Re: [VoiceOps] STIR/SHAKEN for call centers

Wed, 02 Dec 2020 13:59:22 -0800 

On 12/2/20 4:49 PM, Patrick Labbett wrote:



However, it's not clear (to me) how the Attestation aspect of things 
will work (and if it even effects the typical customer):


  * Does just being a customer of the Originating Carrier give the
    Call Center's calls Full Attestation?


That depends on the originating carrier's policies. They could attest A 
a number that they've verified to be yours.


  * As a call center, if spoofing a number not owned/in inventory,
    would that be Partial Attestation?


That depends on the originating carrier's policies. They could attest A 
a number that they've verified to be yours. Otherwise, they would attest 
B because they could verify the origin of the call, but not the accuracy 
of the caller ID.


  * Does the owner/location of the spoofed number matter, i.e. :
      o Partial Attestation: Number owned by Originating carrier, but
        not by customer making call
      o Gateway Attestation: Number not owned by Originating carrier
        (and by extension not owned by customer making the call)


We mark forwarded calls as C, paying customers B, and customers we've 
taken the time to verify their ID as A. Some carriers do only A and C 
since customers can't specify their own caller ID (such as Comcast 
residential voice, or cell carriers)


  * Will different Terminating carriers treat Attestation designations
    differently?


Of course! My T-Mobile phone doesn't display signed calls in any 
specific way, but others may. Our customers get a [V] in front of the 
caller ID with name data if we verified attestation A, nothing for any 
other form of attestation or no validation at all.


  * Is this largely a framework that carriers will implement some day
    in the future?


The standards for how we treat this stuff are loose to give carriers 
flexibility in how they convey it to the customers.

Am I way overthinking this? (Yes.)


Not nearly as bad as many!

My personal plan of attack for call centers:


  * Document permission and business use case for numbers spoofed on
    behalf of customers
  * That's it - that's the whole plan.
  * ????


Aside from making sure my carriers know I exist and that I have 
permission to use those numbers, what else is there?



Sounds good to me. For a lot of carriers, a simple explanation they can 
easily verify (like you call the number, and they answer with your 
client's name) is probably adequate.


-Paul



_______________________________________________
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops






















					Reply via email to