As timelines for STIR/SHAKEN implementation, mandated by the TRACED Act, move closer and closer, conversations about call authentication through STIR/SHAKEN have started to trump conversations about call blocking and labeling analytics. There is a lot of information published online about STIR/SHAKEN, some technical, some hypothetical, but our purpose here is to discuss the challenges associated with STIR/SHAKEN call authentication and the enterprise caller.
Let’s start with some definitions. In the STIR/SHAKEN standard, “Verified Caller” is the end result to be presented at the terminating side of the call. This verified status will be visually depicted on the called party’s mobile device with a graphic icon such as a green checkmark, which will let you know the calling party (ex. USA Hospital via the phone number 111–222–444) has been verified through STIR/SHAKEN.
There are data checks necessary to present Verified Caller to the called party. There are also various parties involved in the data checks, as well as two competing solutions (Delegated Certificates Solution vs. Central Repository Solution) proposed by the industry to capture and elevate those data checks to the point of entry where verified calling entities enter the STIR/SHAKEN framework.
To achieve Verified Caller, the STIR/SHAKEN standards define two data checks to be performed by the originating service provider. These involve vetting and verifying the enterprise through a ‘Know Your Customer’ (KYC) process as well as a verification process to ensure the entity is authorized to use the phone number. This may sound straight forward as a concept, but when put to practice in real-world call center examples, it becomes way more complex.
The majority of originating service providers cannot actually attest to the authorized number + verified identity of the call originating on their network for enterprise callers such as hospitals, schools, utility, government entities, and more. This is because the originating service provider does not have a direct relationship with the calling enterprise — the enterprise may be nested a few levels down, behind a BPO and a CPaaS provider, for example. Therein lies the complexity of the originating service provider “vouching for” a business they don’t actually know and have never directly interacted with. This is where the KYC process is required to connect the dots between the originating service provider, and the brand actually represented in the call (the enterprise caller) and its associated phone number to be displayed to a called party.
So where does all of this magic happen?
Through STIR/SHAKEN, the entry point for the verified calling enterprise (number + identity) sits on the originating carrier side. The identity of the enterprise needs to be elevated up to the originating service provider (OSP) in order for the OSP to pass the Verified Call through the network over to the terminating side. Without the elevation of the caller’s identity (plus phone number), the OSP will not be sure who is actually behind the content of the call, and will not be able to fully attest to the verified (or not) status of the call. This is a gap that can be filled with a KYC process to verify the relationship between the various parties. This is a process that exists today and has been employed by Numeracle to ensure trusted callers are vetted, verified, and properly identified across the calling ecosystem.
The STIR/SHAKEN Verified Caller endpoint, where the depiction of a Verified Call visually takes place, happens on the terminating carrier side. This carrier is oftentimes different than the originating carrier and thus relies on the authenticated information passed from call origination to call termination.
The challenge in the standards and in the industry is how to securely and reliably identify the calling enterprise alongside the appropriate phone number and elevate this trusted relationship to the point of entry for STIR/SHAKEN to facilitate call signing at the terminating side.
Whether you are an enterprise caller, BPO, CPaaS, RespOrg, or service provider, multiple stakeholders play a role to coalesce the enterprise identity and phone number and elevate it to the entry point. There is no one solution, no one responsibility to make this happen; it is collaborative.
To facilitate this collaboration and open, transparent discussion, Numeracle brought a panel of STIR/SHAKEN subject matter experts together on June 18, 2020 for a virtual event titled: “How to Become a Verified Calling Enterprise in STIR/SHAKEN.”
For more information on the vetting and verification of your enterprise calling identity today, via call blocking and labeling analytics, or tomorrow, via STIR/SHAKEN, contact us at numeracle.com/contact.
