Skip to main content

Understanding STIR/SHAKEN

The ultimate technology and regulatory guide to combat fraudulent robocalling and illegal phone number spoofing

Talk to an Expert Download the guide

STIR/SHAKEN: What is it and why does it matter?

What is STIR/SHAKEN?

STIR/SHAKEN is a technology framework designed to reduce fraudulent robocalls and illegal phone number spoofing. STIR stands for Secure Telephony Identity Revisited. SHAKEN stands for Secure Handling of Asserted information using toKENs.

The FCC has adopted rules requiring service providers to deploy a STIR/SHAKEN solution by June 30, 2021.


What’s the difference between STIR and SHAKEN?

STIR is a working group within the IETF, an internet standards body, which has developed a set of protocols used to create a digital signature for a call. The signed call includes information about the calling party and allows for verification of the signature by the terminating provider.

SHAKEN are the standards for how STIR is to be deployed by service providers within their networks.


Why is STIR/SHAKEN so important?

Between 3 and 5 billion robocalls are made each month, and research suggests that more than 40% of those calls are thought to be fraud-related.

STIR/SHAKEN is an industry-wide initiative to restore trust in our voice communications. Its goal is to prevent fraudsters from scamming consumers and businesses through robocalls and illegal phone number spoofing, while making sure that legitimate calls reach the recipient.

What is Bandwidth doing for STIR/SHAKEN?

Bandwidth implemented STIR/SHAKEN in our network in December 2019 and we're currently signing over 4 billion calls each month. We’ve established interoperability with major carriers and other enhancements that will support our customers’ compliance with STIR/SHAKEN.


How can Bandwidth help me meet the deadline for STIR/SHAKEN?

Consolidating your outbound calling and phone numbers with Bandwidth can simplify your compliance with STIR/SHAKEN. As a Bandwidth voice customer using our phone numbers, your calls are automatically signed with full or “A” attestation. This lowers the chance that your calls will be blocked by a terminating carrier.

OUTBOUND VOICE

Discover a customizable solution to meet your complex needs, with unparalleled quality and expansive reach all using Bandwidth's outbound voice solution with full support for STIR/SHAKEN.

PHONE NUMBERS

Access millions of phone numbers using our industry-leading number management tools and APIs for a truly automated experience. And, since outbound calls using Bandwidth receive A-level (full) attestation, you can spend less time worrying about calls getting blocked, and more time focusing on what makes your business great.


Industry Leadership

Bandwidth continues to take aggressive steps to prevent malicious forms of traffic from entering our network, while ensuring that valid traffic is protected. We are an active petitioner with the FCC as well as a key influencer within industry groups to help advocate for and shape telecommunications policy on behalf of our customers.

Bandwidth’s STIR/SHAKEN implementation

STIR/SHAKEN Timeline

How does STIR/SHAKEN work


Understanding attestation

In a STIR/SHAKEN call, the originating service provider signs (or attests) to their relationship with the caller and their right to use the calling number.

There are 3 levels of attestation that can be applied to a call:

Full or “A” Attestation:
The service provider knows the customer and their right to use the phone number.

Partial or “B” Attestation:
The service provider knows the customer but not the source of the phone number.

Gateway or “C” Attestation:
The service provider has originated the call onto the network but can’t authenticate the call source e.g., international gateway.

Today, calls from Bandwidth customers using our phone numbers are signed with full or “A” attestation, and all other calls are signed with a partial or “B” attestation. We continue to advocate and push for solutions that will elevate attestation for partially-signed but valid traffic.

VOICE

STIR/SHAKEN: The ABCs of attestation and analytics


A STIR/SHAKEN call flow

STIR/SHAKEN call flowSTIR/SHAKEN call flow

When a call is made, a SIP INVITE is initiated by the calling party. The originating service provider receives it and checks the source of the call and calling number to determine the attestation level.

The originating service provider uses an authentication service to create an encrypted SIP identity header that includes the:

  • Calling number
  • Number being called
  • Current date and timestamp
  • Attestation level
  • A unique origination Identifier for traceback

Then, the SIP Invite, along with the SIP identity header, is sent to the terminating provider, who passes the SIP invite to a verification service.

If the call passes verification, the terminating provider determines whether to complete or block the call based on the attestation level and, potentially, other factors such as their own call analytics.

Want to learn more about STIR/SHAKEN and how Bandwidth is working to reestablish trust in calling?

If you're already a Bandwidth customer, reach out to your Account Manager, otherwise contact one of our experts to get your STIR/SHAKEN questions answered.

Talk to an expert

Related terms

Attestation

Central TN Database

This solution is envisioned to be an industry-authorized repository of TNs mapped to participating enterprises, with each enterprise assigned a unique identifier. The idea is that the carrier or IVoIP provider supplying phone number resources would update the database when an enterprise requests a new number, and the originating service provider would access the database to confirm the enterprises’ right to use that TN. It would include any delegated authorities for the enterprise as well, such as a 3rd-party contact center. To learn more, please see our blog post about when you need to sign your own calls.

Diversion

Call Diversion (also known as call forwarding) is a transfer of a telephone call to another destination. To learn more, please see our call diversion glossary page.

NANPA

The North American Numbering Plan, or NANP, is the telephone numbering plan for the PSTN (Public Switched Telephone Network) for World Zone 1, one of the nine international calling code regions defined by the International Telecommunication Union (ITU). World Zone 1 comprises twenty countries, mainly in North America and the Caribbean. To learn more, please see our NANPA glossary page.

Robocalling

“Robocalling” is a term that has been coined to describe the use of autodialing systems to make automated calls that deliver prerecorded voice messages. To learn more, please see our robocalling glossary page.

TRACED Act

The TRACED (Telephone Robocall Abuse Criminal Enforcement and Deterrence) Act is a piece of bipartisan legislation that was signed into law on December 31, 2019. The Act seeks to increase enforcement against telemarketers and scammers making illegal robocalls, and among other things, requires the FCC to establish a call authentication framework and mitigation criteria aimed at preventing the ultimate delivery of fraudulent calls to end-users. To learn more, please see our TRACED Act glossary page.

VERSTAT

The header containing the verification results produced by the STI-VS (STI Verification Service). To learn more, please see our support center guide.