[VoiceOps] All carriers must get their STIR/SHAKEN certificate by June 30th!

Mary Lou Carey marylou at backuptelecom.com
Wed May 31 17:01:36 EDT 2023 

The purpose of STIR/SHAKEN is to verify that the carrier knows their 
customer and that the customer is NOT making robocalls or fraudulent 
calls. It doesn't matter who the caller is or who the called party is. 
It matters that the call was made using a telephone number and that the 
type of network was VOIP or non-PSTN wireless.

So All VOIP carriers not only need to have a Robocall Mitigation Plan in 
place. They need to get their  OWN certificate/token assigned from an 
approved certificate authority company. It's easy to tell which carriers 
do not have their own certificate/token because when a certificate is 
assigned the carrier's name is listed on the STI-PA approved carrier 
list.

https://authenticate.iconectiv.com/authorized-service-providers-authenticate

Carriers who filed a robocall mitigation plan, but do not show up on the 
approved STI-PA approved carrier list are in danger of having their 
traffic shut down. Don't think the STI-PA will not notice or do 
anything!  If you want to play Russian Roulette with your network, no 
one can stop you but I would highly suggest registering for a 
certificate if you haven't gotten one yet. In the last year, I've had 
several companies come to me that were contacted by the STI-PA and given 
30 days to get their own certificate assigned. Filing a Robocall 
Mitigation Plan is not enough! You have to get your own token assigned!

June 30, 2023 is NEXT MONTH so if you don't have it done, you don't have 
any time to waste!

MARY LOU CAREY
BackUP Telecom Consulting
Office: 615-791-9969
Cell: 615-796-1111

On 2023-05-31 03:13 PM, Alex Balashov wrote:
> I once again hate to press this point further, but what exactly is
> meant by "your customer uses" and "another party"?
> 
> I don't mean this from a place of needless pedantry: there's a
> legitimate question here around what the limits of this concept are.
> Does the customer have to be human, and do the calls placed have to be
> manually dialed or automatically dialed on behalf of a human caller or
> agent of some sort? How "other" does the "another party" have to be?
> 
> For example, where would a (legitimate) outbound dialing service, such
> as an appointment reminder or other business automation service, fall
> on this spectrum? Since the beneficiaries of such an offering are
> third parties, presumably it is safe to say that the service provider
> is providing an originating voice service to a "customer" who "uses"
> it to make calls to "another party" not themselves.
> 
> But what about companies who are themselves internal consumers of such
> a service, i.e. have an in-house telephony apparatus of some sort?
> 
> What if the outbound calling is to members of one's own organisation
> and not to other parties, but on their personal mobiles?
> 
> I suppose I was never quite sure where the delineation for
> "interconnected VoIP provider" or "VoIP service provider" falls. I
> have a commonsensical idea of what that is, and in most cases whether
> a company is inside or outside this bracket is fairly self-evident.
> However, for purposes of this regulation, that may not be enough.
> 
> -- Alex
> 
>> On May 31, 2023, at 4:03 PM, Mary Lou Carey 
>> <marylou at backuptelecom.com> wrote:
>> 
>> Anytime your customer uses a DID or Telephone Number to make a phone 
>> call to another party, that is an originating voice service. If the 
>> network you use / lease operates via a VOIP (Voice Over Internet 
>> Protocol) switch then you must have a STIR / SHAKEN certificate. If 
>> the underlying carrier you use has a direct trunking connection with 
>> the local ILEC / RBOC then you're most likely delivering via a PSTN 
>> connection.
>> 
>> MARY LOU CAREY
>> BackUP Telecom Consulting
>> Office: 615-791-9969
>> Cell: 615-796-1111
>> 
>> On 2023-05-31 02:47 PM, Alex Balashov wrote:
>>>> On May 31, 2023, at 3:45 PM, Mary Lou Carey 
>>>> <marylou at backuptelecom.com> wrote:
>>>> Any carrier that provides originating VOIP or a combination of 
>>>> originating VOIP / PSTN /  Wireless VOICE services needs to get its 
>>>> own certificate
>>> I hate to press this point further, but must: what exactly are
>>> originating VoIP "services"?

More information about the VoiceOps mailing list