How Commio is Leading STIR/SHAKEN Compliance

Michael Tindall

“American consumers are sick and tired of unwanted robocalls, this consumer among them. Caller ID authentication will be a significant step towards ending the scourge of spoofed robocalls. It’s time for carriers to implement robust caller ID authentication.” – FCC Chairman Ajit Pai (2020)

How Will Caller ID Authentication Help Consumers?

“Caller ID authentication is a new system aimed at combating illegal caller ID spoofing,” according to the Federal Communications Commission (FCC). “Such a system is critical to protecting Americans from scam spoofed robocalls and would erode the ability of callers to illegally spoof a caller ID, which scammers use to trick Americans into answering their phones when they shouldn’t.”

“Additionally, consumers and law enforcement alike could more readily identify the source of illegal robocalls and reduce their frequency and impact. Industry stakeholders are working to implement caller ID authentication, which is sometimes called STIR/SHAKEN. Once implemented, it should greatly help the accuracy of caller ID information and should allow voice service providers to provide helpful information to their consumers about which calls to answer.”

What Does STIR/SHAKEN Mean?

STIR/SHAKEN is a framework of interconnected standards. STIR/SHAKEN are acronyms for the Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) standards.

This means that calls traveling through interconnected phone networks would have their caller ID “signed” as legitimate by originating carriers and validated by other carriers before reaching consumers. STIR/SHAKEN digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify that a call is in fact from the number displayed on Caller ID.

What is Attestation?

Tokens are the mechanism that originating providers use to digitally sign a call as being legitimate. The digital token contains all sorts of information about the call. It’s mostly information contained in traditional call stream data, but it also contains a piece of information called “Attestation Level” which attempts to describe the legitimacy of the call.

There are three attestation levels; the STIR/SHAKEN standard defines them as:

Full Attestation (A)

The signing provider shall satisfy all of the following conditions:
– Is responsible for the origination of the call onto the IP-based service provider voice network.
– Has a direct authenticated relationship with the customer and can identify the customer.
– Has established a verified association with the telephone number used for the call.

Partial Attestation (B)

The signing provider shall satisfy all of the following conditions:
– Is responsible for the origination of the call onto its IP-based service provider voice network.
– Has a direct authenticated relationship with the customer and can identify the customer.
– Has NOT established a verified association with the telephone number being used for the call.

Gateway Attestation (C)

The signing provider shall satisfy all of the following conditions:
– Is the entry point of the call into its VoIP network.
– Has no relationship with the initiator of the call (e.g., international gateways).

How is thinQ by Commio Implementing STIR/SHAKEN?

The initial deadline set by the Federal Communications Commission for Commio to be compliant with the STIR/SHAKEN has now passed (as of June 30, 2021.) As your voice service provider, we’ve launched our communication plan to keep you informed of this important milestone and what we’re doing to combat illegal robocalls.

What changed on June 30?

As shared last month on our STIR/SHAKEN webinar – see above – we explained how it works, why it’s being rolled out, what it’s designed to do when fully implemented in the future, and more. It is important to understand that while the first implementation milestone has now passed, this is just the beginning.

  • As of June 30, all voice service providers (VSPs) were required to register with the robocall mitigation database and certify to what degree STIR/SHAKEN has been implemented.
  • We completed our registration prior to the deadline, and have certified our current implementation.
  • Providers with less than 100K subscribers have an additional two years – June 30, 2023 – to complete the implementation. In addition, because STIR/SHAKEN is only operational on IP networks, FCC rules require providers using older forms of network technology to either upgrade their networks to IP or actively work to develop a caller ID authentication solution that is operational on non-IP networks. This will delay full implementation across the industry.

How have we implemented STIR/SHAKEN at launch?

  • We’ve taken the regulatory steps that enable us to source telephone numbers and implement the STIR/SHAKEN protocol.
  • As a thinQ voice customer, we are registered so the calls you send through us are covered. Currently no traffic is being blocked based on registration status or call attestation (see below).
  • Starting on July 29, you will see an icon next to the initial carriers who support STIR/SHAKEN in the thinQ io portal. We’ll add icons as additional carriers are vetted.
  • We will pass your attestation if your calls are already signed.
  • We will initially provide B-level attestation for all calls terminating over carriers which have completed and tested STIR/SHAKEN on our network.

Phase Two: Late Q3 2021

  • Later this summer, we will give A-level attestation on thinQ-assigned numbers originating from assigned customers and authorized trunk IPs and terminating to a network with the STIR/SHAKEN icon.
  • International and unverified phone numbers will get C-level attestation.
  • As more carriers support it, icons will be added to thinQ io.
  • On September 28, 2021, carriers and VSPs may begin blocking calls from anyone who hasn’t registered with the robocall mitigation database. Additional details will be provided as this date approaches with any potential impacts.

STIR/SHAKEN will be most effective when implemented in parallel with a high degree of collaboration and cooperation with industry partners and our customers. The FCC has appointed US Telecom to lead the Industry Traceback Group (ITG) efforts, of which we are an Affiliate Member, as part of the overall plan to combat this issue.

Our Customer Success team is here to answer your most pressing questions about how Commio is implementing STIR/SHAKEN in the short and long term. Reach out to your account manager or email support@commio.com.

Date posted: August 8, 2021

Topic: CPaaS   Inbound Voice   Outbound Voice  

Tags: Caller ID   Robocalls   STIR SHAKEN  

Michael Tindall

Michael Tindall leads Commio's product development and engineering teams. While attending Clemson University, Michael co-founded Tsoft Solutions, purchased by ClearSky Networks. Next he built and ran support for US Networks. Michael then worked for Bandwidth till he was approached by Aaron Leon to build a cloud-based routing system. The rest is history. Michael is a “40 under 40” winner, and one of only 18 OpenSIPS Certified professionals worldwide. When not coding the future of telecom, you’ll find him enjoying movies, cars, entertaining, and exercising.

Recent posts from Michael Tindall

Get the latest from Commio

We’ll send you one email a month featuring our latest blog content.