Know Your Customer and STIR/SHAKEN Protocol:
Introductions of STIR / SHAKEN
The Federal Communications Commission (FCC) issued an order related to telecommunications in 2019, which included requirements for “know your customer” (KYC) and “STIR/SHAKEN” protocols. Businesses collecting information in compliance with these requirements are doing so to help prevent fraudulent calls, protect consumers, and comply with FCC regulations.
The KYC requirement is a way for telecommunications companies and service providers to verify the identity of their customers and ensure they are not providing services to individuals or entities engaging in illegal activities. This requirement is aimed at preventing phone number spoofing, a technique used by fraudsters to make it appear as though a call is coming from a legitimate source when it is not.
STIR/SHAKEN is a set of protocols that provides a secure way to authenticate and verify the source of a phone call. STIR stands for Secure Telephone Identity Revisited, and SHAKEN stands for Signature-based Handling of Asserted information using toKENs. Essentially, STIR/SHAKEN allows callers to digitally sign their calls and service providers to verify the signature before connecting the call. This helps prevent spoofed calls and ensures that the caller ID information displayed to the recipient is accurate and trustworthy.
STIR/SHAKEN: A Deep Dive
STIR/SHAKEN is a transformative step in securing our phone communications. It sounds technical, but at its heart, it’s like a digital handshake between phones to ensure you’re speaking to who you think you are. Let’s break it down:
Digital Signatures: Imagine sending a sealed letter with a unique wax stamp that only you possess. Anyone receiving your letter would recognize it as genuinely from you by the unique seal. Similarly, when someone initiates a call, their “digital stamp” or signature is attached to that call. This is the core of STIR (Secure Telephone Identity Revisited).
Verification: Now, just having a seal isn’t enough. There needs to be a trusted entity that knows all the genuine seals and can spot a fake one. When the call reaches your service provider, it checks this seal to ensure it hasn’t been tampered with. SHAKEN (Signature-based Handling of Asserted information using toKENs) is this process. The provider doesn’t just pass on the call. It verifies the attached “stamp” against trusted records.
Tokens: You might wonder how these digital signatures or “stamps” are made. They are generated using something called ‘tokens’. These tokens contain information about the call’s origin and are encrypted to make sure no one can tamper with them. When we talk about SHAKEN using “toKENs”, it’s a nod to this critical component.
Caller ID Trustworthiness: After the digital handshake, if everything checks out, the call is sent to the recipient with a trustworthy caller ID. If something’s amiss, the call might be flagged or even blocked.
This protocol ensures that when your phone rings, and it says it’s your bank, doctor, or any other official entity, it genuinely is. STIR/SHAKEN adds layers of trust, making it harder for scammers to hide behind fake caller IDs.
Additional Security Measures:
To comply with these FCC requirements, businesses in the telecommunications industry must collect certain information from their customers, such as their name, address, and phone number, as well as other identifying information, such as a government-issued ID or Social Security number. This information is used to verify the customer’s identity and ensure they are not engaging in fraudulent activity.
In addition, businesses may also collect information related to the use of their services, such as the type of device used to make calls or the frequency and duration of calls made. This information is used to monitor for suspicious activity and ensure compliance with FCC regulations.
Overall, the collection of business information in compliance with the FCC’s KYC and STIR/SHAKEN requirements is aimed at protecting consumers and preventing fraudulent activity in the telecommunications industry. By verifying the identity of customers and ensuring the authenticity of phone calls, businesses can help restore trust in the telecommunications system and improve the overall security of phone communications.
Our company is fully committed to complying with the FCC’s KYC and STIR/SHAKEN requirements in order to ensure the safety and security of our clients and the public network as a whole. We recognize the importance of preventing fraudulent activity and protecting consumers from scams and identity theft, and we take this responsibility very seriously.
To this end, we have implemented robust systems and procedures for verifying the identity of our customers and monitoring for suspicious activity. We also regularly update our systems to stay current with evolving industry standards and best practices.
Our goal is to provide a secure and reliable telecommunications service that our clients can trust. We believe that by adhering to these policies and investing in the necessary infrastructure and technology, we can help to improve the overall safety and integrity of the public network.