STIR (Secure Telephone Identity Revisited)
The STIR/SHAKEN (S/S) framework allows voice service providers to authenticate that the caller ID information transmitted with a particular call matches the caller’s number.
This Guide Discusses How To:
What are STIR/SHAKEN Attestations?
Limitations to STIR/SHAKEN
Does Your Carrier Support S/S In Your Contact Center?
How VeriCall® Technology Leverages STIR/SHAKEN Attestations
The Power of VeriCall® Technology + STIR/SHAKEN Attestations
VeriCall® Technology can enhance the usefulness of S/S Attestations by adding proprietary call analytics and telephony expertise to identify more Attestation A, B, and C calls for step-down authentication, and help to identify bad actors.
A: Full Attestation
Attestation A: Have You Considered...
- How your team will differentiate Attestation As from trusted providers versus unfamiliar providers?
- Whether Attestations scores alone are capable of identifying other fraud attack vectors, or if any of the following scenarios may receive an A Attestation:
- Forwarded calls
- Robocalls originating from legitimately purchased numbers
- Friendly fraud
- Prepaid phones and VoIP calling apps
- IPBPX exploits
- SIM swapping, Boxing, or Porting
- GSM Gateway hacking
- What business rules will be used for each Attestation level and how to train agents on how to handle them?
- Does your current telephony infrastructure allow you to pass Attestation scores to the IVR?
- How will you be aware of or notified when S/S keys are compromised at the carrier level?
- How to validate calls if an Attestation is dropped by an intermediate carrier, or your carrier, when S/S is not fully implemented or when an Attestation cannot be provided on some calls?
- Whether your SIP network gear removes the identity token by default?
- If using a TDM (Non-IP) network, whether your process can transmit the identity token?
- The issues that could arise if you are converting from UDP to TCP?
B: Partial Attestation
C: Gateway Attestation
Attestation B and C: Have You Considered...
- Whether your business will treat all Attestation B and C calls as “bad,” and if so, what impact that may have on call handle time, customer service, and OPEX?
- What percentage of Attestation B and Cs will be calls that originate from legitimate customers, and the related impact on their experience?
- How to manage Attestations from carriers who determine that a broad subset of calls (like those that are simply forwarded), will be assigned a B or C?