What is STIR/SHAKEN Compliance and Why Is It Important

Companies and call centers that use a phone to connect with clients must have their calls answered and delivered. Although it may seem easy, businesses around the world are finding it increasingly difficult to handle the billions of spam calls they receive.“According to CFCA, businesses lost $39 billion to spam calls in 2023.”

Ignoring them becomes difficult, particularly when they originate from numbers that appear authentic. While some of these calls are real, the majority are not.

Phone number authentication is important with Voice over Internet Protocol (VoIP) and will only become more difficult. A mechanism for verifying phone numbers before someone’s phone rings has been developed by the government, cell phone networks, and reputable VoIP service providers.

Phone call authentication ensures the caller’s identity through a technology called STIR/SHAKEN. Let’s discuss how this technology affects your company communications and how it combats robocalls and caller ID spoofing.

What is STIR/SHAKEN?

STIR/SHAKEN is a combination of two acronyms.

STIR

STIR stands for “Secure Telephone Identity Revisited”. It was established by the Internet Engineering Task Force (IETF), which specifies a signature to confirm the calling number and the transmission method in the Session Initiation Protocol (SIP). Its main goal is to add a digital certificate to the SIP data that VoIP systems use to make and receive calls.

SHAKEN

SHAKEN stands for “Signature-based Handling of Asserted information using tokens”. It integrates an automatic traceback capability with a trusted caller ID authentication procedure to decrease the impact of illegal spoofing. It also offers guidance for managing VoIP conversations that contain inaccurate or missing STIR data.

How STIR/SHAKEN technology works in call centers

To prevent phone number fraud, STIR/SHAKEN uses digital certificates. It conducts some security checks between service providers, assigns an attestation level, and confirms that the caller ID you see is authentic.

Let’s discuss it step by step.

1) The Call Initiation

A SIP INVITE, or request to initiate a call, is sent to the originating service provider when a call is placed. This is the foremost step to identify the legitimacy of the caller.

2) Assign the Attestation Level

After verifying the caller’s details, the service provider provides one of three STIR/SHAKEN attestation levels. We discuss these levels in detail in the next section.

3) Creation of Digital Signatures

A digital certificate is used to sign the caller’s identity and generate an SIP identity header.

This heading includes:

Making calls and dialing numbers
Timestamp
STRIR/SHAKEN Caller ID
Attestation level
Origination identifier

4) Transmission of Calls

The SIP Identity header and the call are transmitted to the terminating service provider. For non-SIP networks, the identity token may be delivered independently using Out-of-Band SHAKEN, if necessary.

5) Authentication and Verification

The terminating service provider obtains the digital certificate of the caller from an open source and confirms the following:

The SIP INVITE message is matched by the Identity header.
The digital signature is legitimate.
The chain of trust for certificates is unbroken.

6) Call Completion

The call goes to the recipient with a verified caller ID if all checks are successful. Should verification be unsuccessful, the call can be stopped or flagged as possibly spam.

Attestation Levels in STIR/SHAKEN

There are three levels of attestation in STIR/SHAKEN. Your phone provider assigns an “attestation level” to each call, which is basically a trust rating. The terminating provider uses the attestation level to decide whether to allow or block a call.

Level A (Full Attestation)

Your service provider is fully aware of your identity and verifies that you are authorized to use the number you are calling. This is called full attestation.

Level B (Partial Attestation)

In this level of attestation, the end user is verified by the service provider, but the source of the phone number is not.

Level C (Gateway Attestation)

The provider is only forwarding the call; they are unable to confirm your identity or determine if you are authorized to use the number.

This is a common situation with international numbers. The North American Numbering Plan (NANP) requires international call originators to provide domestic gateway providers with information and tools to confirm their calling identity.

However, working with carriers that can provide you with complete authentication is the ideal option if you want your calls to be trusted and answered.

STIR/SHAKEN Requirements

Phone service providers must register with the appropriate organizations and fulfill a few important FCC requirements in order to use STIR/SHAKEN.

So, they must have to:

Have updated the 499-A Form that is on file with the FCC.
Have a valid Operating Company Number (OCN)
Register in the FCC Robocall Mitigation Database (RMDB) to verify the actions they have taken to adopt STIR/SHAKEN and prevent robocalls.

Furthermore, to participate in the STIR/SHAKEN service, providers need to:

Register with the Policy Administrator (STI-PA), who authenticates the carrier.
Choose a Certification Authority (STI-CA) that ensures that certificate requesters are qualified and that the STI-PA has verified their credentials.
Get SPC TOKEN from STI-PA. This token enables CSPs to request a certificate.
Request a certificate from an authorized STI-CA. This certificate must digitally sign and authenticate calls.

What’s New in STIR/SHAKEN 2025

In accordance with its Eighth Report and Order, the FCC has established new rules. These new regulations will take effect on June 20, 2025. This also affects VoIP service providers that resell VoIP services in the United States.

The key change effective June 20th, 2025, is that providers with a STIR/SHAKEN implementation requirement should no longer depend on its upstream to sign calls on their behalf.

