Blogs /
  • Stir/Shaken
  • Stir/Shaken

    April 23rd, 2021

    We are pleased to announce the launch of Voxtelesys STIR/SHAKEN (S/S) Carrier Signing Service. Voxtelesys is an S/S signatory and will sign S/S certificates on our customers’ behalf. Signing outgoing phone calls for customers will ensure their calls get the right level of attestation so that call recipients feel confident in answering them. Also, validating the level of attestation on all incoming phone calls will provide customers with the necessary information to determine whether to answer, ignore, or block incoming calls.

    Voxtelesys implements STIR/SHAKEN

    Voxtelesys’ compliance team is making S/S process as seamless as possible for our customers. We believe that S/S is crucial in preventing illegal calls or deceptive behavior like caller ID spoofing, and we’re excited to join the fight against illegal robocalls.

    The rising number of unwanted calls and illegal robocalls in the U.S. is causing a loss of trust in voice calling. Americans were hit by over 40 billion robocalls in 2020, with about 40% of those calls thought to be fraud-related. As annoying as these calls are for people who receive them, they’re even more detrimental for businesses that are trying to reach people with pertinent information. Many of these robocalls use caller ID spoofing, phone numbers that belong to someone else. Caller ID spoofing hurts legitimate businesses by making call recipients less likely to pick up any calls.

    To overcome the influx of spam calling in the service providers network, the Federal Communications Commission (FCC) has issued rules requiring voice service providers to implement the S/S call authentication framework and other robocall mitigation practices. The two new standards: STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using tokens) standards. Together, these two standards create the framework to ensure every SIP-signaled call has a certificate of authenticity attached. This is a digital signature that allows service providers to verify caller ID to mitigate unwanted robocalls and prevents bad actors from using Caller ID spoofing. The Federal Communications Commission (FCC) has set a deadline for voice service providers to implement robust call authentication by adopting S/S standards targeting by June 30, 2021.

    What is STIR/SHAKEN?

    S/S are acronyms for the Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using Tokens (SHAKEN) standards. They’re technical frameworks that measure trust in the displayed caller name and number by authenticating the calling number. Together they work in a way similar to attesting to the identity of the caller with a digital certificate. In the S/S framework, a secure telephony identity (STI) governance authority issues digital certificates to carriers or others who own or are assigned dedicated telephone numbers. The private key associated with a digital certificate is then used to sign a VoIP call, thereby indicating that the calling party number is who they claim to be.

    The level of attestation provides the mechanism for carriers to communicate about a calling phone number’s legitimacy. There are three attestation levels that can be assigned by an STI authentication service, which represent how confident a service provider is in that the number’s owner is truly the one placing the call. A service provider is defined as a business that offers digital telecommunications services based on Voice over Internet Protocol (VoIP) that are provisioned via the Internet.

    Full attestation (A) — the service provider has authenticated its relationship with the customer making the call and the customer is authorized to use the calling number.

    Partial attestation (B) — the service provider has authenticated its relationship with the customer making the call, but cannot verify that the customer is authorized to use the calling number.

    Gateway attestation (C) — the service provider has authenticated that it has placed the call on its network, but has no relationship with the originator of the call (for example, a call received from an international gateway).

    When someone receives an authenticated call, they may be notified with a verification keyword or symbol on the incoming call display. If a call cannot be verified (attestation C or no attestation), it may be blocked or the consumer may be warned on their caller ID screen of a potential scam call. The purpose of notifications is to allow people who receive calls to decide whether they wish to answer, ignore, or block a number.

    If you’re a business, these changes should help you feel more empowered and increase the chances of your calls being answered by recipients.

    As a customer of Voxtelesys, your calls will get signed automatically with the appropriate attestation level and delivered with a certificate and will help the called party determine legitimate calls for unwanted or illegal robocalls.

    How will consumers be impacted by S/S?

    As more voice carriers roll out S/S, phone numbers and source of calls will be verified. When a call is validated, the consumer will be notified with a verification keyword or symbol on the incoming call display. If the call cannot be verified, the call may be blocked or the consumer notified on their caller ID screen warning of a potential scam call. The purpose of notifications is to allow consumers to decide whether they wish to answer, ignore or block the number. With S/S and other anti-robocall protections in place to stop scam calls, consumers should feel more confident and empowered about only answering the calls they do want to receive.

    Does Stir/Shaken apply to SMS?

    Currently, S/S applies to phone calls only. However, work is ongoing in the communications industry to evaluate the best authentication method for SMS / text messaging.

    Will Voxtelesys verify outbound calls without customers having to implement Stir/Shaken?

    Yes, originating and terminating carriers that have S/S enabled on their network will evaluate all calls from every outbound number without the business having S/S implemented.

    Will Stir/Shaken protect business phone numbers and brand names from being abused by spoofers?

    Yes S/S will help prevent illegal call spoofers from abusing brand reputations and unlawfully utilizing phone numbers on the Caller ID that are not registered to them.

    Does Stir/Shaken caller ID verification process apply to both U.S. and Canada?

    Yes, both American and Canadian legislators/regulators have required that carriers adopt S/S call authentication solutions. However, the U.S. and Canada have different legislative timelines for implementation. Tier one carriers in the U.S. have begun rolling out S/S capabilities, while leading Canadian operators are testing S/S implementations.

    Will Voxtelesys sign my calls with Attestation Level A?

    Yes, S/S has a three-level system to categorize the essential information about the caller into levels of “attestation” for the call. These attestation levels characterize a caller’s right to use a particular number. Full attestation, also known as “A-attestation,” has several requirements but provides the highest level of confidence by Voxtelesys. Customers meeting the below conditions will receive an A-Attestation.

    1. Customers' calls that originate on the Voxtelesys network.

    2. Customers' CLID is a phone number on record with Voxtelesys.

    3. Customer is known to Voxtelesys and is located in the U.S. or Canada.