If you’re one of those telcos wondering about STIR/SHAKEN requirements and how to comply with them, you’ll find a lot of useful information in our recent webinar. You can watch the full recording to get all the details (find a time-stamped topic list below), or read on for a summary of what we discussed.
STIR/SHAKEN is a framework that aims to increase trust in telecommunication by preventing Caller ID spoofing. It applies to all telcos that send calls with North American Numbering Plan numbers (basically, it includes all calling numbers starting from 1), whether they’re located in North America or overseas. For most North American operators, the deadline for implementation is June 30, 2021. Missing this deadline or its grace period of 90 days (till September 30) could have serious consequences, including calls being blocked by intermediate service providers.
Even if you’re not distributing US phone numbers to your customers and know for sure that STIR/SHAKEN requirements don’t apply to you, don’t leave just yet. It’s still worth understanding how the concept works, since other countries might soon introduce similar regulations.
These are some of the topics we covered during the webinar:
- What exact steps you need to take to comply with STIR/SHAKEN (minute 14:15 of the recording)
- What a digital signature for telephone numbers is, and what information it consists of (31:24)
- End-to-end call flow in PortaSwitch (34:45)
- Attestation levels, and how Caller ID can be both spoofed and verified by the SHAKEN framework at the same time (37:30)
- PortaSwitch configuration for STIR/SHAKEN support (44:03); or, you can also explore the PortaSIP Admin Guide
For your convenience, we’ve made available both the webinar presentation and the implementor’s checklist:
- Normalize vendor connections:
- over TCP,
- e.g., 164 without any “+” prefixes.
- Update to MR90.
- Get a certificate token, connect with TransNexus.
- Configure and assign “Stir signature required” service policy to vendor connections, including internal ones.
- Configure how to display verification results (per product).
- Per customer:
- configure override Identity,
- configure override Display Number,
- configure Attestation level.
- Prepare policies on how to maintain Caller ID and Attestation level configuration.
At the webinar, we also had a very productive Q&A session. Here are the highlights:
Q: Which PortaSwitch releases support STIR/SHAKEN?
A: PortaSwitch supports STIR/SHAKEN starting from MR90. Since the whole topic is new, we don’t yet know if it will be efficient to perform backport patches for older releases. Please contact your PortaOne support team for further information. Meanwhile, we encourage you to consider a software update to MR90. While the update is in process, you can implement a Robocall Mitigation Program and apply for an extension of the STIR/SHAKEN implementation deadline.
Q: What is the price for STIR/SHAKEN support?
A: In PortaSwitch, we use Authentication and Verification services provided by TransNexus. PortaOne acts as a TransNexus reseller in this partnership: you can either contact TransNexus directly or enjoy the wholesale discount prices from PortaOne. Contact our sales department to find out more.
Q: What is the lag between the call origination and its authentication in TransNexus? And how are calls handled if TransNexus is not available due to an outage or network issues?
A: The lag depends on the location of your PortaSwitch server. In our experience, the latency between the US nodes is up to 100 milliseconds. Typically, the latency within applications is less than 30 milliseconds. TransNexus has plenty of customers outside of the US – no one has ever complained about the delay.
Q: If we are buying calling numbers and routing through a third party, is there any compliance we have to follow, or can we rely on our wholesale provider?
A: If you outsource STIR/SHAKEN compliance to your provider, they’ll be able to attest your traffic only at the С-level (the lowest level possible). If you want to attest your customers’ calls at the A-level, you need to comply yourself.
Q: Do providers have to register with the Secure Telephone Identity Policy Administrator AND with the FCC, or will STI-PA register with the FCC on their behalf?
A: You have to register with the FCC to certify that you’ve implemented SHAKEN support, and then you have to show STI-PA (it’s Iconectiv for the USA) that you’re certified with the FCC.
Q: In PortaSwitch, you can forward an inbound call to another PSTN number. Under Calling Party Display, you can change it from “Caller Number and Name” to “Forwarder Number and Name.” How does this fit into SHAKEN?
A: For the best result, you’ll need to use the calling party part rather than forwarding. Otherwise, the original headers (identity and calling party number) will not match. And here’s what’s even more critical: when you forward a call, the destination number changes – most likely, such calls won’t be verified by terminating providers as trusted.
Q: Does a US CSP that originates calls to Canada have to register with the Canadian regulator or follow the Robocall Mitigation Plan?
A: The framework for cross-border calls allows Canadian terminating service providers to recognize the US signatures correctly – and vice versa. It means that the US CSPs can sign their calls to Canada with a US authority certificate.
