Navigation:
- What is STIR/SHAKEN?
- What Does The STIR/SHAKEN Feature Look Like?
- Why is The STIR/SHAKEN Framework So Important?
- How Does STIR/SHAKEN Work?
- How to Achieve Verified Calls?
- What is MightyCall Doing for STIR/SHAKEN Compliance?
- STIR/SHAKEN Features (And More) in MightyСall
- STIR/SHAKEN Call Authentication on Android and iOS
- Why Use STIR/SHAKEN Technology?
- Use Case
- Helpful Terms to Know About STIR/SHAKEN
- Is STIR/SHAKEN Required by Law?
- How Businesses Can Prepare for STIR/SHAKEN Implementation?
- Ready to Start Using STIR/SHAKEN Technology?
What is STIR/SHAKEN?
STIR/SHAKEN is a set of protocols designed to combat caller ID spoofing, a technique used by scammers to mask their real phone number with a fake one. SHAKEN and STIR work together to check the authenticity of a call’s origin and ensure that the caller ID name information matches the actual caller. This technology is required by the Federal Communications Commission in the United States for all telephone service providers.
STIR
STIR (Secure Telephony Identity Revisited) is a set of technical STIR/SHAKEN protocols designed to combat caller ID spoofing. It helps to check and authenticate the calling party’s identification by using digital certificates to sign calls with a unique identifier by focusing mainly on end devices, such as smartphones or desktop phones, and uses a standardized process for checking the identity of callers.
SHAKEN
SHAKEN (Signature-based Handling of Asserted information using toKENs) provides standards for how service providers manage STIR-authenticated calls. It outlines and defines the ways in which service providers actually implement Secure Telephony Identity Revisited technology to authenticate calls made or received over the IP network by using a hierarchical framework of digital certificates to check the authenticity of calls, providing an end-to-end solution for checking caller identity.
What Does The STIR/SHAKEN Feature Look Like?
Users are able to access SHAKEN/STIR settings through a dedicated tab or menu within their telephone system interface. This tab includes options for enabling or disabling the feature. Additionally, MightyCall provides users with a real-time call status icon right next to the call, so you will know if the call is identified as potentially fraudulent, allowing you to take appropriate action.
Why is The STIR/SHAKEN Framework So Important?
It protects business from spam calls
By incoming сall authentication and assigning a score based on the likelihood that the call is legitimate, the system can help to identify and block unwanted spam calls before they ever reach the recipient’s telephone. This can save time and frustration for users, and help to reduce the overall volume of spam calls in circulation.
It is an effective measure against robocalls
Robocalls are automated calls that often contain pre-recorded messages, and are a common tactic used by scammers and spammers. By identifying these calls as potentially fraudulent and assigning them a low score, the system can help to prevent them from reaching users’ phones, reducing the annoyance and risk associated with spam calls.
It allows businesses to protect their reputation
The STIR/SHAKEN framework can help to protect the reputation of legitimate businesses and service providers. By checking the authenticity of their calls and assigning them a high score, the system can help to ensure that these calls are not mistaken for spam or fraudulent calls. This can help to build trust with customers and prevent unnecessary disruptions to legitimate business operations.
How Does STIR/SHAKEN Work?
- When an incoming call is received, the system checks the caller identity information associated with the call.
- The system then uses cryptographic STIR/SHAKEN certificates to check the authenticity of the caller identity information and ensure that it has not been tampered with.
- Based on this verification process, the system assigns a score to the call indicating the likelihood that it is a legitimate call.
- This score is then passed along with the call to the recipient’s telephone system, where it can be used to determine how the call should be handled.
- If the score is high, indicating a high likelihood that the call is legitimate, the call is allowed through to the recipient’s phone.
- If the score is low, indicating a high likelihood that the call is spam or fraudulent, the call may be blocked or flagged for further review by the recipient’s telephone system.
