with A attestation and a valid token will now have the 'verstat' parameter added to P-Asserted-Identity headers.
What Attestation to expect
All calls on the Telnyx network receive an attestation without any action required from the customer.
If the number you’re using is on a Telnyx portal account, you do not send HVSD calls, and you have not received complaints, then your calls will receive an A attestation. If it is anyway unclear whether or not you can use that number and/or you have had a complaint or a questionable use case, you can expect to receive a B attestation. Read more on attestation in our earlier blog post.
More recently, the FCC issued a 2nd Report and Order regarding the implementation of STIR/SHAKEN. While reaffirming its original order establishing a June 30, 2021 deadline and strongly encouraging adoption of Internet Protocol networks, the FCC also acknowledged a number of open issues and gave special consideration to certain types of providers and call scenarios.
How to increase attestation
If you’re concerned about a B or C attestation rating, Telnyx can help. If you are a committed customer, don’t have any tracebacks or vendor complaints for fraudulent activity, and have a Know Your Customer process in place you could be eligible for an attestation adjustment. Reach out to your customer success manager for more information.
Share on Social