06/07/2024
Blog
STIR/SHAKEN is an industry-developed protocol and framework designed for robocall mitigation and to combat illegal call spoofing by verifying a caller’s identity. It's a key call authentication solution for branded calling. All communications service providers (CSPs) in the US were mandated by the Federal Communications Corporation (FCC) — under the US Federal TRACED Act — to implement STIR/SHAKEN call authentication by June 30, 2021.
STIR/SHAKEN is a vital component to achieving secure branded calling for businesses. Under STIR/SHAKEN, when a call is made, the originating service provider (OSP) obtains a token (credentials) proving the phone number is associated with who it says it is — and then shares it with the STIR/SHAKEN certificate authority (CA) to get a certificate. The certificate allows the OSP to digitally sign its calls.
Read the blog: What Are the STIR/SHAKEN Requirements?
One of the reasons the FCC selected STIR/SHAKEN as the call authentication standard is it utilizes a combination of technical, regulatory and behavioral solutions to establish a chain of trust. STIR/SHAKEN digitally validates the hand-off of phone calls passing through a complex web of telecom networks, allowing the phone company of the consumer receiving the call to verify a call is in fact from the number displayed on the Caller ID and no call spoofing is occurring. A key part of this verification process involves the originating and terminating service providers assigning an attestation rating to each call.
SHAKEN attestation is the “trust” or “proof” a call is not being spoofed based on the originating service provider’s relationship to the telephone number. It’s part of an eight-step process a STIR/SHAKEN call authentication solution conducts to provide the call recipient with confidence the outbound caller ID has not been tampered with. Today, a call’s attestation value is increasingly being used as an input for service provider robocall analytic algorithms to help determine its risk level.
Under STIR/SHAKEN, each voice call is assigned one of three attestation levels: A, B or C. An ‘A’ attestation indicates the lowest level of risk and the call has been verified and can be trusted. For enterprises, achieving an A attestation helps increase call answer rates as these levels add another layer of trust to branded calling for businesses solutions like Branded Call Display (BCD). If a call receives lower than an A attestation, it’s at risk of being marked as spam or even blocked by the terminating service provider. For this reason, it’s important for businesses to ensure their calls are being properly assigned the full ‘A’ attestation, and they’re not being mistakenly blocked or marked as spam.
Following are explanations of the three different STIR/SHAKEN attestation levels:
A. Full attestation
Service provider A to service provider B: This is my customer. I gave them this telephone number. This call originated on my network.”
The signing provider:
B. Partial attestation
Service provider A to service provider B: This is my customer. This call originated on my network; however, I did not give them this telephone number.”
The signing provider:
C. Gateway attestation
Service provider A to service provider B: “This call originated outside my network.”
The signing provider:
As the telecom industry works to reduce robocalls, call spoofing and fraud through initiatives like STIR/SHAKEN, businesses need to understand how important it is to actively protect their outbound calls from being assigned an inappropriate attestation.
Download the How STIR/SHAKEN Works infographic or contact us to learn more about how our Trusted Call Solutions like Branded Call Display help businesses protect customers from fraudulent calls while letting legitimate calls through.