Genesys Cloud support of the STIR/SHAKEN mandate
As of June 30, 2021, the US Federal Communications Commission (FCC) has mandated a new robocall mitigation framework known as STIR/SHAKEN (Secure Telephone Identity Revisited/Signature-based Handling of Asserted Information Using toKENs). Genesys is implementing plans internally and in concert with our carrier partners to be compliant with FCC requirements for the STIR/SHAKEN mandate.
What is STIR/SHAKEN?
The goal of the STIR/SHAKEN mandate is to reduce the number of illegal robocalls placed to US telephone customers by making it easier to verify that a caller is actually who they say they are. More specifically, STIR/SHAKEN provides a framework to certify or attest the call source and their right to use the calling number.
In this framework, calls are signed or attested to by the originating carrier and then verified by the terminating carrier. For this system to function properly, there are three attestation levels:
- Full Attestation (A) — The service provider has authenticated the calling party and they are authorized to use the calling number.
- Partial Attestation (B) — The service provider has authenticated the call origination, but cannot verify that the call source is authorized to use the calling number.
- Gateway Attestation (C) — The service provider has authenticated from where it received the call, but cannot authenticate the call source.
By itself, STIR/SHAKEN will not stop illegal spoofing/robocalling, but will make it easier to trace the source of illegally spoofed calls and illegal robocalling.
What is the Genesys plan of action?
Genesys is implementing plans internally and in concert with our carrier partners to be compliant with FCC requirements for the STIR/SHAKEN mandate. Our current plan of action calls for the following:
- Submitting a Robocall Mitigation Plan to be registered in the FCC database as a certified provider.
- Working with multiple carriers to make sure that the right level of attestation is being provided to calls originated by Genesys.
- Working with third-party vendors on solutions for Genesys-provided phone numbers to be registered within the databases used by the carriers for their analytics.
- Filing an OCN (Operating Company Number) to enable Genesys to sign calls directly in the future.
In the long term, Genesys hopes to be able to improve our services to include:
- Enabling Genesys to sign/attest calls originating from Genesys.
- Enabling Genesys to directly verify inbound call signatures and integrate capabilities to leverage call metadata for call handling.
How does the attestation level affect call completion?
Our initial expectation is that the attestation level will have little to no affect on call completion.
Will calls be blocked if they don’t get an “A”?
No, in fact, carriers don’t want to block any calls except for illegal calls. They make money on minutes for complete calls!
Will the attestation level affect how calls are labeled (for example “Spam Likely”)
Potentially, but not likely initially. Call “labeling” is a matter of analytics used by the terminating phone carriers and attestation level may impact algorithms at some point.
Who is responsible for labeling calls at the receiving party’s end?
The terminating carrier (for example, the wireless carrier) provides caller ID, caller name, or other labels as part of their service.
Will all calls in the US have a STIR/SHAKEN attestation?
No, only calls originated as SIP calls will be signed. Traditional TDM infrastructure does not currently have a technical mechanism to implement STIR/SHAKEN. That also means that calls originated as SIP that traverse TDM PSTN elements will lose the signature and potentially be re-signed as SIP.
Why are some of my outgoing calls already being labeled as “Spam Likely” or some other designation?
Downstream analytics vendors use various techniques to label calls, including crowd-sourced complaints, unusual calling patterns (high-volume, rapid call rates), and so forth, which can indicate spam. Also, legitimate businesses may already be victims of spoofing (bad actors using someone else’s numbers).
What can a customer do to maximize their call completions?
Use valid PSTN phone numbers assigned to the customer. Register their numbers with Free Caller Registry key analytics vendors know who the customer is and they can take that into account in the “labeling” algorithms. The key vendors that work with the major wireless carriers are First Orion, Hiya, and TNS.
Why is there industry uncertainty about exactly what will happen starting July 1, 2021?
As of July 1, 2021, carriers are required to comply with FCC mandates by filing a “Robocall Mitigation Plan” and some may not be ready to actually “sign” calls. Also, it remains to be seen how attestation levels will impact “labeling” analytics employed by terminating carriers. Most of all, call “blocking” is not expected proactively, but rather reactively, by having better traceback mechanisms for illegal calls.
What level of attestation “A,” “B,” or “C” will Genesys Cloud Voice customers’ calls receive?
All calls egressing from Genesys Cloud using Genesys Cloud Voice will receive either an Attestation “A” or “B.” There are no scenarios where Genesys Cloud Voice-originated calls will receive an attestation “C.”
How does this affect BYOC customers who bring their own PSTN to Genesys?
Customers need to consult with their carrier about how their calls will be signed.
Can Genesys tell how a call is viewed at the receiving party?
No. Originating carriers do not know the routing on a call-by-call basis. Any particular call can traverse multiple hops through the PSTN, and even different routes at different times.
What services is the telecom industry pursuing to help legitimate businesses better communicate with their customers?
Genesys is already seeing ecosystem development for services to provide not just attestation elevation but more importantly rich call data or branded calling. When used in concert with STIR/SHAKEN technologies, these other services will help call recipients know that the call they are receiving is legitimate. Furthermore, these services can potentially provide other indicators for the call.
Where can I find information from the FCC concerning STIR/SHAKEN?
For more information on STIR/SHAKEN, see the Combating Spoofed Robocalls with Caller ID Authentication article on the FCC website.