The purpose of STIR/SHAKEN is to verify that the carrier knows their customer and that the customer is NOT making robocalls or fraudulent calls. It doesn't matter who the caller is or who the called party is. It matters that the call was made using a telephone number and that the type of network was VOIP or non-PSTN wireless. So All VOIP carriers not only need to have a Robocall Mitigation Plan in place. They need to get their OWN certificate/token assigned from an approved certificate authority company. It's easy to tell which carriers do not have their own certificate/token because when a certificate is assigned the carrier's name is listed on the STI-PA approved carrier list. https://authenticate.iconectiv.com/authorized-service-providers-authenticate Carriers who filed a robocall mitigation plan, but do not show up on the approved STI-PA approved carrier list are in danger of having their traffic shut down. Don't think the STI-PA will not notice or do anything! If you want to play Russian Roulette with your network, no one can stop you but I would highly suggest registering for a certificate if you haven't gotten one yet. In the last year, I've had several companies come to me that were contacted by the STI-PA and given 30 days to get their own certificate assigned. Filing a Robocall Mitigation Plan is not enough! You have to get your own token assigned! June 30, 2023 is NEXT MONTH so if you don't have it done, you don't have any time to waste! MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2023-05-31 03:13 PM, Alex Balashov wrote:
I once again hate to press this point further, but what exactly is meant by "your customer uses" and "another party"?
I don't mean this from a place of needless pedantry: there's a legitimate question here around what the limits of this concept are. Does the customer have to be human, and do the calls placed have to be manually dialed or automatically dialed on behalf of a human caller or agent of some sort? How "other" does the "another party" have to be?
For example, where would a (legitimate) outbound dialing service, such as an appointment reminder or other business automation service, fall on this spectrum? Since the beneficiaries of such an offering are third parties, presumably it is safe to say that the service provider is providing an originating voice service to a "customer" who "uses" it to make calls to "another party" not themselves.
But what about companies who are themselves internal consumers of such a service, i.e. have an in-house telephony apparatus of some sort?
What if the outbound calling is to members of one's own organisation and not to other parties, but on their personal mobiles?
I suppose I was never quite sure where the delineation for "interconnected VoIP provider" or "VoIP service provider" falls. I have a commonsensical idea of what that is, and in most cases whether a company is inside or outside this bracket is fairly self-evident. However, for purposes of this regulation, that may not be enough.
-- Alex
On May 31, 2023, at 4:03 PM, Mary Lou Carey <marylou at backuptelecom.com> wrote:
Anytime your customer uses a DID or Telephone Number to make a phone call to another party, that is an originating voice service. If the network you use / lease operates via a VOIP (Voice Over Internet Protocol) switch then you must have a STIR / SHAKEN certificate. If the underlying carrier you use has a direct trunking connection with the local ILEC / RBOC then you're most likely delivering via a PSTN connection.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2023-05-31 02:47 PM, Alex Balashov wrote:
On May 31, 2023, at 3:45 PM, Mary Lou Carey <marylou at backuptelecom.com> wrote: Any carrier that provides originating VOIP or a combination of originating VOIP / PSTN / Wireless VOICE services needs to get its own certificate I hate to press this point further, but must: what exactly are originating VoIP "services"?