To begin this article we’ve included an important message from the US telecommunications council that might require your direct attention as related to STIR/SHAKEN compliance.

Message From The US Telecom Council:

All companies that sell or resell voice services of any type (VOIP, TDM, Wireless) OR any company that has an end-user customer they provide DIDs to are considered telecom carriers. It does NOT matter if you use upstream providers or not. It does not matter if you use another carrier’s certificate or not! If you provide DIDs to a paying customer for any reason you are considered a telecom carrier so you need to file a Robocall Mitigation Plan.

Instructions for Registering: https://www.fcc.gov/files/rmd-instructions

Register Here: https://fccprod.servicenowservices.com/rmd?id=rmd_welcome


STIR/SHAKEN stands for Secure Telephone Identity Revisited / Signature-based Handling of Asserted Information Using toKENs. It’s a set of standards that enables the originating service provider to pass along identifying information such as attestation level to the terminating service provider in order to demonstrate whether the source of a call is legitimate or not.

Attestation is an authoritative measure that specifies a level of confidence that a calling party number (i.e. someone placing a telephone call) is being used in a legitimate manner. The attestation level of each call indicates if the source of the call is “known” or “unknown” to the service provider.

A standard has been defined to specify the different levels of attestation. Here are the industry definitions and how Leap will apply attestation to calls over our network:


Level

Industry Standard (ATIS) Definition

Leap will assign to:

Full Attestation (A)

The service provider knows which customer originated the call and knows that customer is authorized to use the calling party number.    

Enterprise traffic where the call uses a Leap-assigned phone number, a number that was ported to Leap, or a number where Leap performs all or some of the inbound routing.

Partial Attestation (B)

The service provider knows which customer originated the call but does not know whether the customer is authorized to use the calling party number.    

Enterprise traffic where the call uses a calling party number that is unknown to Leap.

Gateway Attestation (C)

The service provider does not know which customer originated the call, only from where it received the call, such as from an international gateway.    

Leap does not assign C attestation to enterprise traffic (since Leap knows the customer). Leap will apply C only to unsigned traffic received from another network.


You may be using a legitimate and authorized number that is unknown to Leap and want to make sure your calls receive the A-level attestation. This is known in the industry as the “attestation gap.” While B attestation won't generally lessen call completion rates, we do have the ability to modify certain attestation levels in a manner that is compliant with industry standards and won’t require you to port your numbers to our network. 

Many terminating service providers use analytic engines to detect suspicious call patterns in an effort to minimize fraudulent calls and illegal robocalls. For suspicious calls, the analytic engines may block the traffic, send it direct to voicemail based on the preferences set by the called party, or simply generate a warning as part of the Caller ID display (i.e. “Spam Risk”). 

Using analytics to identify and block calls has been in place before STIR/SHAKEN. Even calls with A attestation could be blocked if other criteria tag the call as suspicious. It’s important to note that Leap does not use analytics to block your outbound or inbound calls. We will, however, identify incoming calls that have been scored as a risk by displaying “Spam Risk” as the Caller ID to the called party.

If you're concerned about any of your numbers being blocked, tagged as suspicious, or flagged as "Spam Risk" make sure you are populating the calling party number with either a full 10-digit phone number or an E.164 number including the leading ‘+1’. Don’t use an abbreviated phone number or an internal extension, and don’t leave the field blank. The calling party number should be a working, dialable phone number. This means that if someone calls the number back, they should be connected. You can also Register your calling party numbers with the leading analytic engines for wireless service providers at www.freecallerregistry.com.  Helping these engines recognize your company’s phone numbers can enable your calls to receive more accurate treatment. 

Leap is actively implementing STIR/SHAKEN and will apply it to all traffic. Our parent organization, Teliax, Inc., has received its STIR/SHAKEN SPC token from the Secure Telephone Identity Policy Administrator (STI-PA), which is granted to service providers who qualify under the policy to participate in the STIR/SHAKEN ecosystem. Teliax is listed as an Authorized Service Provider on the STI-PA’s website. We are compliant with the FCC’s deadline of June 30, 2021. Most customers will not need to make any changes to their equipment. In the rare case that you aren’t populating your numbers in a way that adheres to certain requirements, our white-glove support team will reach out to you.