STIR/SHAKEN is a set of standards used in telecommunications to combat robocalls, improve call authentication, and enhance caller ID functionality.
Introduction
These technologies are essential for telecom companies to implement to protect their customers from fraudulent and malicious activities while ensuring the integrity of their voice services.
What is STIR/SHAKEN?
STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) are protocols designed to authenticate phone calls and ensure the caller’s identity is properly verified. These technologies work together to create a more secure environment for businesses and consumers by reducing illegal and fraudulent robocalls, a significant issue in the telecom industry.
- STIR (Secure Telephone Identity Revisited):
- A technology framework that allows the caller’s identity to be verified by generating a unique cryptographic signature. This signature is attached to the call, and the receiving network can check the validity of the signature to confirm the caller’s identity.
- SHAKEN (Signature-based Handling of Asserted Information Using toKENs):
- A set of protocols is used to handle and exchange the STIR information. It outlines how secure, cryptographically-signed data should be transmitted through telecommunication networks to authenticate the call.
Key Components of STIR/SHAKEN
- Identity Assertion:
- When a telecom service provider receives an incoming call, it checks the calling party's identity by comparing the phone number with records stored in its system.
- Signing the Call:
- After identity verification, the provider signs the call with a cryptographic token that contains data about the calling number and the caller's identity. This digital signature is attached to the call.
- Verification by the Receiving Network:
- Upon receiving a call, the destination network uses the STIR/SHAKEN protocols to verify the integrity of the signature and ensure that the caller’s identity matches the provided data.
- Call Classification:
- Calls are classified into three categories:
- A – Verified: The caller’s identity is confirmed, and the call is legitimate.
- B – Legitimate but unverified: The call is potentially legitimate, but the identity is not verified.
- C – Unverified or fraudulent: The call cannot be authenticated and may be fraudulent.
- Calls are classified into three categories:
Why is STIR/SHAKEN Important for Telecom Providers?
- Fraud Prevention:
- STIR/SHAKEN helps mitigate fraud by preventing callers from spoofing caller IDs. This is particularly crucial for telecom businesses that deal with customer trust and sensitive communications.
- Regulatory Compliance:
- Many countries have implemented or are considering legislation requiring telecom providers to adopt STIR/SHAKEN technology. Telecom companies must comply with these regulations to avoid penalties and to remain in good standing with regulatory bodies.
- Enhanced Customer Experience:
- With STIR/SHAKEN, legitimate calls are more likely to be delivered successfully, while fraudulent calls are filtered out. This improves customer trust and satisfaction, as they will be more confident in answering calls from legitimate sources.
- Brand Protection:
- For businesses using telecom services, implementing STIR/SHAKEN helps protect their brand from being misused by fraudulent actors. Calls made under their name will be authenticated, reducing the risk of brand damage due to robocalls or spoofing.
STIR/SHAKEN Implementation Process for Telecom Companies
- Upgrade Infrastructure:
- Telecom companies must update their call routing infrastructure to support the STIR/SHAKEN protocols. This includes integrating signature generation and verification systems.
- Partner with Other Providers:
- Telecom providers must coordinate with other operators to ensure cross-network authentication and proper call verification, particularly when calls are routed through different carriers.
- Testing and Validation:
- After the implementation of STIR/SHAKEN, telecom providers should conduct thorough testing to ensure the integrity of the system, ensuring that calls are properly signed and verified at every stage of the communication.
- Maintain Regulatory Compliance:
- Telecom companies must regularly update their systems to adhere to evolving regulatory requirements regarding STIR/SHAKEN adoption.
Challenges of STIR/SHAKEN Adoption
- Cost of Implementation:
- Adopting STIR/SHAKEN can require significant investment in upgrading telecom infrastructure, which may be challenging for smaller service providers.
- Interoperability:
- Ensuring that STIR/SHAKEN works seamlessly across multiple telecom networks can be challenging, especially if some operators have not yet adopted the protocols.
- False Positives and Call Blocking:
- Legitimate calls may be mistakenly flagged as fraudulent if the authentication process is improperly managed.
STIR/SHAKEN control in CAI
STIR/SHAKEN verification feature is available with Spam Guard, you can enable STIR verification for your account using this toggle, this setting is always enabled by default for new accounts, however, it can be toggled off by the admin users
STIR Verification levels:
There are two levels to decide the STIR verification strictness
A high verification level will not allow any call to pass through from a telephone number that is “Not verified” or had a “Failed Verification”, only calls from Verified phone numbers will be allowed to pass through.
A low verification level will allow calls to pass through from a telephone number that is “Not verified (yet)” or has a “Passed Verification”. Only calls from “Failed Verification” phone numbers will be blocked, this is a default setting that is applied to the incoming calls for the whole account.