All articles

What Is STIR/SHAKEN?

STIR/SHAKEN is a framework designed by the Federal Communications Commission (FCC) to reduce robocalls by verifying the digital signature of the outbound call. This ensures that the call is coming from a legitimate business and not a scammer or spammer. Let’s break it down further. 

STIR

STIR stands for Secure Telephony Identity Revisited. It is an Internet Task Engineering Force (IETF) group that monitors and allows cryptographic signatures for VoIP phone calls. These digital signatures use SIP data to provide details like caller identity and origin to ensure the caller has proper authorization.

SHAKEN

SHAKEN stands for Secure Handling of Asserted Information Using Tokens. It is a standard that ensures network carriers are implementing STIR to authenticate calls received over the network. 

Together, STIR/SHAKEN are standards and protocols used to implement call authentication over the IP network. Carriers declare the validity of caller IDs and monitor for corruption along the way. It is important to note that this framework helps detect fraudulent calls but does not prevent them. This means that your customers may still be suspicious of unidentified calls and, as a result, not answer the phone.

How Was STIR/SHAKEN Created?

We have all picked up the phone only to be annoyed by a robot on the other end. Not only are these calls irritating, but they cost companies billions of dollars in lost time and revenue every year.

To combat this problem, the TRACED Act, Telephone Robocall Abuse Criminal Enforcement and Deterrence, was signed into law in December 2019. The purpose of this legislation aims to prevent telemarketers and scammers from making illegal robocalls and reduce spoofing. The act also requires the Federal Communications Commission (FCC) to oversee that network carriers implement STIR/SHAKEN technology. As a result, customers are better protected against malicious caller ID spoofing.

What Is STIR/SHAKEN Attestation?

In order to adhere to STIR/SHAKEN, network carriers are required to label each call with a different attestation level. These three levels are determined after carriers have verified the call source and the phone number. The data is then relayed to the carrier’s network, which allows the appropriate caller ID to be shown to customers. 

Full Attestation (A)

Full Attestation, represented by character “A,” is the highest level you can receive from the STIR/SHAKEN framework. It means that the carrier has verified the caller’s identity and given authorization for usage of the phone number. 

Partial Attestation (B)

Partial Attestation, represented by character “B,” is given when the carrier can identify the location of the caller, but can not verify if the user has the authorization to use the phone number. This level is often given to new companies that have yet to register with the carrier. 

Gateway Attestation (C)

Gateway Attestation, represented by character “C,” is given when the carrier can verify where the call was received, but can not pinpoint the call’s origination location. A Gateway Attestation means that the call isn’t authenticated and is often assigned to international gateway calls.

How Does STIR/SHAKEN Work?

These are the seven steps for the STIR/SHAKEN process to help you understand exactly how the framework is structured. Each of these steps occur at lightning speed every time a call is made.

  1. Invite is sent. When a call is made, a SIP invite is sent to the network carrier. This invite is used to initiate a call session and contains information that identifies the caller.
  2. Attestation is determined. After the caller has sent the invite, the carrier can start the process of verifying the call source and phone number. The network carrier checks the call source and the calling number and assigns an attestation level (A, B, or C).
  3. SIP header is created. Once the attestation has been given, the carrier creates a SIP header. The SIP header contains key identity information such as caller ID, phone number, current timestamp, attestation grading, and origination identifier. 
  4. SIP header is shared. Until this point, the process was conducted entirely on the carrier side, as they’re the call originator. At this step, the originating carrier sends the SIP header to the network carrier being used by the call receiver.
  5. SIP header is verified. After reviewing the contents of the SIP header, the receiving carrier shares the header with a verification service. When the verification service receives the header, it is put through multiple tests to verify that the call is not spoofed. The results of the tests are sent from the verification service, and then to the receiving network carrier. If the call is perceived to be a spoofing attack, it will be sent back to the carrier with a warning of potential spoofing.
  6. Call is made. Now that the call has been authenticated, the carrier sends it through to the intended recipient with the correct caller ID.

How Hiya Can Help You

While a STIR/SHAKEN framework helps your customers see when calls are likely to be nuisance calls, they still aren’t likely to answer unless they know exactly who is calling. The best way to identify your calls is to display Branded Caller ID. Hiya’s Branded Call feature allows your company to display your company name, logo, reason for calling, and more. This additional information encourages your customers to answer the phone, resulting in improved outcomes for everyone involved. Download our Beyond Caller ID eBook to learn more about how you can build trust with your customers.

Download Beyond Caller ID eBook

 

Author Alicia Marie Beatty

Content Marketing Manager at Hiya

mail_icon

Subscribe to the Hiya blog

We publish a new post about once a week.