Reading time: 11 minutes

STIR SHAKEN Protocol: What You Must Know Before A2P Calls

author-sindhu-prabhu
By:
Published: Nov 27, 2023

How do you make sure your calls are seen as legit and spam-free? 

Between 2021 and 2022, within a period of 12 months, $39.5 billion was lost to phone scams in America! Understandably, any call from an unknown number or with the flag “potential spam” will alert people. You know you are not scamming, but your contact doesn’t; not yet. 

Thus, ensuring the trustworthiness of your calls has become paramount.

stir-shaken-protocol-total-americans-lost-money-to-scam-calls

The STIR SHAKEN Protocol, with its sophisticated mechanisms, is in place to maintain this trust between callers using dialers or VoIP systems and their contacts.

This blog post aims to demystify the STIR SHAKEN protocol and its role in the world of communication.

What is STIR/SHAKEN?

STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs), as recommended by the Internet Engineering Task Force, are key players in the battle against spoofed calls and fraudulent caller IDs.

STIR:

STIR is a set of protocols focused on digitally signing and authenticating caller ID information. The process involves adding a digital certificate to the Session Initiation Protocol (SIP) information that is used for initiating and routing calls in VoIP systems. 

The certificate includes the service provider’s identity and a trust value. The recipient’s VoIP software can then verify the authenticity of the message using the provider’s public key.

SHAKEN:

SHAKEN, on the other hand, is the framework or implementation of STIR across various voice service providers. It provides guidelines for public switched telephone networks, especially for non-VoIP systems like cell phones and landlines. 

SHAKEN outlines how to handle calls that may have incorrect or missing STIR information. This may involve additional information in the Caller Name (CNAM) indicating if the number has been spoofed.

How does STIR/SHAKEN work?

stir-shaken-protocol-how-it-works

STIR/SHAKEN operates on digital certificates using common public key cryptography to ensure the security of a telephone call’s calling number. Each telephone service provider acquires a digital certificate from a trusted certificate authority. 

Here’s a condensed summary of the call flow in a network:

  1. The originating service provider receives an SIP INVITE.
  2. The service provider determines the attestation level (A, B, or C) based on the authentication of the calling party and call origination.
  3. Using an authentication service, the originating service provider generates a SIP Identity header containing crucial details.
  4. The SIP INVITE with the SIP Identity header is sent to the terminating service provider, potentially using Out-of-Band SHAKEN for non-SIP segments.
  5. The verification service at the termination side checks the digital certificate of the originating service provider and undergoes a multi-step verification process. Verification includes decoding the SIP Identity header, validating the signature using the public key, and ensuring the certificate chain of trust.
  6. The verification results are communicated to the terminating service provider’s softswitch or SBC.
  7. If all verifications are successful, the call proceeds to the called party.

Now, considering the prevalence of robocalls, the STIR/SHAKEN protocol becomes crucial. Scamsters use robocalls to deceive recipients, increasing skepticism and concerns over call authenticity.

The addition of the digital signature serves as a robust mechanism to combat such fraudulent practices. This verified signature distinguishes genuine callers from fraudulent ones, keeping recipients safe.

What is a robocall?

A robocall is an automated telephone call that delivers a pre-recorded message to the recipient. These calls are often used for telemarketing, political campaigns, and emergency notifications. 

Does the STIR SHAKEN protocol apply to me?

If you’re the one making calls, be it A2P calls, robocalls, or VoIP calls, the STIR/SHAKEN protocol applies to you and is essential for maintaining trust among your contacts, especially when using various voice service providers. With SIP Trunking as the backbone of your call infrastructure, it provides a seamless and cost-effective way to communicate over the Internet.

So, as the caller, you enhance the credibility of your calls, reduce the likelihood of them being marked as spam or fraudulent, and improve your answer rate.

What is SIP Trunking?

SIP Trunking stands for Session Initiation Protocol Trunking. It’s a technology that allows businesses to make and receive voice calls over the internet using a protocol known as SIP. 

SIP Trunking eliminates the need for traditional phone lines, making communication more cost-effective and flexible. Gartner research director Sorell Slaymaker underscores the urgency of transitioning to SIP trunks, emphasizing the substantial cost savings potential—up to 50% compared to traditional PRI bills.

stir-shaken-protocol-traditional-phone-lines-vs-sip-trunking

Stir Shaken protocol: Attestation levels

Attestation levels in the Stir Shaken protocol refer to the degree of verification and trust associated with a call’s origin. These levels, A, B, and C, indicate different confidence levels in the authenticity of the caller’s identity. 

