How does the SHAKEN/STIR protocol work?
SHAKEN/STIR uses digital certificates based on common public key cryptography techniques to ensure the calling number is secure and combats caller ID spoofing on public telephone networks. Through the handoff of phone calls passing through the complex web of networks, it allows for the carrier of the party receiving the call to verify that a call is in fact from the number displayed on Caller ID. In short, it verifies the authenticity of the call.
SHAKEN is short for Signature-based Handling of Asserted information using tokens.
STIR is short for Secure Telephony Identity Revisited.
Why enable SHAKEN/STIR?
Some carriers may flag incoming calls as 'Spam Risk' or 'Potential Spam' but this isn't always the case. Below are a few reasons why a carrier would flag a number as spam.
1.) The number of calls per hour and/or number of calls per day that are being made by a single number. If a carrier detects high activity with a number, they will likely assign a flag to the number.
2.) The rate of successful connections
3.) Whether or not (and how often) recipients of calls from that number have reported the number as spam or as being used as part of a scam
4.) The number was erroneously flagged as spam.
Every carrier has different thresholds for what is considered spam and monitors call behavior in different manners. The best practice to avoid being flagged is to follow ethical calling guidelines. Once SHAKEN/STIR has been enabled, it should significantly reduce the amount of outbound calls being reported as 'Spam Risk' or 'Potential Spam'
For more information on SHAKEN/STIR on FCC's website, click here.
How the receiving carrier attests the validity of a number.
The originating carrier checks the call source and calling number to determine how to attest for the validity of the calling number. Attestation is a three level system that characterize a caller’s right to use a particular number.
Full Attestation (A) — The service provider has authenticated the calling party and they are authorized to use the calling number. An example of this case is a subscriber registered with the originating telephone service provider’s softswitch.
Partial Attestation (B) — The service provider has authenticated the call origination, but cannot verify the call source is authorized to use the calling number. An example of this use case is a telephone number behind an enterprise PBX.
Gateway Attestation (C) — The service provider has authenticated from where it received the call, but cannot authenticate the call source. An example of this case would be a call received from an international gateway.
What information is needed to enable SHAKEN/STIR?
Send an email to firstname.lastname@example.org with the following information.
Legal Business Name:
Business Type (Sole Proprietorship, Partnership, Corporation, co-op, LLC, non-profit):
Business Registration ID Type from the following:
Business Registration Number:
Contact Full Name:
Contact Phone Number:
List of Ring.io phone numbers that need SHAKEN/STIR enabled:
What happens after we provide all the information your carrier requires?
Our team will create a unique profile using the business information provided. Once the profile has been created and approved, the phone numbers will be added to the SHAKEN/STIR table. This process should take no more than 5 business days. We will keep you updated throughout the entire process.
If you have further questions about SHAKEN/STIR, please contact our support team here.