Insights

STIR/SHAKEN: What service providers need to know

Image for STIR/SHAKEN: What service providers need to know

It’s an all too familiar call — the dreaded robocall, an annoying, automated, and potentially fraudulent phone call infecting ears for years. Some are useful, letting you know your flight is canceled or reminding you to show up to your dentist appointment. Millions, however, are illegal and trying to scam you and your customers.

Beginning July 1, 2021, the Federal Communications Commission (FCC) required all service providers to take certain steps to combat illegal robocalling. These requirements were set forth in different orders and laws, including the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act.

The most notable obligation imposed upon service providers is the requirement to implement STIR/SHAKEN call authentication for the Internet Protocol (IP) portion of their networks and have a robocall mitigation plan in place for all phone calls for which it has not implemented STIR/SHAKEN (including calls sent using Time Division Multiplexing (TDM)).

What is STIR/SHAKEN?

STIR/SHAKEN is a framework of interconnected standards defined by the FCC. It essentially provides the basis to ensure the authenticity of an IP phone call. It’s considered the first step to combat illegal robocalls.

What obligations must service providers meet to be compliant?

Sinch can’t offer you with legal advice, but our team thought it would be helpful to summarize your obligations under the various FCC rules and orders:

  • All service providers must have an FCC Registration Number (FRN), identification information for their company and a specific person named as a point of contact.
  • You must commit to cooperating with the FCC, law enforcement and industry traceback group in investigating and stopping illegal robocalling.
  • All service providers were mandated to register in the FCC’s Robocall Mitigation Database (RMD) by June 30, 2021.
  • You must have either implemented STIR/SHAKEN or certify in the RMD you have implemented an alternate robocall mitigation plan.
  • The FCC has not defined the specific robocall mitigation plans to be implemented, but a range of practical solutions may include, but are not limited to:
    • Provide verified caller ID information to end-users
    • Using call analytics to provide call treatment
    • Implementing a system from a vendor providing call monitoring and management
    • Implementing a strict “Know Your Customer” program to ensure bad actors are not sending calls
  • Traffic from service providers who were not registered in the RMD as of September 28, 2021, must be blocked by all intermediate and terminating providers.

As of September 28, 2021, you must not accept calls from other services providers who are not registered in the RDM.

How will Sinch support STIR/SHAKEN requirements?

Before June 30, 2021, Sinch implemented STIR/SHAKEN and passes along unaltered authentication information contained in the headers of calls using North American Numbering Plan Administration (NANPA) numbers.

Calls that do not contain authentication information will either be authenticated by Sinch at the appropriate attestation level or will be passed on as “unsigned” to the downstream provider. Unauthenticated calls are expected to be completed but may be labeled in a manner that is less likely to be answered by the recipient.

Are service providers eligible for FCC extensions?

As a solution for non-IP calls has not yet been approved, these calls are not subject to STIR/SHAKEN certification at this time. However, service providers are still required to register with the RMD. As part of the registration process, you must implement a robocall mitigation plan to combat the origination of illegal robocalls.

Providers with less than 100,000 voice service subscriber lines, qualify for a two-year extension, but still must register in the RMD and implement a robocall mitigation program to combat the origination of illegal robocalls during the extension period.

Where can I find out more about the FCC’s STIR/SHAKEN requirements for service providers?

In addition to the following resources, we recommend you discuss the rules with U.S. telecommunications regulatory counsel to ensure no interruption in service.

Find out how Sinch can help with your STIR/SHAKEN solution.

Related blogs