Over the past several years, the FCC has been giving service providers flexibility to address unwanted and illegal calls. However, the passage in December 2019 of the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act requires carriers to implement STIR/SHAKEN programs by June 30, 2021. (For more information on TRACED & STIR/SHAKEN read here).
On October 1, 2020, the FCC released its Second Report and Order as part of its Call Authentication proceeding which addresses, among other things, extensions to and exemptions from the June 30, 2021 implementation deadline. Part of the Second Order requires all service providers (including certain foreign service providers) to register in a Robocall Mitigation Database, certifying that they are either STIR/SHAKEN compliant or they have a Robocall Mitigation Plan in place if they cannot meet the June 30 deadline.
- December 1, 2020 – Deadline for service providers (including small carriers) to file a petition for exemption from full deployment of STIR/SHAKEN
- March 30, 2021 – Wireline Competition Bureau notifies service providers when they may begin filing public certifications (via portal) in the Robocall Mitigation Database
- June 30, 2021 – Standard STIR/SHAKEN compliance deadline + earliest potential deadline for filing certifications in the Robocall Mitigation Database
How does STIR/SHAKEN work?
STIR/SHAKEN uses digital certificates, based on common public key cryptography techniques, to ensure the calling number belongs to the calling entity. All communication service providers must obtain their digital certificate from a certificate authority who is trusted and vetted by the Secure Telephone Identity (STI) Policy Administrator. Using this authentication and verification process the called party can be assured that the call originated from a source with the right to use the phone number.
- The originating service provider uses an authentication service to attest to the call and creates a Session Initiation Protocol (SIP) Identity header
- The SIP Invite with the Identity header is sent to the terminating service provider
- The terminating service provider performs verification
- The originating service provider’s digital certificate is retrieved from a public certificate repository as part of the verification process
- If verification passes, then the terminating service provider can provide an indication via the display on the device that the number is verified. It is up to the terminating carriers’ discretion how the indication is shown on the customer’s handset.
Where can Carriers get help?
First Orion deployed the first-ever-in-the-world implementation of STIR/SHAKEN. We now deliver STIR/SHAKEN for two Tier 1 carriers in the US. We help carriers navigate the regulatory world of STIR/SHAKEN and ensure compliance or robocall mitigation through our world-class solutions.
First Orion’s STIR/SHAKEN solution is deployed using our Transparency Hub platform, allowing additional First Orion solutions to be added with minimal implementation effort. Combining a STIR/SHAKEN solution from First Orion with our analytics solutions can also ensure incoming calls are informative, authentic, legitimate, and transparent. With a single query to the platform, all applicable services are processed at once, reducing latency.
First Orion’s analytic services use deep machine learning for enhanced Call Validation Treatment which allow carriers and enterprises to unlock the ability to deploy other services, such as call disposition and calling number category. Providing the STIR/SHAKEN solution via the First Orion Transparency Hub means these services can be implemented within the cloud or on premise (carrier-hosted).
Once the originating number has been verified– or not– service providers have the information they need to make decisions that protect consumers (such as category labeling or blocking), and they can minimize illegal, spoofed, or robocall activity.
For more information on STIR/SHAKEN and how First Orion can help, contact us.