STIR/SHAKEN: What Business Owners Need to Know

In 2022, U.S. consumers received over 50 billion robocalls. Caller ID spoofing is a genuine concern for businesses and consumers. Spoofing is the practice of disguising a phone number to appear as coming from a different source. Unfortunately, the growing prevalence of spoofing can lead to confusion and mistrust between companies and their customers. The FCC has taken steps to combat this problem, and on June 30, 2023, the STIR/SHAKEN protocol to verify call authenticity became mandatory for phone service providers.

These two complementary protocols were created to provide a secure and trustworthy means of verifying caller identity.

It uses digital certificates to authenticate the caller ID information on a call. Each telephone service provider obtains a digital certificate from a trusted certificate authority. When a call is made, the originating service provider uses its digital certificate to sign the caller ID information. The terminating service provider can verify the signature using the certificate authority’s public key. The terminating service provider will display the caller ID information on the recipient’s phone if the signature is valid. If the signature is invalid, the terminating service provider may display a message indicating that the call is likely to be fraudulent.

STIR/SHAKEN is a protocol used by telecommunication providers to authenticate phone calls and prevent spoofing.

STIR is an acronym for Secure Telephone Identity Revisited. STIR was developed by the Internet Engineering Task Force (IETF) in February 2018 as an update to previous robocall legislation. SHAKEN stands for Signature-Based Handling of Asserted Information Using Tokens. It was developed by the SIP Forum and the ATIS (Alliance for Telecommunications Industry Solutions) in response to the STIR regulations.

The STIR/SHAKEN framework is not a perfect solution to caller ID spoofing.

However, it is a significant step forward in the fight against robocalls and other forms of fraud. The STIR/SHAKEN framework is only operational on IP networks. Hence, the FCC also requires providers using older forms of network technology to either upgrade their networks to IP or actively work to develop a caller ID authentication solution that is operational on non-IP networks.

These two complementary protocols were created to provide a secure and trustworthy means of verifying caller identity.

It uses digital certificates to authenticate the caller ID information on a call. Each telephone service provider obtains a digital certificate from a trusted certificate authority. When a call is made, the originating service provider uses its digital certificate to sign the caller ID information. The terminating service provider can verify the signature using the certificate authority’s public key. The terminating service provider will display the caller ID information on the recipient’s phone if the signature is valid. If the signature is invalid, the terminating service provider may display a message indicating that the call is likely to be fraudulent.

The STIR/SHAKEN framework is not a perfect solution to caller ID spoofing.

However, it is a significant step forward in the fight against robocalls and other forms of fraud. The STIR/SHAKEN framework is only operational on IP networks. Hence, the FCC also requires providers using older forms of network technology to either upgrade their networks to IP or actively work to develop a caller ID authentication solution that is operational on non-IP networks.

Advantages of STIR/SHAKEN for your business include:

  • Greater spam protection. 

For example, this technology flags numbers as “Spam Likely.” This gives the recipient the option to not answer. Unfortunately, some of those numbers are reputable companies trying to reach the end user, so this call authentication technology still has room for improvement. The tangible difference the STIR/SHAKEN protocol makes is providing additional information about the source of the communication so one can accept, reject, or block the caller. Gabbit’s protocols will significantly lower your stakeholders’ chances of receiving dangerous spam calls.

  • Reduced robocalls. 

No one wants to hear an automated message when they answer the phone. Robocalls are not only annoying; they can reduce office productivity. Gabbit’s clear VoIP service with STIR/SHAKEN protocols dramatically reduces the number of robocalls your employees have to answer so that they can use their time for better things.

  • Protection of your business reputation. 

Your business gains back valuable time and resources with reduced robocalls and spam, but STIR/SHAKEN also protects your business telephone number from being spoofed, as well. If scammers use your business number to make those spoof calls, the business reputation you meticulously built can be adversely affected. Your customers might lose trust and question if their sensitive information can also be at risk. Significant resources would be required if you had to change your business phone number after it was compromised. STIR/SHAKEN and other security protocols included with your cloud-based communication services from Gabbit keep your phone numbers from falling into the wrong hands.

STIR/SHAKEN’s mandatory implementation is recent, and time will increase its positive effect on reducing fraud in the telecommunications industry.

Choose a VoIP provider that understands
your security needs and provides exceptional service.

Gabbit gives enterprise-level features with superior cloud phone technology at a fraction of the cost of traditional phone systems. Choose the efficiency, scalability, and reputation-building service of Gabbit VoIP. Contact Gabbit today at 1-855-542-2248.