STIR/SHAKEN attestation levels
The framework uses a process called attestation to check the authenticity of incoming calls. There are three different attestation levels, each with its own requirements and implications. Here’s a brief overview:
- Full Attestation: This attestation level requires the caller’s identity to be checked using cryptographic certificates, ensuring that the call originates from a trusted source.
- Partial Attestation: This level is used when the call’s identity cannot be fully verified, but the system is able to confirm that the call originates from a specific service provider.
- Gateway Attestation: This STIR/SHAKEN attestation level is used when the call originates from a foreign service provider that does not support the technology. In this case, the gateway service provider provides a score based on its own analysis of the call.
By verifying the authenticity of incoming calls using this system, MightyCall can help to reduce the volume of spam and fraudulent calls that users receive, improving the overall quality of their telephone experience.
STIR/SHAKEN call flow
When the STIR/SHAKEN call technology is used, the call flow involves several key steps:
- The originating service provider generates a SIP INVITE message to initiate the call, including the caller’s phone number and identity information.
- The originating provider signs the message using a private key and includes the signature in the message.
- The message is passed through one or more intermediate providers, each of which may also sign the message using their own private key and add their signature to the message.
- The final provider verifies the signatures on the message using public keys provided by the originating and intermediate service providers.
- Based on the results, the final provider generates a score indicating the likelihood that the call is legitimate.
- The score is passed along with the call to the recipient’s telephone system, which can use it to determine how the call should be handled.
How to Achieve Verified Calls?
From the user side:
– Make sure that you are using a phone system or app that supports the STIR/SHAKEN deployment.
– Contact your service provider to confirm that they are implementing STIR/SHAKEN and to ensure that your account is set up correctly to receive verified calls.
From the service provider side:
– Implement the framework on your telephone system to provide safe services for your customers.
– Work with other service providers to ensure that call signatures are properly authenticated and verified throughout the call flow, allowing for accurate scores to be generated.
What is MightyCall Doing for STIR/SHAKEN Compliance?
- We began working on STIR/SHAKEN compliance in early 2021, in response to the growing problem of spam and fraudulent calls.
- We have implemented the necessary technical changes to ensure that our telephone system can properly check and handle calls that are authenticated using the structural framework.
- We have added a new “Verification Status” icon on the incoming calls. This allows users to easily identify and filter verified calls from those that did not pass the test.
- We are continuing to monitor industry developments and best practices related to this security tech, and will make ongoing updates and improvements to our platform as needed to maintain compliance and provide the best possible user experience.
STIR/SHAKEN Features (And More) in MightyСall
MightyCall has a number of internal functions designed to improve the security and reliability of our users’ telephone systems. Here are a few examples:
- Caller Identification (ID) authentication: Verifies incoming calls and displays a “verified” status in the call logs if the call passes the test.
- Call blocking: Allows users to block calls from specific phone numbers or area codes to reduce the volume of unwanted calls.
- Fraud detection: Uses machine learning to identify potential fraud or spam calls and alerts users to the potential danger.
- Number authentication: Verifies the authenticity of outgoing calls to improve the reputation of legitimate businesses and service providers and reduce the risk of fraud.
STIR/SHAKEN Call Authentication on Android and iOS
To have every MightyCall feature in your pocket, wherever in the world business finds you, download our free Mobile App for iOS or Android today.
Why Use STIR/SHAKEN Technology?
Reduce the volume of unwanted calls
By verifying the authenticity of incoming calls and assigning a score based on their likelihood of being legitimate, the system can help to filter out spam and fraudulent calls, allowing users to focus on the calls that matter.
Improve call quality and reliability
By ensuring that incoming calls are properly authenticated and verified, the system can help to reduce the risk of fraud and improve the accuracy of call routing, leading to a better overall user experience.
Enhance reputation protection
For businesses, using STIR/SHAKEN apps can be particularly important in terms of reputation protection. By verifying the authenticity of outgoing calls and ensuring that caller identity information is accurate and trusted, businesses can build a stronger reputation and reduce the risk of fraud or spam accusations.
