Skip to main content

What Are the Attestation Levels for STIR/SHAKEN?

Understanding call authentication solutions

STIR/SHAKEN is an industry-developed protocol and framework designed for robocall mitigation and to combat illegal call spoofing by verifying a caller’s identity. It's a key call authentication solution for branded calling. All communications service providers (CSPs) in the US were mandated by the Federal Communications Corporation (FCC) — under the US Federal TRACED Act — to implement STIR/SHAKEN call authentication by June 30, 2021.

  • STIR (Secure Telephony Identity Revisited) is a set of technical standards and was developed to verify a calling party is authorized to use a specific telephone number.
  • SHAKEN (Signature-Based Handling of Asserted information using toKENs) provides a governance framework for service providers to use when implementing STIR-using IP networks.

STIR/SHAKEN is a vital component to achieving secure branded calling for businesses. Under STIR/SHAKEN, when a call is made, the originating service provider (OSP) obtains a token (credentials) proving the phone number is associated with who it says it is — and then shares it with the STIR/SHAKEN certificate authority (CA) to get a certificate. The certificate allows the OSP to digitally sign its calls.

Read the blog: What Are the STIR/SHAKEN Requirements?

What are the benefits of STIR/SHAKEN?

One of the reasons the FCC selected STIR/SHAKEN as the call authentication standard is it utilizes a combination of technical, regulatory and behavioral solutions to establish a chain of trust. STIR/SHAKEN digitally validates the hand-off of phone calls passing through a complex web of telecom networks, allowing the phone company of the consumer receiving the call to verify a call is in fact from the number displayed on the Caller ID and no call spoofing is occurring. A key part of this verification process involves the originating and terminating service providers assigning an attestation rating to each call.

What does an attestation rating of a call mean?

SHAKEN attestation is the “trust” or “proof” a call is not being spoofed based on the originating service provider’s relationship to the telephone number. It’s part of an eight-step process a STIR/SHAKEN call authentication solution conducts to provide the call recipient with confidence the outbound caller ID has not been tampered with. Today, a call’s attestation value is increasingly being used as an input for service provider robocall analytic algorithms to help determine its risk level.

What are the attestation levels for STIR/SHAKEN?

Under STIR/SHAKEN, each voice call is assigned one of three attestation levels: A, B or C. An ‘A’ attestation indicates the lowest level of risk and the call has been verified and can be trusted. For enterprises, achieving an A attestation helps increase call answer rates as these levels add another layer of trust to branded calling for businesses solutions like Branded Call Display (BCD). If a call receives lower than an A attestation, it’s at risk of being marked as spam or even blocked by the terminating service provider. For this reason, it’s important for businesses to ensure their calls are being properly assigned the full ‘A’ attestation, and they’re not being mistakenly blocked or marked as spam.

Following are explanations of the three different STIR/SHAKEN attestation levels:

A.     Full attestation

Service provider A to service provider B: This is my customer. I gave them this telephone number. This call originated on my network.”

The signing provider:

  • Is responsible for the origination of the call onto the IP-based service provider voice network
  • Has a direct authenticated relationship with the customer and can identify the customer
  • Has established a verified association with the telephone number used for the call

B.     Partial attestation

Service provider A to service provider B: This is my customer. This call originated on my network; however, I did not give them this telephone number.”

The signing provider:

  •  Is responsible for the origination of the call onto the IP-based service provider voice network
  • Has a direct authenticated relationship with the customer and can identify the customer
  • Has NOT established a verified association with the telephone number used for the call

C.     Gateway attestation

Service provider A to service provider B: “This call originated outside my network.”

The signing provider:

  • Has no relationship to the initiator of the call (e.g., international gateways)

As the telecom industry works to reduce robocalls, call spoofing and fraud through initiatives like STIR/SHAKEN, businesses need to understand how important it is to actively protect their outbound calls from being assigned an inappropriate attestation.

Read the blog: Can We Talk? Honest Answers About How Businesses Can Protect Their Outbound Phone Calls

Download the How STIR/SHAKEN Works infographic or contact us to learn more about how our Trusted Call Solutions like Branded Call Display help businesses protect customers from fraudulent calls while letting legitimate calls through.

Do you have questions? Our team is ready to help.