What’s STIR/SHAKEN And Why Is It Important

Do you answer the phone when someone calls you from an unknown number? If you are like 81 percent of Americans, you likely won’t. People ignore unknown numbers for a variety of reasons, but the general worry is there’s either a robocall or that the person on the other end will try to scam them. And this is where the STIR/SHAKEN framework comes to save the day. Learn more about the latest strategies used by scammers and how VoipNow & Hubgets can help you outsmart them.

Why is STIR/SHAKEN important for business

Robocalls, spam and scam

The average person receives three to four spam calls each day. Unfortunately, scammers are getting smarter and continue to game the system to look legitimate. They will do anything to convince you to defy the odds and pick up the phone. Next, they will pretend to represent legitimate businesses in order to gain access to information or money (or both).

First, they need you to answer the phone in order to lure you into their traps. With more phone users ignoring unknown numbers, they have to get creative. Instead of ignoring a number that comes from an unknown area code or even a country, they’ll make you think the call is from a legitimate source.

Here are a few ways that scammers try to look legitimate:

  • Spoofing your local area code so you think the call is coming from someone nearby.
  • Mimicking numbers that reach a lot of customers (like the cable company).
  • Hiding the number and instead broadcasting names (like the local electricity provider).

Whenever the general public picks up on a scam tactic, these criminals change their strategies in hopes of catching people off guard. But as long as some people are picking up their phones, scammers still have a chance of stealing from them.

What do phone scammers want?

If you have the misfortune to pick up a scam call, you might speak with someone who pretends to work for a legitimate business. In the cable company scam, the caller might claim you have an unpaid bill in order to gain access to your credit card. The scammer could also ask for personal information and claim you qualify for faster Internet speed.

Know that if you pick up the phone and hear complete silence, you might still be part of their scam. Robots will call random numbers to see if a human will answer on the other end. Once the system confirms that you will answer, it will sell your number to scammers across the world.

With this constant influx of scammers testing phone lines, businesses and individuals need to be careful. This is where STIR/SHAKEN comes in.

STIR/SHAKEN to the rescue

The goal of the STIR/SHAKEN framework is to counteract robocalls and spam callers by catching caller ID spoofing on public telephone networks. Legitimate calls will pass through just fine, while scammers are caught and blocked, reducing the number of spam calls that travel across a network.

There are two different protocols included in this framework, namely:

  • STIR, or Secure Telephony Identity Revisited, targets end devices and provides callers with digital signatures that prove their validity.
  • SHAKEN, or Secure Handling of Asserted information using Tokens, allows the STIR protocols to be implemented on the carrier level.

Simply think of STIR/SHAKEN as being a virtual checkpoint to catch scammers.

To ensure the calling number of a phone call is valid, STIR/SHAKEN uses digital certificates based on common public key cryptography methods.

The service provider that originates the call receives a SIP invite and determines how to certify the call:

  • Full Attestation – The service provider authenticates the calling party and confirms they are authorized to use this number.
  • Partial Attestation – The service provider verifies the call origination but cannot confirm that the call source is authorized to use the calling number. An example would be a calling number from behind an enterprise PBX.
  • Gateway Attestation – The service provider authenticates the call’s origin but cannot verify the source. An example would be a call received from an international gateway.

Service providers add a digital signature in the invite packet for every call. Next, the terminating provider uses this SIP identity header to verify the validity before moving the call forward.

The STIR/SHAKEN diagram

By the time a call reaches the intended recipient, the calling number has been checked by every intermediary. It’s up to every provider to decide what to do with the call if the calling number does not match the signature.

Additionally, the STIR/SHAKEN can add a verstat string in the PAI (P-Asserted-Identity) header, assuring the call recipient that the number has already been vetted and verified.

The importance of STIR/SHAKEN

There are multiple benefits of using a communications system that implements the STIR/SHAKEN framework, like:

  • It helps both service providers and companies minimize telephony fraud. Which is not a small feat considering that telecommunications fraud caused a US $40 Billion business loss in 2021 alone.
  • At the same time, reducing the number of robocalls will decrease the number of answered spam calls. What’s more, this will also positively impact productivity because people won’t lose any more precious time with spoof calls.
  • By offering safer and more transparent communications services to their customers, service providers reduce churn and grow their revenue, while strengthening their business reputation.

And the beauty of this technology is that neither the caller nor the recipient will feel like the call takes longer to connect.

Protect your customers with VoipNow & Hubgets

The VoipNow & Hubgets platform fully supports the STIR/SHAKEN framework, both the authentication and the verification functionalities. You can read more about its implementation in this wiki article.

If you still use traditional phone lines and basic Internet systems for your team’s communication, your staff could fall victim to scams and other dangerous calls. Criminals are always looking for weak links in a company to steal information and money. Instead, better use an advanced communications platform like VoipNow & Hubgets.

If you are a service provider, keep your customers safe from scammers and robocalls, while reducing business risk and protecting your brand. Ask us more 🙂

Post A Reply