Why Is STIR/SHAKEN Compliance Important for Your Business?

Voice providers are becoming STIR/SHAKEN compliant by using an industry standard for caller ID authentication. The goal is to reduce the number of illegal robocalls – which are a problem whether you’re at home, using your cell phone, or at work.

Some robocalls are legitimate. Your pharmacy may initiate a robocall to notify you that a prescription is ready, or the American Red Cross may initiate a robocall to let you know about a local blood drive. On the other hand, scammers use robocalls to swindle people out of their money, and the problem is getting worse:

• Transaction Network Services identified 78.9 billion robocalls in 2021. This was a slight increase from 2020, but much lower than the 106.9 billion in 2019 before the pandemic.¹
• In the first six months of 2021, scam calls cost Americans $29.7 billion.²
• In 2021, robocalls made up 60% of scam calls, which was a 60% increase over 2020.²

Many scammers have learned how to spoof caller IDs to trick people into answering their calls. The call may look like it’s coming from a local area code, a well-known company, a bank, and even the IRS. The FCC got involved to mitigate the problem by requiring that voice providers implement STIR/SHAKEN to identify spoofed caller IDs.

On June 30, 2021, the FCC announced that this new protocol is being used by the largest voice service providers in the internet protocol (IP) portions of their networks. The FCC extended the deadline for STIR/SHAKEN compliance to 2023 for providers with fewer than 100,000 subscribers. However, they are considering shortening that extension for some of those providers because they’re seeing a large and growing number of illegal robocalls originating from that group.³

There is some confusion about what STIR/SHAKEN is and why it’s important. This blog will address those two topics.

What Is STIR/SHAKEN?

STIR/SHAKEN is a set of standards that voice providers must implement. STIR stands for Secure Telephone Identity Revisited, and SHAKEN stands for Signature-based Handling of Asserted information using toKENs. Let’s take a look at each of these.

STIR is the product of an Internet Task Engineering Force (IETF) work group. The group defined protocols to create a digital signature used in VoIP phone calls in 2018. The protocols assist in verifying and authenticating the calling party’s identification.

SHAKEN defines how service providers implement STIR technology. It sets standards for implementing STIR protocols and defines how providers handle STIR-authenticated calls.

How does STIR/SHAKEN work? Here’s a basic explanation. When a call is initiated, the VoIP provider looks at the telephone number and the session initiation protocol (SIP) invite, and assigns an attestation level:

• Level A: Full attestation indicates that the provider can verify that the caller is allowed to use the telephone number.
• Level B: Partial attestation indicates that the provider can confirm the call origination but can’t determine if the caller is authorized to call from that number, as in the case of an enterprise PBX.
• Level C: Gateway attestation indicates that the provider can confirm where it received the call from, such as an international gateway, but can’t verify that the source of the call is authorized to call from that number.

Once the attestation level is assigned, the provider creates a SIP header that includes information such as the caller and recipient’s telephone numbers, a timestamp, and the attestation level. The provider sends the SIP header to the receiving provider that reads the header and sends it to a verification service. The service does its own testing, including searching through known spam databases and comparing the data to information provided by other service providers. If the identity of the caller is authenticated using STIR/SHAKEN standards, the call is routed through to the recipient.

VoIP is more powerful when it is used as a part of a unified communications system. Unified communications as a service (UCaaS) is a cloud methodology that transforms the way organizations communicate by combining all methods of digital communication into a common platform.

Learn more about the benefits of UCaaS in our white paper

Why Is STIR/SHAKEN Compliance Important?

STIR/SHAKEN compliance is important enough for the FCC to take a regulatory stand by requiring compliance from providers. It will provide a number of benefits.

• Americans will be better able to avoid being victims of scammers using spoofed robocalls and give them confidence that their callers are who they say they are. And, fewer scam calls will result in less frustration and annoyance.
• You’ll be able to ensure that your employees aren’t going to answer a series of phishing calls. This will improve productivity and security. VoIP security is critical in today’s business environment. You may be familiar with phishing emails and the fact that approximately 25% of data breaches involve phishing emails.⁴ Voice phishing is another real threat since scammers may call your employees to try to obtain confidential personal or business information.
• When you choose the right VoIP provider that is STIR/SHAKEN compliant, you can be sure that your outgoing telephone calls won’t be blocked by the networks.

Make Sure Your Providers Take STIR/SHAKEN Compliance Seriously

VoIP provides businesses of all sizes and in all industries with the features, flexibility, and scalability that help you compete in today’s digital environment. But since regulations are changing, you also need to work with a VoIP partner that can protect you and your employees and increase your security.

Access One’s VoIP services give you the leading-edge technology you need to help grow your business. If you have questions about STIR/SHAKEN for your company, or questions about VoIP in general, don’t hesitate to contact the experts at Access One.

Sources

1 | https://www.gsma.com/membership/resources/tns-2022-robocall-report-robocalls-were-up-in-2021-but-top-us-carriers-arent-to-blame-2/

2 | https://www.comparitech.com/blog/information-security/phone-spam-statistics/

3 | https://docs.fcc.gov/public/attachments/DOC-373714A1.pdf

4 | https://expertinsights.com/insights/50-phishing-stats-you-should-know/