Understanding STIR/SHAKEN

Evolving STIR/SHAKEN compliance requirements mean it’s more important than ever to learn about STIR/SHAKEN and how you fit into the call authentication ecosystem.

Stay updated

Robocall and fraud mitigation: Worldwide deadlines

STIR/SHAKEN updates 🇺🇸

Final effective date TBD, but as early as June 20, 2025
The FCC has adopted rules aimed to ensure all voice service providers authenticate their own calls.

The MAN program 🇫🇷

In effect from: October 1, 2024
Similar to the US STIR/SHAKEN framework, this program aims to reduce fraudulent robocalls in France by establishing a call authentication framework for Internet Protocol-based PSTN calls.

STIR/SHAKEN: What is it and why does it matter?

What is Bandwidth doing for STIR/SHAKEN?

Bandwidth implemented STIR/SHAKEN in our network in December 2019 and has been a key proponent and participant in shaping the STIR/SHAKEN ecosystem. We’ve supported the signing of billions of calls. To assist our customers’ implementation of STIR/SHAKEN, we’ve:

Established and expanded IP interconnections with major carriers to help support the transmission of IP traffic end-to-end, including the delivery of STIR/SHAKEN information.

Released Hosted Signing Service for Bandwidth reseller customers to simplify hosting your own STIR/SHAKEN certificate and authenticating your calls.

Bandwidth direct enterprise customers can rest easy knowing Bandwidth is ensuring their calls are signed using STIR/SHAKEN.

What’s your role?

You should be taking steps to understand and ensure you’ve met any requirements to implement STIR/SHAKEN call signing. You will need to approach your own legal counsel, but we’re here to help with a platform to help streamline the technical work to implement STIR/SHAKEN. See our checklist, which summarizes steps to implement STIR/SHAKEN in the US.

How can Bandwidth help me meet the deadline for STIR/SHAKEN?

For voice service providers:

Our Hosted Signing Service provides the underlying technology to use your own digital certificate to sign calls at scale.

For other Bandwidth direct enterprise customers:

When making calls using US phone numbers assigned to you in your Bandwidth App, your calls are automatically signed with full or “A” attestation. This increases trust in your calls and may help lower the chance that your calls will be labeled or blocked by a terminating carrier, particularly when paired with Bandwidth’s Number Reputation Management service.

Industry leadership

Bandwidth continues to take aggressive steps to prevent malicious forms of traffic from entering our network, while ensuring that valid traffic is protected. We are an active petitioner with the FCC as well as a key influencer within industry groups to help advocate for and shape telecommunications policy on behalf of our customers.

Bandwidth’s STIR/SHAKEN implementation

How does STIR/SHAKEN work

Understanding attestation

In a STIR/SHAKEN call, the originating service provider signs (or attests) to their relationship with the caller and their right to use the calling number.

There are 3 levels of attestation that can be applied to a call:

Full or “A” Attestation:

The service provider knows the caller and their right to use the phone number.

Partial or “B” Attestation:

The service provider knows the caller but not the source of the phone number.

Gateway or “C” Attestation:

The service provider has originated the call onto the network but can’t authenticate the call source e.g., international gateway.

A STIR/SHAKEN call flow

When a call is made, a SIP INVITE is initiated by the calling party. The signing service provider receives it and checks the source of the call and calling number to determine the attestation level. 

The signing service provider uses an authentication service to create an encrypted SIP identity header that includes the:

  • Calling number
  • Number being called
  • Current date and timestamp
  • Attestation level
  • A unique origination identifier for traceback

Bandwidth provides a Hosted Signing Service to streamline the authentication process to enable customers to sign their outbound calls using their own certificate and attestation policies. 

Then, the SIP Invite, along with the SIP identity header, is sent to the terminating provider, who passes the SIP invite to a call verification service.

The terminating provider determines how to treat the call based on the information in the verified identity header and potentially other factors such as their own call analytics. The terminating carrier may choose to block or label the call based on its own proprietary reasonable analytics.

Learn more about STIR/SHAKEN

Essential STIR/SHAKEN terms

Want to navigate the unfamiliar STIR/SHAKEN lands with ease? Make sure to learn their language.

This page is a high-level summary and is not meant to be exhaustive, conclusive, or applicable to every situation or organization. The content here is not legal advice or opinion. Consult your organization’s legal counsel for guidance specific to your business.