Moreover, providers will still need to update their Robocall Mitigation Plan in the FCC’s Robocall Mitigation Database, even if they are not required to deploy STIR/SHAKEN. Regardless of their STIR/SHAKEN implementation state, the FCC emphasizes that all providers need to accurately certify their positions.

However, if you are a VoIP reseller subject to STIR/SHAKEN requirements, you must do the following:

Get your own STIR/SHAKEN certificate and integrate the protocol into your infrastructure.
By the deadline of June 20, 2025, update your Robocall Mitigation Plan in the FCC’s database, explicitly indicating whether you have fully, partially, or not implemented STIR/SHAKEN and why.

If you are not currently required to implement STIR/SHAKEN, it is still strongly recommended that you update your mitigation plan to stay in compliance and remain open and transparent with FCC requirements.

Why STIR/SHAKEN is Important for Business Communication

Caller ID spoofing can have a significant effect on businesses in addition to being an annoyance for individuals. Scammers can harm your brand’s reputation, reduce the likelihood that your calls will be answered, and even have your company lines blocked when they use fake numbers.

However, implementing a STIR/SHAKEN compliance solution is essential.

Scam Call Types That STIR/SHAKEN Can Help Reduce

SHAKEN is a policy, while STIR is a technology. Together, they verify caller IDs and protect against various scams, such as

Robocalls

While some automated pre-recorded calls, such as payment reminders, are legitimate, many of them are frauds. This is the common approach used by scammers to make their calls appear legitimate. To prevent these fraudulent calls from reaching customers, STIR/SHAKEN robocall prevention labels or blocks them.

Vishing

Vishing is also known as “voice phishing.” In this type of scam, attackers use phone conversations to trick victims into exposing financial or personal information. Caller ID spoofing makes these calls seem to be from reliable sources.

STIR/SHAKEN prevents vishing and makes it simpler for people to recognize fake calls by ensuring that the caller has the right to provide caller ID information.

Phishing

Scammers pretend to be representatives of government organizations, banks, or credit card businesses and obtain private data, such as account numbers or passwords. These attacks can be avoided by using STIR/SHAKEN caller ID verification, which ensures that the caller ID corresponds to the real source.

Tech Support Scams

Scammers claim to be tech support representatives and state that there is a problem with your computer or software. They cheat individuals into installing malware. Compliance with STIR/SHAKEN helps identify fraudulent calls before they are received by possible victims.

Benefits of STIR/SHAKEN Compliance for Businesses

The purpose of STIR/SHAKEN is to distinguish between real and fake calls in order to avoid risky phone experiences. Here are some important advantages:

1. Boost Call Answer Rates

When customers are aware that the caller ID is authentic, they are more inclined to answer calls. Sales teams and outbound call centers should pay particular attention to this. Verified calls build trust and lessen customer doubt.

2. Reduce Spam and Robocalls

STIR/SHAKEN makes the business phone system more reliable and secure. It recognizes and prevents spam and robocalls. The VoIP provider tracks traffic trends, detects unlawful robocalls, and helps you take the necessary action.

3. Compliance with Regulations

The FCC in the U.S. is one of several governments and telecom authorities that have required VoIP operators to use STIR/SHAKEN. Companies collaborating with telecom providers must ensure compliance to avoid fines and preserve service quality.

4. Makes Caller IDs Trustworthy

Subscribers have more time to respond to real calls because they can distinguish between legal and spam calls.

Is STIR/SHAKEN Compliance Mandatory?

Yes, it is mandatory if you are a business owner who owns and uses U.S. phone numbers. STIR/SHAKEN must be followed if you are a U.S. phone provider or make outgoing calls using U.S. phone numbers, which is rather frequent for call centers and VoIP resellers.

In response to the nationwide increase in robocalls, regulations were imposed in 2021 for large carriers and in 2022 for small and rural providers. For example, “Americans received more than 3 billion robocalls, or nearly 17 spam calls per individual, in December 2023.”

The FCC recently passed new regulations that provide carriers with the authority to more strongly reject fraudulent calls and texts from noncompliant phone networks to improve customer security. “According to estimates, robocalls accounted for 25% of all incoming calls on Canadian phone numbers in 2021”. However, the U.S. Federal Trade Commission promised to work with Canada on enforcement actions to resolve this issue.

Conclusion

Spoofing and robocalls are not going away, but your company can stay ahead of the curve with STIR/SHAKEN. Calls that are routed through and not flagged as spam result in improved connections, more calls answered, and increased consumer trust.

So, selecting a reputable VoIP provider can help you stay ahead of the curve. As a business, you still need to make sure you comply with the FCC.

Subscribe to our Newsletter

The latest news, articles, and resources sent to your inbox.

SOME MORE RELATED STUFF FROM OUR UPDATES

admin
July 18, 2025

21 Must-Have Call Center Features for 2025

In 2025, the call center industry will have transformed dramatically, and it’s not done yet.

admin
July 3, 2025

What is Conversational AI Voicebot? A Comprehensive Guide for 2025

After enhancements in Artificial Intelligence, Conversational AI has become the future of

admin
June 18, 2025

The Basics of VoIP Termination: Types and Key Details

As the world becomes increasingly digitally connected, it is getting smaller. You may simply

Product