STIR/SHAKEN Protocol in Calling: Everything You Need to Know

Topic: Esendex, Uncategorized

For those unfamiliar with STIR/SHAKEN, let’s start by explaining what these terms mean. STIR is short for Secure Telephone Identity Revisited. SHAKEN refers to the Signature-based Handling of Asserted Information Using Tokens.

Each of these is a technical framework that fights against spoofing. They do this by authenticating the number where a call is coming from.

The STIR/SHAKEN implementation date occurred on June 30, 2021. Esendex was prepared for the new STIR/SHAKEN protocol well before this date and offered all the necessary services to take advantage of.

We offer STIR/SHAKEN support for inbound calls and will validate the attestation of calls to our number in the United States. Calls that use our voice API will pass the verification level for STIR/SHAKEN as part of a webhook request to many URLs, such as hangup_url, fallback_url, and answer_url. In addition, we provide verification levels in the console and reports.

All outbound calls in the United States will be signed unless a rule is violated. Some examples include:

  • Calls that go against our usage policies
  • Calls that can be identified as unsolicited robocalls
  • Calls made by a client for which the Industry Traceback Group requests traceback.
  • Calls that have invalid caller IDs, such as those that have too many digits or are not in proper E.164 format

If any of the above situations occur, Esendex may stop signing the client’s calls. Since the calls will not be marked as verified, this can negatively impact your answer rates. In the worst-case scenario, calls may be marked as spam by the networks that receive them.

Outgoing Call Verification Levels

Whether you’re using STIR/SHAKEN on an iPhone or utilizing STIR/SHAKEN on an Android, the framework consists of a security telephony identity (STI) that a governing authority issues with a digital certificate.

An STI authenticator can assign three different attestation levels. The one provided depends on how confident the provider is that the owner of the number is the one making a call.

Esendex signs all your outbound calls as verified, which is attestation A, if you use a caller ID and Esendex DID. The DID must be rented by the same account, making the calls to other people. Other types of outbound calls, if they are signed, will be verified at attestation B or attestation C.

We highly recommend using our DIDs and caller ID for the best STIR/SHAKEN verification levels.

How Verification Status Connects to STIR Attestations

When you make an outbound call or take an inbound call with Esendex APIs, we’ll provide the verification level to you. It’s noted as a parameter known as Stir Verification, and you may see one of the three following values in its place:

  • Not applicable shows that STIR/SHAKEN doesn’t apply to the specific call. This might be seen if a call goes to a location outside the United States or a SIP or WebRTC cloud-based call.
  • Not verified indicates that the caller may not be verified in this call, or they may need access to the used caller ID or both simultaneously. If a call is noted as not verified, this means it has an attestation level of B or C.
  • Verified tells you the call is from someone who is verified and has access to the caller ID of their customer. This means the call should be treated with confidence. Attestation level A is the same as verified.

Procedures to Access Verification Status

Esendex’s voice customers have several ways to access their STIR verification statuses. We’ll explain the process below, and you can choose the one that best meets your needs.

If you use our services, you can access the verification values on the calls page of the console. This is part of the call logs. There are several ways you can access this information, as noted below.

Webhook Callbacks

A new verification parameter for STIR has been implemented into the JSON code that is sent out to several callback URLs, including:

  • Hangup_url
  • Fallback_url
  • Answer_url

The parameter is known as StirVerification and can come back as three values. These include verified, not verified, and not applicable.

In addition, a new parameter is available for the call_status_callback_url when taking part in calls with multiple parties. When the call initializes, not applicable is the only value listed. If the call is answered, ringing, or results in a hang-up, the values include the StirVerification parameter of CallUUID.

Voice API Call Object

Another way to reach STIR verification for calls is through the Get CDR API call response. This is known as the StirVerification parameter and can be listed as verified, unverified, or not applicable.

Upcoming Refinements to Attestation

Esendex considers more factors to create the ideal attestation level for outbound calls. A few of these include the following:

  • Know Your Customer (KYC) validation results will be available through the API and the console on Esendex.
  • Customers’ DIDs sourced outside of Esendex but whitelisted through our services. Whitelisting will be available in both the API and console.
  • The level of confidence Esendex has regarding customer traffic patterns as not fraudulent or unsolicited robocall traffic.

How to Reduce Spoofing

Phone spoofing can be used legitimately and legally. For instance, a business owner might spoof their office number to make a business call to a client from their smartphone after hours.

The problem is that scammers who do not want you to access their phone numbers can also use spoofing. They hide the real number and instead use one that is closer in location to the people the scammer is targeting.

Displaying your number or one in your area can make spam calls look more legitimate. This means a target is likelier to pick up the phone or respond. This can lead to a frustrating situation for the person who is victimized.

If a scammer spoofs your number, it can also make the number nearly impossible to use. You could start receiving dozens or hundreds of calls meant to go back to the person with the scam operation.

As we’ve talked about, STIR/SHAKEN protocols can be used to prevent this kind of behavior. There are other ways to prevent people from spoofing your phone, such as:

  • Notifying your mobile carrier
  • Increasing the security settings for calls
  • Changing or setting up a voicemail password
  • Creating a new voice message
  • Giving it a little time
  • Checking your phone bill
  • Changing your phone number

Connect with Esendex for All Your Business SMS and Call Needs

While STIR/SHAKEN SMS is not yet available, that could change. For now, using STIR/SHAKEN for phone calls will ensure people know you are who you say you are with a legitimate phone call for the recipient. Esendex can help yo u with that to make it easier to make business calls.

Esendex also offers ways to engage your clients or customers with reliability and confidence. We offer flexible SMS APIs, SMS and voice broadcasting, an SMS reseller program, and address and phone number verification APIs.

We’ve provided communication APIs since 1999 and count many of the world’s largest companies as our customers. We support all your communication channels with software and APIs. When you’re ready to streamline your communications, contact us about the many options available.

Author Avatar
Esendex US