STIR/SHAKEN is a technology framework designed to reduce fraudulent robocalls and illegal phone number spoofing. STIR stands for Secure Telephony Identity Revisited. SHAKEN stands for Secure Handling of Asserted information using toKENs.
The FCC has adopted rules requiring service providers to deploy a STIR/SHAKEN solution by June 30, 2021.
STIR is a working group within the IETF, an internet standards body, which has developed a set of protocols used to create a digital signature for a call. The signed call includes information about the calling party and allows for verification of the signature by the terminating provider.
SHAKEN are the standards for how STIR is to be deployed by service providers within their networks.
Between 3 and 5 billion robocalls are made each month, and research suggests that more than 40% of those calls are thought to be fraud-related.
STIR/SHAKEN is an industry-wide initiative to restore trust in our voice communications. Its goal is to prevent fraudsters from scamming consumers and businesses through robocalls and illegal phone number spoofing, while making sure that legitimate calls reach the recipient.
France’s STIR/SHAKEN: The MAN Program
What do you need to know
This newly-created program aims to reduce fraudulent robocalls in France by providing an efficient and dependable framework for authenticating phone calls. Similar to the U.S. STIR/SHAKEN framework, a call is authenticated based on the originating number, and any calls made from that number will be signed with an A, B, or C based on the carrier’s relationship with the calling party. While based on the same fundamentals, STIR/SHAKEN and France’s MAN program have some important operational differences.
Deadline: The deadline for operators to implement the MAN program is July 25th, 2023.
Bandwidth implemented STIR/SHAKEN in our network in December 2019 and we’re currently signing over 4 billion calls each month. We’ve established interoperability with major carriers and other enhancements that will support our customers’ compliance with STIR/SHAKEN.
How can Bandwidth help me meet the deadline for STIR/SHAKEN?
Consolidating your outbound calling and phone numbers with Bandwidth can simplify your compliance with STIR/SHAKEN. As a Bandwidth voice customer using our phone numbers, your calls are automatically signed with full or “A” attestation. This lowers the chance that your calls will be blocked by a terminating carrier.
Discover a customizable solution to meet your complex needs, with unparalleled quality and expansive reach all using Bandwidth’s outbound voice solution with full support for STIR/SHAKEN.
Access millions of phone numbers using our industry-leading number management tools and APIs for a truly automated experience. And, since outbound calls using Bandwidth receive A-level (full) attestation, you can spend less time worrying about calls getting blocked, and more time focusing on what makes your business great.
Bandwidth continues to take aggressive steps to prevent malicious forms of traffic from entering our network, while ensuring that valid traffic is protected. We are an active petitioner with the FCC as well as a key influencer within industry groups to help advocate for and shape telecommunications policy on behalf of our customers.
In a STIR/SHAKEN call, the originating service provider signs (or attests) to their relationship with the caller and their right to use the calling number.
There are 3 levels of attestation that can be applied to a call:
Full or “A” Attestation:
The service provider knows the customer and their right to use the phone number.
Partial or “B” Attestation:
The service provider knows the customer but not the source of the phone number.
Gateway or “C” Attestation:
The service provider has originated the call onto the network but can’t authenticate the call source e.g., international gateway.
Today, calls from Bandwidth customers using our phone numbers are signed with full or “A” attestation, and all other calls are signed with a partial or “B” attestation. We continue to advocate and push for solutions that will elevate attestation for partially-signed but valid traffic.
A STIR/SHAKEN call flow
When a call is made, a SIP INVITE is initiated by the calling party. The originating service provider receives it and checks the source of the call and calling number to determine the attestation level.
The originating service provider uses an authentication service to create an encrypted SIP identity header that includes the:
Calling number
Number being called
Current date and timestamp
Attestation level
A unique origination Identifier for traceback
Then, the SIP Invite, along with the SIP identity header, is sent to the terminating provider, who passes the SIP invite to a verification service.
If the call passes verification, the terminating provider determines whether to complete or block the call based on the attestation level and, potentially, other factors such as their own call analytics.
Want to learn more about STIR/SHAKEN and how Bandwidth is working to reestablish trust in calling?
In a STIR/SHAKEN call, the originating service provider signs (or attests) to their relationship with the caller and their right to use the calling number.
This solution is envisioned to be an industry-authorized repository of TNs mapped to participating enterprises, with each enterprise assigned a unique identifier. The idea is that the carrier or IVoIP provider supplying phone number resources would update the database when an enterprise requests a new number, and the originating service provider would access the database to confirm the enterprises’ right to use that TN. It would include any delegated authorities for the enterprise as well, such as a 3rd-party contact center. To learn more, please see our blog post about when you need to sign your own calls.
Call Diversion (also known as call forwarding) is a transfer of a telephone call to another destination.
The North American Numbering Plan, or NANP, is the telephone numbering plan for the PSTN (Public Switched Telephone Network) for World Zone 1, one of the nine international calling code regions defined by the International Telecommunication Union (ITU). World Zone 1 comprises twenty countries, mainly in North America and the Caribbean. To learn more, please see our NANPA glossary page.
“Robocalling” is a term that has been coined to describe the use of autodialing systems to make automated calls that deliver prerecorded voice messages. To learn more, please see our robocalling glossary page.
The TRACED (Telephone Robocall Abuse Criminal Enforcement and Deterrence) Act is a piece of bipartisan legislation that was signed into law on December 31, 2019. The Act seeks to increase enforcement against telemarketers and scammers making illegal robocalls, and among other things, requires the FCC to establish a call authentication framework and mitigation criteria aimed at preventing the ultimate delivery of fraudulent calls to end-users. To learn more, please see our TRACED Act glossary page.
The header containing the verification results produced by the STI-VS (STI Verification Service). To learn more, please see our support center guide.
