Elevating the Enterprise to “Verified Caller” in STIR/SHAKEN
Bridging the gap between the enterprise caller and the point of entry to STIR/SHAKEN call authentication
Molly Weis, VP of Marketing
July 1, 2020
As timelines for STIR/SHAKEN implementation, mandated by the TRACED Act, move closer and closer, conversations about call authentication through STIR/SHAKEN have started to trump conversations about call blocking and labeling analytics. There is a lot of information published online about STIR/SHAKEN, some technical, some hypothetical, but our purpose here is to discuss the challenges associated with STIR/SHAKEN call authentication and the enterprise caller.
Let’s start with some definitions. In the STIR/SHAKEN standard, “Verified Caller” is the end result to be presented at the terminating side of the call. This verified status will be visually depicted on the called party’s mobile device with a graphic icon such as a green checkmark, which will let you know the calling party (ex. USA Hospital via the phone number 111–222–444) has been verified through STIR/SHAKEN.
There are data checks necessary to present Verified Caller to the called party. There are also various parties involved in the data checks, as well as two competing solutions (Delegated Certificates Solution vs. Central Repository Solution) proposed by the industry to capture and elevate those data checks to the point of entry where verified calling entities enter the STIR/SHAKEN framework.
To achieve Verified Caller, the STIR/SHAKEN standards define two data checks to be performed by the originating service provider. These involve vetting and verifying the enterprise through a ‘Know Your Customer’ (KYC) process as well as a verification process to ensure the entity is authorized to use the phone number. This may sound straight forward as a concept, but when put to practice in real-world call center examples, it becomes way more complex.
The majority of originating service providers cannot actually attest to the authorized number + verified identity of the call originating on their network for enterprise callers such as hospitals, schools, utility, government entities, and more. This is because the originating service provider does not have a direct relationship with the calling enterprise — the enterprise may be nested a few levels down, behind a BPO and a CPaaS provider, for example. Therein lies the complexity of the originating service provider “vouching for” a business they don’t actually know and have never directly interacted with. This is where the KYC process is required to connect the dots between the originating service provider, and the brand actually represented in the call (the enterprise caller) and its associated phone number to be displayed to a called party.
The STIR/SHAKEN Verified Caller endpoint, where the depiction of a Verified Call visually takes place, happens on the terminating carrier side. This carrier is oftentimes different than the originating carrier and thus relies on the authenticated information passed from call origination to call termination.
The challenge in the standards and in the industry is how to securely and reliably identify the calling enterprise alongside the appropriate phone number and elevate this trusted relationship to the point of entry for STIR/SHAKEN to facilitate call signing at the terminating side.
Whether you are an enterprise caller, BPO, CPaaS, RespOrg, or service provider, multiple stakeholders play a role to coalesce the enterprise identity and phone number and elevate it to the entry point. There is no one solution, no one responsibility to make this happen; it is collaborative.
For more information on the vetting and verification of your enterprise calling identity today, via call blocking and labeling analytics, or tomorrow, via STIR/SHAKEN, contact us at numeracle.com/contact.