Spam, unsolicited robocalls from marketers, and fraudulent tactics have been eroding trust amongst consumers — to the extent that most people nowadays simply won’t answer when their phone rings with an unknown number on the caller ID. The situation has become so acute that it has led to the universal imposition of a technology standard and communications security framework known as STIR/SHAKEN.
What is STIR/SHAKEN?
Under the authority of the Federal Communications Commission (FCC), the STIR/SHAKEN framework has been adopted to impose call authentication technology on Voice over Internet Protocol (VoIP) calls and business communications in North America. For its legal basis and with effect from June 30th, 2021, the TRACED Act requires voice service providers to implement the STIR/SHAKEN authentication framework on all IP networks. All telecommunications industry stakeholders in the IP space have been obliged to block unsigned calls as from September 2021.
In essence, the STIR/SHAKEN legislation is intended as protection for consumers, by making it significantly more difficult for bad actors to employ call spoofing (making it appear that a call originating from one source actually comes from another) as a tactic to commit fraud.
More broadly, the FCC STIR/SHAKEN mandate creates the USA standards that enable Communications Platform as a Service (CPaaS), Unified Communications as a Service (UCaaS), and Call/Contact Center as a Service (CCaaS) providers and end-users to verify that a call is really from the number shown on the Caller ID.
[Image source: GetVoIP]
STIR/SHAKEN derives its name from the combination of two acronyms.
STIR is an acronym for the Secure Telephone Identity Revisited (STIR), while SHAKEN is an acronym for Signature-based Handling of Asserted Information using ToKENs (SHAKEN).
STIR creates a digital signature for each call, which identifies the calling party and allows the carrier to verify the call. SHAKEN is the framework under which authorized telecommunications service providers must digitally “sign” their customers’ calls. Any carrier that fails to identify who their customer is faces the prospect of losing their ability to sign future calls.
How STIR/SHAKEN Works
There is a lot of confusion surrounding the latest STIR/SHAKEN requirements. This new regulation is creating havoc for companies across all industries.
[Image source: Caller ID Reputation]
In principle, during a STIR-SHAKEN call, the originating service provider attests via data in the SIP header to their relationship with the caller and the caller’s right to use the calling number. A SIP Identity header relays a secure digital token which is verified and authenticated to ensure that the call origination information is accurate. This procedure helps to eliminate spoofed calls, since carriers cannot verify their source.
Central to this STIR/SHAKEN security protocol is the Attestation Level, which essentially corresponds to the level of trustworthiness of a particular call. There are three levels, as follows:
- “A” Attestation — Full: Here, the voice service provider knows the end-user customer and their right to use the phone number. Having fully authenticated the customer initiating the call, it may be considered “safe”.
- “B” Attestation — Partial: The voice service provider knows the end-user customer but not the source of the phone number. Here, the carrier has confidence in the caller’s identity, but not in their right to use caller ID information presented.
- “C” Attestation — Gateway: The service provider has originated the call onto the network but cannot authenticate the call source e.g., an international gateway. In this case, the carrier knows nothing about the call and will likely block it.
What This Means for Call Centers
While other channels such as email, SMS text messaging, and web chat continue to gain traction for business communication, the phone remains crucial to customer service and high-priority interactions.
Since business-related phone numbers may not be immediately familiar to the consumer, blocking via STIR/SHAKEN has the potential to leave customers dissatisfied, if they are unable to receive vital information from the brands they deal with. Organizations may be unable to achieve their business goals, if a crucial avenue of communication with consumers (i.e., the phone) fails to connect.
At a micro level, the business may experience an increase in its operating costs, if repeat dialing becomes necessary to reach reluctant consumers. At a macro level, failure to communicate may lead to a significant decline in the organization’s customer base and overall revenue. After all, if you can’t even reach your potential and existing customers, it’s impossible to sell products or services to them.
Commercial organizations in the age of STIR/SHAKEN must also take into consideration the call architecture that they use. For example, many call centers use least call routing to reduce costs. However, this method of routing calls through several networks could potentially lead to blocking by carriers that assign them a C Attestation rating.
As with all new developments in communications and cybersecurity, bad actors are modifying their techniques in response to the new challenges they face. For example, with STIR/SHAKEN making it more difficult for spam calls to reach their destinations, some fraudsters and illegitimate call centers are using spam text messages as a way to contact consumers.
On the positive side, STIR/SHAKEN authentication with its Attestation Levels gives contact centers and call centers an important additional data element to use in establishing trust with callers. Besides making it easier to identify trusted calls, authentication allows enterprises to focus their fraud-fighting efforts on calls that do not receive strong STIR/SHAKEN attestations.
To this end, Forbes advises enterprises that are looking to benefit from STIR/SHAKEN in their inbound operations to have their carriers and partners add STIR/SHAKEN data into the SIP headers of all inbound calls.
For outbound call centers and business communications, STIR/SHAKEN offers a valuable opportunity for organizations to establish strong Attestation Levels that show consumers they are legitimate callers. Businesses that adopt communications practices and call architecture to avoid being wrongly labeled as “spam” or “scam” can achieve strong Attestation Levels that enable them to maximize call answer rates, protect their brand reputation, and successfully execute outbound calling campaigns.
How to Optimize Your Attestation Level with IDT's Free STIR/SHAKEN Tool
For contact centers and businesses looking for a better level of customer response to their inbound and outbound calls, IDT offers a free tool to check attestation levels and certificates – STIR / SHAKEN – BYOC. With DIDs that meet STIR/SHAKEN requirements, you can easily build trust in your brand and DIDs, and improve your customer engagement and retention.
The BYOC STIR/SHAKEN Verification Tool eliminates the confusion surrounding STIR/SHAKEN attestation, helps you build trust and confidence in your voice calls, and makes it easy to do bulk verification on all of your DIDs. The BYOC STIR/SHAKEN Verification Tool is the only tool that is easy to use, checks multiple numbers, and gives you a thorough review of your certificate levels! It all adds up to improving customer engagement and end-user call experience.
The STIR/SHAKEN verification tool is versatile. It can be used by end- enterprises/companies and UCaaS/CPaaS/CCaaS providers alike! The tool enables you to:
- Check STIR/SHAKEN on bulk DIDs
- Troubleshoot any issues
- Get recommendations on fixes
- Verify that the fixes worked
This tool ensures that:
- Your voice calls have high answer rates
- Your carriers are not rejecting your calls due to low certificate levels
- Calls are not branded as spam/untrustworthy
All of these can harm the performance of your app as well as customer retention. What’s more, low STIR/SHAKEN attestation levels can jeopardize your call answer rates and thus result in lower revenue!
The solution? Start cleaning up your DIDs now, with the BYOC STIR/SHAKEN Verification Tool.
If you have any other issues with STIR/SHAKEN or simply require advice and assistance, get in touch with us at IDT.