Here’s a brief overview of the attestation levels:

A-level attestation: At this level, the carrier identifies the caller and verifies that the caller has the legitimate right to use the provided phone number as the Caller ID for outgoing calls, particularly for robocalls. 

B-level attestation: B-level attestation indicates that while the caller is identified, there may be uncertainties regarding their authorization to use the specified phone number as the Caller ID for outgoing calls.

C-level attestation: This level, called Gateway Attestation, comes into play when the originating carrier cannot verify the call at Level A or B. In such cases, Level C is assigned, often associated with calls to international numbers. 

Important note: While A-level attestation enhances the trustworthiness of the call, it doesn’t guarantee that the number won’t be marked as spam. Spam identification involves multiple factors, and while attestation is a crucial element, other considerations, such as call behavior and user feedback, also contribute to spam detection mechanisms.

Why is STIR/SHAKEN important?

  • Robocall prevention: STIR/SHAKEN plays a vital role in identifying and blocking robocalls and protecting individuals from unsolicited and potentially harmful automated calls. In the first half of 2023, the top 7 US carriers saw a notable decrease in unwanted robocall traffic, with only 2% originating from these carriers, down from 8% in the same period last year.
  • Enhanced caller trust: When your recipient sees a call with a verified STIR/SHAKEN signature, they can trust that the caller’s identity is genuine, leading to more productive and secure communication.
  • Reduced scams: Scammers often rely on spoofed numbers to deceive recipients. STIR/SHAKEN makes it challenging for them to impersonate legitimate callers.
  • Legal compliance: In some regions, regulations require service providers to implement STIR/SHAKEN to combat illegal robocalls. 
  • Improved call delivery: Calls with a valid STIR/SHAKEN signature are more likely to be delivered successfully, reducing the risk of missed calls.

How do you register for STIR/SHAKEN?

To register for STIR/SHAKEN, you can turn to trusted service providers like CallHub. 

1. Where to apply: Create an account on CallHub. Activate SHAKEN/STIR compliance under Settings

stir-shaken-protocol-where-to-apply

2. What information you need to provide: Provide your company and business details, contact information, and the numbers you want to protect.

This includes

  • Organization type
  • Industry
  • EIN
  • Region of operations
  • Website URL
  • Social medial URLs (if any)
  • Caller ID (if needed)
  • Contact information of an authorized representative(s) of your organization

Important note: New survey data from TNS reveals that 78% of Americans express a higher willingness to answer calls when the Caller ID displays a business logo or name.

stir-shaken-protocol-what-information-to-provide

3. CallHub’s part in the registration process: After you submit the details, they’re sent to the carriers for verification. Upon approval, you’ll receive an email confirming the enablement of SHAKEN/STIR on your CallHub account.

CallHub will assist you throughout the registration process, helping with the necessary documentation and requirements.

 

4. Expected timeline: The registration process may take 4-6 business days.

 

5. What attestation level you may expect: The default attestation level is B.

Why was my STIR/SHAKEN registration rejected?

stir-shaken-protocol-common-factors-leading-to-application-rejection

Common factors leading to rejection of STIR/SHAKEN registration may include 

  • Incorrect or incomplete contact information.
  • Inability to verify the “Authorized Representative” or the “EIN”. 
  • Incorrect organization name or business type.

If your registration is rejected, work closely with your service provider, like CallHub, to address the issues and reapply. If you’re a CallHub user, email [email protected], and they’ll handle the re-submission to the carriers on your behalf. 

The STIR SHAKEN protocol is a pivotal technology in the ongoing battle against fraudulent calls and robocalls. Understanding its functions, importance, and registration process secures your communication channels and helps you make more trustworthy calls. 

Partnering with a reliable service provider like CallHub is the first step towards a safer and more secure calling experience. 

Featured image: Photo by Kampus Production

Categories:
Your subscription could not be added. Please try again.
You're now a CallHub Insider.

Become a CallHub Insider

Join our community of insiders for a front-row seat to invaluable resources! Get updates on our latest blogs, webinars, and insider tips delivered directly to your inbox.