Stay compliant with regulations
In many cases, compliance may be required by industry regulations or government agencies. By implementing the feature, users and businesses can ensure that they are meeting these requirements and avoiding potential penalties or fines.
Protect sensitive information
For users and businesses that deal with sensitive information, STIR/SHAKEN standards can provide an extra layer of protection against unauthorized access or fraud attempts. By verifying the authenticity of incoming calls, the system can help to reduce the risk of social engineering attacks and other types of fraud that rely on spoofed caller identity information.
Build trust with customers
Build trust with customers and partners by demonstrating a commitment to security and reliability. By providing a telephone system that is resistant to fraud and spam, businesses can enhance their reputation and build stronger relationships with key stakeholders.
Use Case
Jane, the owner of a small business, faced an issue of receiving spam and fraudulent calls. She implemented the caller ID authentication solution to improve security and reliability. It reduced the volume of unwanted calls and spam and filtered out unwanted calls with the “Verification Status” icon. Jane built trust with customers and partners by ensuring that outgoing calls were authenticated and trusted.
Helpful Terms to Know About STIR/SHAKEN
- Attestation: Attestation refers to the process of verifying the authenticity of an incoming or outgoing call. This is typically done by assigning a score to the call, based on factors such as the caller identity information and the reputation of the originating phone number.
- Call validation status: The call validation status refers to the result of the verification process for a specific call. This status can be “Pass”, “Fail”, or “Partial”, depending on the outcome of the verification test.
- Robocall mitigation: Robocall mitigation refers to the measures taken to reduce the volume of robot calls that users receive. This security tactic is one example of a robocall mitigation technique, as it can help to filter out spam and fraudulent calls based on their likelihood of being legitimate.
- Call blocking: Call blocking is a feature that allows users to block specific phone numbers or types of calls from reaching their telephone system. This can be an effective way to reduce the volume of unwanted calls and spam that users receive.
Is STIR/SHAKEN Required by Law?
United States
In the United States, the TRACED Act was passed in 2019, which mandates the implementation of this security tactic for all telephone service providers. The law requires that providers implement a robocall mitigation program that includes the use of this safety measure tactic and provides penalties for noncompliance. The Federal Communications Commission (FCC) is responsible for overseeing and enforcing compliance with the law.
Canada
In Canada, the Canadian Radio-television and Telecommunications Commission (CRTC) has implemented regulations requiring the use of this security tech by telecommunications service providers. The regulations aim to reduce the number of nuisance calls and improve call transparency and accountability. You can find more information about the CRTC’s regulations on the use of this security tactic on their website:
Other countries
While this security measure is currently being implemented in the United States and Canada, other countries may also adopt the technology in the future as part of their efforts to combat robocalls and improve call transparency. However, the use of this security tech may vary depending on local regulations and infrastructure.
How Businesses Can Prepare for STIR/SHAKEN Implementation?
- Verify your caller identity information: Ensure that your caller identity information is accurate and up-to-date, as this will be used to authenticate your outgoing calls. If it’s incorrect, update it with your service provider.
- Review your call handling processes: Take a close look at how your business handles incoming and outgoing calls, and make sure that your processes align with these security tactic requirements. This may involve changes to call routing, call screening, or other call handling procedures.
- Educate your team: Educate your team members on the benefits and requirements of this security method implementation, as well as any changes to call handling processes that may be required. This will ensure that everyone is aligned and working towards a common goal.
- Choose a reliable STIR/SHAKEN solution: Select a reputable provider that can offer the necessary support and resources for successful implementation. Make sure the provider aligns with your business needs and goals.
Ready to Start Using STIR/SHAKEN Technology?
While there are many different programs that provide STIR/SHAKEN services, MightyCall offers a superior solution with a range of advantages. With a large number of internal settings and an easy-to-use interface, our program makes it simple and straightforward for businesses to implement and benefit from the technology. Whether you’re looking to reduce the volume of unwanted calls or build trust with your customers and partners, MightyCall can help you achieve your goals.