Blog
The age of mobile enterprise collaboration. Are we there yet?
Read More
This article does not constitute legal advice or may not include the most up-to-date regulatory or technical information. Readers should contact their attorney regarding the legal impacts of STIR/SHAKEN on your company.
Remember when it was safe to answer the phone, even if you weren’t sure who was on the other end of line? Nowadays, if you’re like 70% of Americans, chances are you don’t answer unrecognized calls. It’s no wonder that this number is so high with an estimated 4 billion robocalls per month! Consumers have to deal with their phones constantly ringing with spam calls or potentially being duped into a scam. On the other hand, businesses have to worry about not being able to get their calls through to their customers due to spam tagging or customers not picking up for unrecognized numbers.
Communications providers have been working to fight telephone fraud by using analytics engines to block or tag suspected illegal calls. There has also been support from Congress, such as the passing of the TRACED Act in 2019, which attempts to shed light into true caller identity and requires communications providers to implement a framework known as STIR/SHAKEN by June 30, 2021.
While there is a lot to understand about the nuts and bolts of STIR/SHAKEN, we wanted to provide some information on the key things you need to know, how it impacts your business, and what IntelePeer is doing for our customers.
What is STIR/SHAKEN?
STIR/SHAKEN stands for Secure Telephone Identity Revisited / Signature-based Handling of Asserted Information Using toKENs. (Say that 5 times fast!) It’s a set of standards that enables the originating service provider to pass along identifying information such as attestation level to the terminating service provider to demonstrate whether the source of a call is legitimate or not.
What is attestation?
Attestation is the originating service provider’s level of confidence that a call’s calling party number is being used by an authorized caller. While it may look like a report card, the attestation levels indicate if the source of the call is “known” or “unknown” to the service provider.
Here’s a look at the different types and how IntelePeer will apply attestation to calls over our network:
| Level | Industry Standard (ATIS) Definition | IntelePeer will assign if: |
|---|---|---|
| Full Attestation (A) | The service provider knows which customer originated the call and knows that customer is authorized to use the calling party number. | Enterprise traffic where the call uses an IntelePeer-assigned phone number, a number that was ported to IntelePeer, or a number where IntelePeer performs all or some of the inbound routing. |
| Partial Attestation (B) | The service provider knows which customer originated the call but does not know whether the customer is authorized to use the calling party number. | Enterprise traffic where the call uses a calling party number that is unknown to IntelePeer. |
| Gateway Attestation (C) | The service provider does not know which customer originated the call, only from where it received the call, such as from an international gateway. | IntelePeer does not assign C attestation to enterprise traffic (since IntelePeer knows the customer). IntelePeer will apply C only to unsigned traffic received from another network. |
You may be using a legitimate and authorized number that is unknown to IntelePeer and want to make sure your calls receive the A level attestation (as fellow overachievers, we get it.) This is known in the industry as the “attestation gap.” While B attestation typically doesn’t impair call completion, we have methods to elevate the attestation that are compliant with industry standards and won’t require you to port your numbers to our network.
How do analytics engines work to identify and block calls?
Terminating service providers use analytic engines to detect suspicious call patterns to try to stop fraudulent calls and illegal robocalls. For suspicious calls, the analytic engines may block the traffic, send it direct to voicemail based on the preferences set by the called party, or simply generate a warning as part of the Caller ID display (i.e. “Spam Risk”).
Using analytics to identify and block calls has been in place before STIR/SHAKEN. Now with STIR/SHAKEN in the mix, analytics engines may incorporate it as one of the factors included in the evaluation. Even calls with A attestation could be blocked if other criteria tag the call as suspicious. It’s important to note that IntelePeer does not use analytics to block your outbound or inbound calls.
How can you prevent analytics engines from blocking calls?
The good news is that there are a few things you can do with your calling party number that will help make sure your legitimate calls get through:
- Make sure you are populating the calling party number with either a full 10-digit phone number, or an E.164 number including the leading ‘+1’. Don’t use an abbreviated phone number or an internal extension, and don’t leave the field blank.
- The calling party number should be a working, dialable phone number. This means that if someone calls the number back, they should be connected.
- Register your calling party numbers with the leading analytic engines for wireless service providers at www.freecallerregistry.com. Helping these engines recognize your company’s phone numbers can enable your calls to receive more accurate treatment.
What is IntelePeer doing for STIR/SHAKEN and to combat fraud?
IntelePeer is actively implementing STIR/SHAKEN and will apply it to all traffic originating from SIP trunks or CPaaS (SmartFlows and Engage). IntelePeer has received its STIR/SHAKEN SPC token from the Secure Telephone Identity Policy Administrator (STI-PA), which is granted to service providers who qualify under the policy to participate in the STIR/SHAKEN ecosystem. We are listed as an Authorized Service Provider on the STI-PA’s website. We are on track to comply with the FCC’s deadline of June 30, 2021. Most customers will not need to make any changes to their equipment. In the rare case that you aren’t populating your numbers in a way that adheres to certain requirements, one of our engineers will contact you to address it.
As a trusted communications provider to enterprises, IntelePeer has zero tolerance for unlawful robocalls and has implemented multiple processes to prevent and address fraud on our network. We collaborate with industry regulators and the Industry Traceback Group (ITG) to be a part of the solution against scams.
We also are working on some exciting new capabilities for call authentication and calling number reputation to help our customers improve their call completion rate, so stay tuned!
To learn more about our plans for STIR/SHAKEN or address any questions you may have, please reach out to your dedicated IntelePeer account rep or contact us today.