Understanding STIR/SHAKEN
The ultimate technology and regulatory guide to combat fraudulent robocalling and illegal phone number spoofing
STIR/SHAKEN: What is it and why does it matter?
What is STIR/SHAKEN?
STIR/SHAKEN is a technology framework designed to reduce fraudulent robocalls and illegal phone number spoofing. STIR stands for Secure Telephony Identity Revisited. SHAKEN stands for Secure Handling of Asserted information using toKENs.
The FCC has adopted rules requiring service providers to deploy a STIR/SHAKEN solution by June 30, 2021.
What’s the difference between STIR and SHAKEN?
STIR is a working group within the IETF, an internet standards body, which has developed a set of protocols used to create a digital signature for a call. The signed call includes information about the calling party and allows for verification of the signature by the terminating provider.
SHAKEN are the standards for how STIR is to be deployed by service providers
within their networks.
Why is STIR/SHAKEN so important?
Between 3 and 5 billion robocalls are made each month, and research suggests that more than 40% of those calls are thought to be fraud-related.
STIR/SHAKEN is an industry-wide initiative to restore trust in our voice communications. Its goal is to prevent fraudsters from scamming consumers and businesses through robocalls and illegal phone number spoofing, while making sure that legitimate calls reach the recipient.
The June 30, 2022 deadline
What do you need to know
The FCC requires that all voice service providers routing traffic to or from US phone numbers must register in the Robocall Mitigation Database (RMD). The extension that was granted on September 30, 2021 to foreign-based small service voice providers for registration is coming to an end. To avoid any interruption in service, you must be registered in the RMD by June 30, 2022. The FCC has directed downstream providers like Bandwidth to begin blocking traffic from upstream voice service providers that have failed to register in the RMD by then.
What is Bandwidth doing for STIR/SHAKEN?
Bandwidth implemented STIR/SHAKEN in our network in December 2019 and we’re currently signing
over 4 billion calls each month. We’ve established interoperability with major carriers and other
enhancements that will support our customers’ compliance with STIR/SHAKEN.
How can Bandwidth help me meet the deadline for STIR/SHAKEN?
Consolidating your outbound calling and phone numbers with Bandwidth can simplify your compliance with STIR/SHAKEN. As a Bandwidth voice customer using our phone numbers, your calls are automatically signed with full or “A” attestation. This lowers the chance that your calls will be blocked by a terminating carrier.
OUTBOUND VOICE
Discover a customizable solution to meet your complex needs, with unparalleled quality and expansive reach all using Bandwidth's outbound voice solution with full support for STIR/SHAKEN.
PHONE NUMBERS
Access millions of phone numbers using our industry-leading number management tools and APIs for a truly automated experience. And, since outbound calls using Bandwidth receive A-level (full) attestation, you can spend less time worrying about calls getting blocked, and more time focusing on what makes your business great.
Educational Resources
STIR/SHAKEN is a rapidly-evolving, and often confusing, topic. These technical and regulatory resources can help you unravel the mystery and stay on top of industry developments as we approach the June 2021 deadline.
Industry Leadership
Bandwidth continues to take aggressive steps to prevent malicious forms of traffic from entering our network, while ensuring that valid traffic is protected. We are an active petitioner with the FCC as well as a key influencer within industry groups to help advocate for and shape telecommunications policy on behalf of our customers.
Bandwidth’s STIR/SHAKEN implementation
How does STIR/SHAKEN work
In a STIR/SHAKEN call, the originating service provider signs (or attests) to their relationship with the caller and their right to use the calling number.
There are 3 levels of attestation that can be applied to a call:
Full or “A” Attestation:
The service provider knows the customer and their right to use the phone number.
Partial or “B” Attestation:
The service provider knows the customer but not the source of the phone number.
Gateway or “C” Attestation:
The service provider has originated the call onto the network but can’t authenticate the call source e.g., international gateway.
Today, calls from Bandwidth customers using our phone numbers are signed with full or “A” attestation, and all other calls are signed with a partial or “B” attestation. We continue to advocate and push for solutions that will elevate attestation for partially-signed but valid traffic.
VOICE
STIR/SHAKEN 101: The ABCs
of attestation and analytics
A STIR/SHAKEN call flow
When a call is made, a SIP INVITE is initiated by the calling party. The originating service provider receives it and checks the source of the call and calling number to determine the attestation level.
The originating service provider uses an authentication service to create an encrypted SIP identity header that includes the:
- Calling number
- Number being called
- Current date and timestamp
- Attestation level
- A unique origination Identifier for traceback
Then, the SIP Invite, along with the SIP identity header, is sent to the terminating provider, who passes the SIP invite to a verification service.
If the call passes verification, the terminating provider determines whether to complete or block the call based on the attestation level and, potentially, other factors such as their own call analytics.
Want to learn more about STIR/SHAKEN and how Bandwidth is working to reestablish trust in calling?
If you're already a Bandwidth customer, reach out to your Account Manager, otherwise contact one of our experts to get your STIR/SHAKEN questions answered.
Talk to an expertRelated terms
Attestation
Central TN Database
This solution is envisioned to be an industry-authorized repository of TNs mapped to participating enterprises, with each enterprise assigned a unique identifier. The idea is that the carrier or IVoIP provider supplying phone number resources would update the database when an enterprise requests a new number, and the originating service provider would access the database to confirm the enterprises’ right to use that TN. It would include any delegated authorities for the enterprise as well, such as a 3rd-party contact center. To learn more, please see our blog post about when you need to sign your own calls.
Diversion
Call Diversion (also known as call forwarding) is a transfer of a telephone call to another destination. To learn more, please see our call diversion glossary page.
NANPA
The North American Numbering Plan, or NANP, is the telephone numbering plan for the PSTN (Public Switched Telephone Network) for World Zone 1, one of the nine international calling code regions defined by the International Telecommunication Union (ITU). World Zone 1 comprises twenty countries, mainly in North America and the Caribbean. To learn more, please see our NANPA glossary page.
Robocalling
“Robocalling” is a term that has been coined to describe the use of autodialing systems to make automated calls that deliver prerecorded voice messages. To learn more, please see our robocalling glossary page.
TRACED Act
The TRACED (Telephone Robocall Abuse Criminal Enforcement and Deterrence) Act is a piece of bipartisan legislation that was signed into law on December 31, 2019. The Act seeks to increase enforcement against telemarketers and scammers making illegal robocalls, and among other things, requires the FCC to establish a call authentication framework and mitigation criteria aimed at preventing the ultimate delivery of fraudulent calls to end-users. To learn more, please see our TRACED Act glossary page.
VERSTAT
The header containing the verification results produced by the STI-VS (STI Verification Service). To learn more, please see our support center guide.