Top 7 Things You Should Know About STIR/SHAKEN

Ed Mallory Written by Ed Mallory
| |
4 minute read

Learn about STIR/SHAKEN technology standards and compliance from Calvin Ellison, Systemics Architect of VOXOX. In this guide, we bring together the key highlights about STIR/SHAKEN protocols and why it is so important today.

Fraudulent activity is a harsh reality of our rapidly advancing telecom industry. As we all know, it requires continuous effort to stay “in the know” about all of the new ways we must work to protect consumers and our businesses.

Robocalling and phone number spoofing are some of the many ways fraudulent activity rears its ugly head these days – especially for VoIP systems. Simply put, criminals and corrupt fraudsters will falsify or “spoof” the caller ID number of their outbound phone call to deceive the party on the receiving end. They’ll often change the area code to match that of the person they’re calling in an attempt to increase the likeliness of them answering.

Illegitimate callers might impersonate the IRS to steal a tax refund or pose as the local power company to trick someone into paying a pretend overdue bill. Activity like this has led to malicious identity theft, cyber crimes, and financial loss.  

Luckily, the world is full of geniuses ready and able to develop solutions for challenges like these. And lucky for us, we have a few of those geniuses working here at VOXOX. In our most recent podcast, we sit down with our very own Calvin Ellison, Systems Architect of VOXOX to talk about the ongoing implementation of solutions to combat fraud. Our conversation is focused on the STIR/SHAKEN framework and his participation in the 2021 STIR/SHAKEN Virtual Summit. 

He breaks down everything businesses need to know about STIR/SHAKEN. In the following guide, we highlight 7 of the key items about STIR/SHAKEN that businesses should know. But first a little background...

What is STIR/SHAKEN?

STIR/SHAKEN is a technology framework put in place to decrease the number of fraudulent robocalls and caller ID spoofing on public communication networks. The concept, first introduced in the 1970s, has evolved into an extensive suite of protocols and procedures that the Federal Communications Commission (FCC) now requires companies to adopt as of June 30, 2021.

 

What is the difference between STIR and SHAKEN?

Secure Telephone Identity Revisited (STIR) started as a Working Group of the Internet Engineering Task Force. Per their charter, “the STIR working group will specify Internet-based mechanisms that allow verification of the calling party's authorization to use a particular telephone number for an incoming call.” The STIR working group set the stage for the SIP Forum and the Alliance for Telecommunications Industry Solutions (ATIS) to collaborate and produce the Signature-based Handling of Asserted Information Using toKENs (SHAKEN) standards.

shutterstock_1005763789

Combined, STIR/SHAKEN enables origination service providers to cryptographically sign their Voice Over IP (VoIP) calls so that terminating service providers can use these signatures in their Call Validation Treatment (CVT) to decide how a call should be delivered to the subscriber. 

Although specific to VoIP, STIR/SHAKEN can also be applied to traditional PSTN using out-of-band solutions or by manipulating the Caller Name (CNAM). Out-of-band solutions allow the VoIP-PSTN gateway providers to log call signatures to an external database, which terminating service providers can check later. CNAM could be altered to include “[V]” or “Verified” or some other indictor that would appear to the subscriber.

age for the SIP Forum and the Alliance for Telecommunications Industry Solutions (ATIS) to collaborate and produce the Signature-based Handling of Asserted Information Using toKENs (SHAKEN) standards.

Combined, STIR/SHAKEN enables origination service providers to cryptographically sign their Voice Over IP (VoIP) calls so that terminating service providers can use these signatures in their Call Validation Treatment (CVT) to decide how a call should be delivered to the subscriber. 

Although specific to VoIP, STIR/SHAKEN can also be applied to traditional PSTN using out-of-band solutions or by manipulating the Caller Name (CNAM). Out-of-band solutions allow the VoIP-PSTN gateway providers to log call signatures to an external database, which terminating service providers can check later. CNAM could be altered to include “[V]” or “Verified” or some other indictor that would appear to the subscriber.

7 Key Highlights About STIR/SHAKEN

Here are 7 important items you should know about STIR/SHAKEN:

shutterstock_331648835

  1. STIR/SHAKEN requires originating carriers (the outbound caller's provider) to sign calls with an Identity, attesting their relationship to the calling party and legitimacy of the calling number. This allows every incoming call that a terminating service provider (the called number’s provider) receives to be examined and verified against the official list of call signing certificates.

  2. These Identity signatures allow terminating carriers (the called party's provider) to know three things: which carriers are allowing calls, whether the calling party is known, and whether the calling numbers are legitimate.

  3. Call Validation Treatment (CVT, or Call analytics) can use the Identity signature when deciding whether to send a call through, divert a call to voicemail, or block a call. If a caller ID number matches a known scam number or the Identity header indicates the calling number is not known to be legitimate, it might show up on the called party’s phone as “Scam Likely” so they know not to answer it.

  4. Problem calls can be escalated directly to the carrier who signed the call, skipping the manual hop-by-hop traceback process.

  5. Carriers now must be concerned with the reputation of their signature, or risk all of their calls getting blocked. Originating service providers who permit illegal calling or improperly sign their calls may have their signing certificate revoked, or the FCC could instruct all callers to block any call signed by the offending carrier.

  6. Call-signing is the first step toward using Rich Call Data to enable more than just caller name, such as the reason for call and picture or logo of the caller. Rich Call Data, or RCD, is designed to provide more information that can help persuade consumers to answer phone calls from outside of their contacts. This is especially useful for enterprises looking to align their calls with a consistent brand image.

  7. STIR/SHAKEN is intended to help restore trust in calling so that consumers are more willing to pick up the phone. This is why STIR/SHAKEN is so important. In fact, between 3 to 5 billion robocallers are reported each month and studies suggest nearly half of these calls are believed to be potentially fraudulent activity. STIR/SHAKEN helps to ensure consumers’ protection from damaging scams without hindering legitimate calls from reaching the recipient.

shutterstock_431626918


Final Thoughts

As STIR/SHAKEN compliance continues to be implemented by voice service providers far and wide, consumers can feel confident that the calls coming through are from a legitimate source. By the same token, enterprises can trust that their calls won’t be wrongly mistaken for fraud and blocked from reaching their customers. For the telecom industry as a whole, this is an exciting first step forward in the advancement of Rich Call Data as a means to build business-to-consumer trust.