STIR/SHAKEN Compliance Heralds Phone Renaissance
Doug Green, publisher of Telecom Reseller, recently interviewed Neustar’s Senior Vice President and General Manager, Communications Solutions, James Garvert, for his Countdown to STIR/SHAKEN Compliance podcast, about the fast-approaching June 2021 deadline. Here’s a recap of the podcast.
Doug: What exactly is STIR/SHAKEN?
James: The STIR/SHAKEN call authentication framework enables originating carriers to attest to phone calls. That means they know the phone numbers that are originating on their network, as well as the customers. That allows terminating carriers to verify and validate that the STIR/SHAKEN digital signature is legitimate, and the call has not been spoofed.
Doug: As carrier, you're actually standing by every single phone call you hand off, every call that you deliver on behalf of your customer?
James: That's correct. One of the biggest issues associated with robocalls is the lack of trust in the actual caller ID, the 10-digit phone number. STIR/SHAKEN is a tool that helps remove the ability for bad actors to spoof phone numbers.
Doug: What's the implementation deadline?
James: The deadline is June 30, 2021. The TRACED Act, which was signed into law in December of 2019, basically gave carriers a year and a half to implement STIR/SHAKEN within their network, and start signing their calls. We've seen a significant number of carriers get on board and start implementing that. But that law also requires that carriers that can’t deploy STIR/SHAKEN must implement some sort of robocall mitigation, or their calls are at risk of being blocked.
Doug: Let's explore that a little bit, because I'm hearing two things here that I think we all need to think about. First of all, this isn't just some regulation that bureaucracy has come up with, and they're implementing. This is actually the law of the land, a signed law?
James: It is a signed law. When you think about the environment of politics here in the U.S., illegal robocalling is one that actually has broad bipartisanship associated with it. It's one of those rare things that unites both the left and the right. No one likes to get a robocall. And the enforcement mechanism is in place. This is a very serious issue, and the Federal Communications Commission (FCC), the government, and the carriers are working hard to implement this, and show results, ultimately, to the end consumer.
Doug: Now what I'm also hearing is that no one should be thinking, well, I'll be slapped with a fine, and I can appeal it.
James: That's correct. Carriers can now refuse to accept traffic, block traffic, with the blessing of the FCC, if the originating carriers are not implementing a robocall mitigation solution within their networks. What that means is that it's not just calls coming from the carrier as a company. It's every customer phone call they're managing would now be blocked.
Carriers must document how they are implementing STIR/SHAKEN and/or Robocall Mitigation solutions in the new FCC Robocall Mitigation Database.
Doug: And I'm guessing this will happen to someone. We're probably pretty confident that somewhere in this country will be a carrier who wakes up to find out that none of their customers are able to place literally a phone call?
James: That's correct, and that'll be an unfortunate day. But there are ways these carriers can quickly implement either arobocall mitigation service, or a STIR/SHAKEN implementation solution to comply.
Doug: Are we at the point where we know how this will roll out? If you're not in compliance, would you get an email notice?
James: It's incumbent upon the originating carriers to know whether they're in compliance or not. There are not going to be mass emails out there. Established carriers, with a 499 filed with the FCC, know this is a requirement. They need to work through the Governance Authority (GA) and Policy Administrator (PA) to be an approved STIR/SHAKEN implementation.
Doug: We're staring right at the deadline. If I'm a carrier, how do I know I'm actually in compliance?
James: You must be certain that you have gone to the Policy Administrator (PA), and that you have your certificates from an approved Certificate Authority (CA), like Neustar. If you can’t deploy STIR/SHAKEN, you must have a robocall mitigation solution in place, and you have to indicate that in the Robocall Mitigation database.
Doug: Is it too late for me to get ready, if I'm not ready?
James: It's not. But what it has come to now, from an implementation standpoint, is you probably don't have time for an on-premises network solution. You would need a hosted solution. There’s no time to waste. You have to get this deployed and implemented as soon as possible.
Doug: Does your company have a solution?
James: Our Certified Caller solution provides the infrastructure for many, many carriers, some of the largest carriers here in the U.S. We're already signing billions of calls every month associated with our solution. Both signing it on the front-end, and verifying it on the terminating end.
Doug: It would be a real disaster for an airline, or a school district, or a hospital, or maybe a managed service provider, or channel partner company to wake up one morning and find out they can't make calls. How would you know that your carrier is compliant?
James: One way is to pick up the phone and ask them. Another option is the ability for large enterprises to sign their own calls. We’re working on this with some of the largest enterprises out there who generate a significant amount of phone calls.
It’s really important for all U.S. carriers to lean into this and get it implemented. Because at the end of the day, it's about restoring trust in the phone channel.
Doug: Let's dive into the international just a bit. Right next door, we have Canada. How are they managing it? What should we understand about Canada?
James: Canada is implementing the SHAKEN standard as well. Neustar is the Certificate Authority (CA) as well as the Policy Administrator (PA). We provide our software to over 90% of the lines up in Canada across many of the largest carriers there. So, we know that they arereally moving forward quickly on getting this implemented. The CRTC, which is the FCC of Canada, recently provided an extension to carriers to November of this year.
Other countries are also concerned about robocalls. They know that, as the U.S. and Canada make it harder for bad actors to perpetrate their fraud, those bad actors are going to move to other countries. They're not just going to give up.
Doug: It seems to me that these steps will, as you were saying before, restore trust in a very needed form of communication.
James: One of the exciting things with call authentication is the ability to revolutionize voice calling. When you think about all the smartphones that are out there, and all the innovation that has happened with them, ironically the phone app is the least updated app across all devices.
And now that we have call authentication standards in place, you can add more context and information to these phone calls. Not only will you see a phone number that shows up, which, at this point in time nobody trusts, no you can see a logo, location, social media, and more context as to why that person is reaching out to you, so you can trust and engage in that call. This is something that we've already rolled out partially here in the U.S. with our Branded Call Display (BCD) solution.
Enterprises are seeing incredible increases in answer rates associated with the launch of this - up 80, 90, even 100%.
Doug: It sounds like there's also an opening here to really create a renaissance for voice.
James: That's a great way to talk about it, Doug, a new renaissance is here that'sassociated with voice calling. And it's really going to improve the engagement between enterprises and their customers.
Neustar’s portfolio was created for carriers to help meet the FCC’s deadlines, put an end to illegal robocalls and restore trust to the phone. Neustar's Certified Caller, which is compliant with STIR/SHAKEN, validates Caller ID, enables digital signatures, and detects and warns of call spoofing. Our Robocall Mitigation Solution works in conjunction with STIR/SHAKEN to identify the unauthorized and suspicious use of phone numbers, and detect trends and anomalies in calling patterns.