STIR (Secure Telephone Identity Revisited)
SHAKEN (Signature-based Handling of Asserted information using toKENS)
The STIR/SHAKEN (S/S) framework allows voice service providers to authenticate that the caller ID information transmitted with a particular call matches the caller’s number.
Upon widespread implementation, the hope is that S/S will help reduce illegal spoofing, allow law enforcement to identify bad actors more easily, and help voice service providers identify calls with illegally spoofed caller ID information before those calls reach their subscribers. However, S/S was not designed to be a silver bullet for seamless authentication in the contact center. Indeed, the FCC has encouraged the industry to develop and implement new caller ID authentication technology in addition to the actions taken by the FCC.
This Guide Discusses How To:
What are STIR/SHAKEN Attestations?
Limitations to STIR/SHAKEN
Does Your Carrier Support S/S In Your Contact Center?
The FCC requires voice service providers either to implement S/S or obtain an extension and file a Robocall Mitigation Plan with the FCC protocols by June 30, 2021. As of September 28, 2021, providers will be precluded from terminating covered voice calls from providers not listed in the FCC’s Robocall Mitigation Database.
How VeriCall® Technology Leverages STIR/SHAKEN Attestations
The Power of VeriCall® Technology + STIR/SHAKEN Attestations
VeriCall® Technology can enhance the usefulness of S/S Attestations by adding proprietary call analytics and telephony expertise to identify more Attestation A, B, and C calls for step-down authentication, and help to identify bad actors.
A: Full Attestation
Attestation A: Have You Considered...
- How your team will differentiate Attestation As from trusted providers versus unfamiliar providers?
- Whether Attestations scores alone are capable of identifying other fraud attack vectors, or if any of the following scenarios may receive an A Attestation:
- Forwarded calls
- Robocalls originating from legitimately purchased numbers
- Friendly fraud
- Prepaid phones and VoIP calling apps
- IPBPX exploits
- SIM swapping, Boxing, or Porting
- GSM Gateway hacking
- What business rules will be used for each Attestation level and how to train agents on how to handle them?
- Does your current telephony infrastructure allow you to pass Attestation scores to the IVR?
- How will you be aware of or notified when S/S keys are compromised at the carrier level?
- How to validate calls if an Attestation is dropped by an intermediate carrier, or your carrier, when S/S is not fully implemented or when an Attestation cannot be provided on some calls?
- Whether your SIP network gear removes the identity token by default?
- If using a TDM (Non-IP) network, whether your process can transmit the identity token?
- The issues that could arise if you are converting from UDP to TCP?
B: Partial Attestation
C: Gateway Attestation
Attestation B and C: Have You Considered...
- Whether your business will treat all Attestation B and C calls as “bad,” and if so, what impact that may have on call handle time, customer service, and OPEX?
- What percentage of Attestation B and Cs will be calls that originate from legitimate customers, and the related impact on their experience?
- How to manage Attestations from carriers who determine that a broad subset of calls (like those that are simply forwarded), will be assigned a B or C?
Next Caller Can Help Your Business Maximize The Value of STIR/SHAKEN By:
Download Our Latest STIR/SHAKEN Report
- Only 35% of calls were delivered with any Attestation at all
- Spoofed calls were given an Attestation A by carriers on numerous occasions
- Hundreds of thousands of calls given an Attestation C were cleared for step-down authentication by PindropⓇ technology.