What You Need to Know About STIR/SHAKEN


We’ve all answered a seemingly legitimate number only to be met with the mechanical voice of a pre-recorded robot. It’s hardly avoidable, considering there were an estimated 45.9 billion robocalls in the U.S. in 2020. And these calls aren’t just annoying; they cost businesses billions of dollars in lost time and productivity. 

Luckily, the telecom industry has a solution. In December 2019, the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act was signed into law. This bipartisan piece of legislation intends to prevent telemarketers and scammers from making illegal robocalls. Among other things, the Act requires the FCC to establish a call authentication framework and mitigation criteria to prevent end-users from receiving fraudulent calls. 

So let’s talk about that framework, known as STIR/SHAKEN. 

spambot scammer calling


Unfortunately, STIR/SHAKEN has nothing to do with a 007-inspired cocktail. It is, however, a framework designed to reduce fraudulent robocalls and illegal spoofing. Think of it as a set of standards that run in the background during a call to guarantee the validity of the calling party. Let’s break it down. 

STIR is short for Secure Telephone Identity Revisited. It’s both the name of a working group within the Internet Engineering Task Force (IETF) and the shorthand for a technology that adds cryptographic signatures to call signaling requests. In other words, it prevents a caller from providing a calling number to the receiving party that they’re not authorized to use. 

SHAKEN stands for Signature-based Handling of Asserted information using ToKENs. (I know, it’s a stretch.) It’s a standard that defines how voice providers like us should implement the STIR technology to ensure that originating calling party numbers are not illegally spoofed. 

Together, STIR/SHAKEN describes a set of technical standards and operating procedures for implementing call authentication for calls carried over an IP network. The framework will enable originating voice service providers to attest to the validity of an asserted caller ID. (Imagine the provider stamping the outbound calls with a certified signature that can’t be faked.) On the other end of the call, the terminating provider will use the security certificate to validate that the caller ID attestation hasn’t been compromised along the way. 

It’s worth clarifying that STIR/SHAKEN technically doesn’t block fraudulent calls. It’s more like a tool that can indicate whether fraud may be occurring. 

What is STIR/SHAKEN Attestation? 

In accordance with STIR/SHAKEN, an originating voice provider will stamp each outbound call with an attestation level. Think of it like a friend vouching for you; the provider attests to their relationship with the caller and validates their right to use the number. There are three different levels of attestation: full, partial and gateway. 

Full or “A” attestation means that the service provider knows the customer and can vouch for their right to use the phone number they’re calling from. Partial or “B” attestation means the service provider knows the customer, but not the source of the phone number itself. Gateway or “C” attestation means that the service provider has originated the call onto the network, but can’t authenticate the call source. 

How Does STIR/SHAKEN Work? 

The best way to understand the STIR/SHAKEN framework is to look at the process of a call step by step. 

STIR/SHAKEN flow chart

When a call is placed, a SIP invite is created by the caller (1). The caller’s service provider receives it (2) and checks the source and number of the call to determine the level of attestation (3). 

Once the level of attestation has been determined, the provider creates an encrypted SIP identity header that includes the calling number, number being dialed, date and timestamp, level of attestation and a unique origination number for traceback (4). It’s as if each call receives it’s own ID. 

At this point, the SIP identity header (and original SIP invite) are sent to the receiving provider (5), who passes the invite to a verification service (6). Once the information has been verified, the receiving provider can determine whether to block (7) or complete the call (8). 

The Fight Against Fraud 

Most Americans are hesitant about picking up the phone these days. According to Pew Research, only 19 percent of us will pick up a call from an unknown number. We’ve all been burned too many times by fraudulent calls telling us we’ve won a free night stay at the Marriott Hotel or an angry robobot telling us we’re about to be sued if we don’t take action NOW! 

Today’s small businesses don’t have the luxury of not answering. When every call could be a potential customer, you can’t afford not to pick up. 

The STIR/SHAKEN initiative is intended to make significant headway in the fight against fraud and to restore trust in our modern telecommunications. 

Katie Dudlets

Katie Dudlets

Katie Dudlets serves as TelNet’s Marketing Manager and Chief Storyteller. A whiteboard enthusiast and compulsive book collector, she can usually be found expounding on the advantages of corporate storytelling. When not at her desk, you’ll probably find her admiring the artistry of a well-crafted taco, petting a dog or zipping around Lake St. Clair on her jet ski.

Subscribe to Our Newsletter

TelNet Worldwide
Scroll to Top
How can we help you?

Click to chat with a team member.

Get a Quote.
No Strings Attached.

Want to know how our features, plans and pricing could fit into your business? There's no better way to learn more than to talk to one of our Solution Specialists and get a free quote!

Blog Categories

Is Office Right for You?

Office is a calling-only package that provides HD voice on IP-enabled desk or conference phones. Office is intended for organizations who don’t use our collaboration software or perhaps use another collaboration platform and want to add voice.

Is Mobile Right for You?

Mobile is for organizations whose employees are on the move and do not need a chat platform or to host meetings. The package provides mobile calling. If softphone calling capabilities are all that is needed, our mobile package is your ideal solution.

Is Meetings Right for You?

Meetings is intended for organizations who are totally replacing an existing collaboration platform or adopting their first platform. Meetings includes calling features plus Webex, which is a full-featured collaboration suite that includes many remote and hybrid work functions.

Is Premium Meetings Right for You?

Similar to Meetings, Premium Meetings is intended for organizations replacing or adopting their first collaboration platform. Premium adds enhanced Webex features, including presenter controls and higher participant counts, making it ideal for bigger organizations who host large webinars or meetings.