So, what’s the FCC up to this time? Should you worry about James Bond shutting down your business?
STIR SHAKEN, often referred to as SHAKEN/STIR, is a series of protocols and procedures that help carriers validate the authenticity and legitimacy of a caller through an identity token that delivers trust-enabling information.
It’s inspired by James Bond and his “shaken, not stirred” martinis, although that’s where the similarities end. The complicated, if somewhat amusing, acronyms stand for:
- Secure Telephony Identity Revisited (STIR)
- Signature-based Handling of Asserted information using toKENs (SHAKEN)
The ABCs of STIR/SHAKEN Attestation Explained
The STIR system adds information to your SIP headers for identification purposes. This information contains:
- PASSporT header
- PASSporT payload
- PASSporT signature
- Encryption algorithm
- Location of certificate repository
The SHAKEN system passes STIR information through the network and to the user. Since STIR does not say what the information is or how it displays, the Alliance for Telecommunications Industry Solutions came up with SHAKEN.
Depending on the level of legitimacy, the system divides the numbers into three types:
- Full Attestation (Class A): when a SHAKEN STIR carrier knows the individual or the entity making a phone call, and they know the phone number or know the phone number belongs to the individual or entity, and that they are therefore authorized to use the number. The highest level of attestation that most people go to. Carriers label these calls as Class A.
- Partial Attestation (Class B): The carrier doesn’t necessarily have all the information. So, they might know the caller individual or entity and trust them, but don’t recognize the number and cannot attest that they are authorized to use that number for their calls. Carriers label these calls as Class B.
- Gateway Attestation (Class C): Basically, just a transiting call, an international number that did not originate on a known network. The carrier doesn’t know the customer. They can still say the call passed through the network. The service provider can see the location of the call they received, but they have no authorization for the source, nor can they verify if it is authorized to use the number. Carriers label these calls as Class C.
10 Key Takeaways about STIR SHAKEN
Here are the most important points about SHAKEN STIR for businesses in the call center world:
- STIR SHAKEN is a way to create a trackable train of trust designed to authenticate calls through identity tokens and then deliver trust elements, like a green checkbox, to the called party.
- STIR SHAKEN is not yet completely implemented and many of the specifics will have to be worked out between carriers. Interoperability between carriers is still work-in-progress across the industry.
- The TRACED Act requires that carriers in the US take steps to implement STIR/SHAKEN in 2020 and have it ready by mid-2021, to be verified by the FCC.
- The CRTC (Canadian equivalent to the FCC) “expects” all providers to use SHAKEN STIR by September 30, 2020.
- In order for STIR/SHAKEN to function as intended, it must be active on both the originating service provider and the terminating service provider.
- SHAKEN STIR does not alter local caller ID or call labeling and blocking, despite being promoted as an “anti-spoofing” protocol. It just adds an extra layer of trust that affects illegitimate callers. Even if a business takes the necessary steps to have their numbers fully authenticated and ready for SHAKEN STIR implementation, their calls might still show up as “fraud” or “scam.” STIR/SHAKEN is completely separate from the call labeling and blocking ecosystem (which relies on consumers reporting fraudulent numbers as opposed to a token system that automatically gathers the necessary information in order to display a level of trust).
- STIR SHAKEN does not work with old landlines. If you know people who might be vulnerable to robocalls, make sure they have a digital landline. Analog systems cannot leverage SHAKEN STIR because there is no infrastructure in place to enable that.
- Nobody promoting “full attestation” is actually telling the truth. There is no way to guarantee that the old numbers businesses provide are able to be authenticated. Nor is there a way to guarantee that all terminating service providers are using the STIR/SHAKEN protocol so that the attestation is passed down. This is something that the working groups with STIR/SHAKEN are still trying to solve.
- The best you can get is a knowledgeable group of engineers and support staff that can work with you through your numbers to manually attempt to assure full authentication for each and everyone or remove and replace those that cannot be fully authenticated.
- NobelBiz offers exactly that. We can work with you to find a process to attest your numbers, like waiting for a proper setup to come down the pipeline from the regulatory or the working groups (that are trying to figure out how to pass attestation down). If that doesn’t work, we can convert it to a manual tactic for attestation for each of your numbers. And if that still doesn’t work, we can offer you new numbers.
Now that you read the basics, feel free to schedule an appointment with one of our STIR/SHAKEN experts through the form below. Make sure to mention STIR/SHAKEN in the “information you want to receive” box.
We’re not going to promise you the moon and then fail to deliver. We promise to help get all your numbers fully authenticated, and if we hit a hurdle, then we’re going to work together in trying to solve it.