[VoiceOps] STIR/SHAKEN for call centers

Paul Timmins ptimmins at clearrate.com
Wed Dec 2 16:58:44 EST 2020 

On 12/2/20 4:49 PM, Patrick Labbett wrote:
>
> However, it's not clear (to me) how the Attestation aspect of things 
> will work (and if it even effects the typical customer):
>
>   * Does just being a customer of the Originating Carrier give the
>     Call Center's calls Full Attestation?
>
That depends on the originating carrier's policies. They could attest A 
a number that they've verified to be yours.
>
>   * As a call center, if spoofing a number not owned/in inventory,
>     would that be Partial Attestation?
>
That depends on the originating carrier's policies. They could attest A 
a number that they've verified to be yours. Otherwise, they would attest 
B because they could verify the origin of the call, but not the accuracy 
of the caller ID.
>
>   * Does the owner/location of the spoofed number matter, i.e. :
>       o Partial Attestation: Number owned by Originating carrier, but
>         not by customer making call
>       o Gateway Attestation: Number not owned by Originating carrier
>         (and by extension not owned by customer making the call)
>
We mark forwarded calls as C, paying customers B, and customers we've 
taken the time to verify their ID as A. Some carriers do only A and C 
since customers can't specify their own caller ID (such as Comcast 
residential voice, or cell carriers)
>
>   * Will different Terminating carriers treat Attestation designations
>     differently?
>
Of course! My T-Mobile phone doesn't display signed calls in any 
specific way, but others may. Our customers get a [V] in front of the 
caller ID with name data if we verified attestation A, nothing for any 
other form of attestation or no validation at all.
>
>   * Is this largely a framework that carriers will implement some day
>     in the future?
>
The standards for how we treat this stuff are loose to give carriers 
flexibility in how they convey it to the customers.
> Am I way overthinking this? (Yes.)

Not nearly as bad as many!

My personal plan of attack for call centers:
>
>   * Document permission and business use case for numbers spoofed on
>     behalf of customers
>   * That's it - that's the whole plan.
>   * ????
>
> Aside from making sure my carriers know I exist and that I have 
> permission to use those numbers, what else is there?

Sounds good to me. For a lot of carriers, a simple explanation they can 
easily verify (like you call the number, and they answer with your 
client's name) is probably adequate.

-Paul


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20201202/e300d8c1/attachment-0001.htm>

More information about the VoiceOps mailing list