Who knew June 30th is Asteroid Day? The day declared to raise awareness and protect us from the dangers of space rocks is also the day chosen by the FCC to protect us against the dangers of robocalls.
This year, June 30th marks a new era in telecommunications security and consumer protection with the deadline for CSPs in the United States to implement STIR/SHAKEN—which stands for Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted information using toKENS (SHAKEN).
STIR/SHAKEN is a landmark in consumer protection intending to rebuild the public’s trust in telecommunications by requiring networks to validate calls and present a “validation mark” alongside the CLI on a consumer’s screen. This monumental shift will force CSPs to modernize infrastructure, change traditional call routings, and adopt stringent security standards. And if they don’t? They will face fines from the Federal Communications Commission (FCC) as well as denial of their outbound calls by other networks and intermediaries. To be STIR/SHAKEN compliant, CSPs must ensure both their IP and non-IP networks are protected.
So, What is Required?
IP networks will be required to meet the complete STIR/SHAKEN mandate. CSPs that originate IP calls on the SIP/VoIP portions are required to authenticate and sign those calls before they exit the network. CSPS are also required to validate signatures encountered in the signaling for externally originated IP calls that are terminating to their network. Because STIR/SHAKEN cannot operate on SS7 and lower signaling technologies due to its reliance on SIP Identity Headers, non-IP networks must meet different criteria. For non-IP networks, CSPs must implement a robocall mitigation program that takes “reasonable steps” to ensure that fraudulent robocalls are not being originated on that portion of the network. CSPs may also have the option to implement TDM-SHAKEN, an extension of the STIR/SHAKEN framework currently being deliberated by ATIS which represents a viable alternative to robocall mitigation for the non-IP portions of the network.
What About Operators Outside North America?
While STIR/SHAKEN is a US-only mandate, it impacts international carriers as well. A significant proportion of CLI-spoofed traffic originates overseas, and the FCC has mandated foreign carriers presenting traffic to the USA with NANP resources must certify that they are STIR/SHAKEN compliant or have a Robocall Mitigation program in place. If they do not do this, the receiving service provider in the USA will be required to reject their traffic.
June 30th is around the corner and CSPs must be ready for the STIR/SHAKEN deadline. While extensions are available, they offer only a short-term reprieve, and with the significant downside of lessening the network’s competitive advantage since all calls will be displayed as unvalidated.
netnumber Global Data Services' Guaranteed Caller helps networks be STIR/SHAKEN compliant quickly and easily across all IP and non-IP networks.
