Every telecom operator faces the same crisis: spam calls have destroyed trust in voice communication. Scammers spoof local numbers, impersonate banks, fake government agencies, and abuse cheap VoIP routes to run billions of robocalls globally. Traditional caller ID was never designed to verify whether the caller was actually who they claimed to be. That weakness became a trillion-dollar fraud opportunity.
To solve it, the telecom industry created two interlocking frameworks: STIR and SHAKEN. Together, they form the backbone of modern caller authentication — and understanding them matters whether you're a business owner, a VoIP buyer, or a telecom engineer.
In this article
- What SHAKEN/STIR actually means
- Why it exists — the spoofing crisis
- How SHAKEN/STIR works
- The PASSporT token explained
- Attestation levels: A, B, and C
- SHAKEN/STIR and SIP headers
- Certificates and governance
- Why cheap VoIP providers fail
- Limitations — what it doesn't fix
- International problems
- What this means for your business
What SHAKEN/STIR Actually Means
The two acronyms are often written together as "SHAKEN/STIR" but they refer to different layers of the same system.
STIR — Secure Telephone Identity Revisited
STIR is the technical standard that cryptographically verifies caller identity using digital certificates and SIP headers. It was developed by the IETF (Internet Engineering Task Force) and defines exactly how a carrier proves:
- Who originated the call
- Whether the caller ID was modified in transit
- Whether the originating carrier trusts the caller
SHAKEN — Signature-based Handling of Asserted information using toKENs
SHAKEN is the operational framework that US and Canadian carriers use to implement STIR across their networks. It was developed by ATIS (Alliance for Telecommunications Industry Solutions) and defines the governance, certificate management, and carrier obligations.
| Component | Role | Developed by |
|---|---|---|
| STIR | The cryptographic technology — how signatures work | IETF |
| SHAKEN | The carrier implementation framework — how it's deployed | ATIS |
Why SHAKEN/STIR Exists — The Spoofing Crisis
Caller ID spoofing became catastrophic because SIP (Session Initiation Protocol) was built on trust, not verification. In legacy VoIP architecture:
- Anyone could send any caller ID they wanted
- Carriers rarely validated whether numbers belonged to the caller
- International routes were loosely regulated
- Fraudsters exploited cheap wholesale routes to inject billions of calls
The consequences were severe:
- Robocall campaigns at industrial scale
- IRS and Social Security impersonation scams
- Bank and financial institution fraud
- Fake emergency service calls
- SMS phishing (smishing) tied to spoofed numbers
- Enterprise-level business email compromise via phone
By 2019, Americans were receiving over 50 billion robocalls per year. Answer rates on unknown numbers collapsed. Consumers stopped picking up. That is existential for an industry built on voice communication.
How SHAKEN/STIR Works — Step by Step
When a SIP call is made across a SHAKEN/STIR-enabled network, the following happens:
- The originating carrier verifies the caller. It checks whether the customer is authorized to use the caller ID they're presenting.
- The carrier digitally signs the SIP INVITE. Using its private key and an X.509 certificate issued by a trusted certificate authority.
- A PASSporT token is attached. This JSON Web Token (JWT) is embedded in the SIP Identity header.
- The call traverses the network. Intermediate carriers pass the signed header along.
- The terminating carrier validates the signature. It checks the token against the originating carrier's public certificate.
- The call is marked as trusted or suspicious. Based on attestation level and signature validity.
The terminating carrier (or the analytics engine it uses) can then:
- Display a "Verified Call" badge on the recipient's phone
- Downgrade spam scores for trusted calls
- Block or label calls with invalid or missing signatures
- Feed data into analytics and fraud detection systems
The PASSporT Token
The core of STIR is the PASSporT — Personal Assertion Token. It is a JSON Web Token (JWT) that carries the cryptographic proof of caller identity.
A PASSporT contains:
- orig — the originating telephone number (the caller)
- dest — the destination telephone number (the called party)
- iat — issued-at timestamp (prevents replay attacks)
- attest — the attestation level (A, B, or C)
- origid — a unique call origination identifier
- A digital signature from the originating carrier's private key
The token is Base64url-encoded and inserted into the SIP Identity header of the INVITE message.
Attestation Levels: A, B, and C
This is where SHAKEN/STIR gets operationally significant. Not all verified calls are equal. The framework defines three trust levels:
| Level | Name | What it means | Trust |
|---|---|---|---|
| A | Full Attestation | Carrier knows the customer AND verified they own/are authorized to use the number | Highest |
| B | Partial Attestation | Carrier knows the customer but cannot fully verify ownership of the specific number | Medium |
| C | Gateway Attestation | Carrier received traffic from another network and cannot verify the originating customer | Lowest |
Full Attestation (A) — What Real Operators Deliver
The carrier has:
- A direct relationship with the customer
- Assigned the specific number to that customer
- Verified the customer's identity through KYC
Examples: a direct enterprise SIP trunk customer, a verified DID owner, a compliant hosted PBX deployment. This is what enterprise buyers should demand from their carrier.
Partial Attestation (B) — The Grey Zone
The carrier knows the customer but cannot fully verify that the customer owns or is authorized to use the specific caller ID being presented. Common in:
- BYOC (Bring Your Own Carrier) configurations
- PBX forwarding scenarios where the original number isn't verified
- SIP relay setups with intermediate systems
Still somewhat trusted, but terminating carriers may apply additional scrutiny.
Gateway Attestation (C) — Where Fraud Lives
The carrier is simply passing traffic received from another network. It has no relationship with the originating customer and cannot verify anything about the caller ID. This is the entry point for:
- International wholesale routes
- Gray routes and least-cost routing abuse
- Unknown upstream providers
- Traffic laundering through multiple intermediaries
SHAKEN/STIR and SIP Headers
A SHAKEN-enabled SIP INVITE includes the signed PASSporT in the Identity header:
The terminating carrier's verification system validates:
- Token integrity — the signature matches the payload
- Certificate chain — the signing cert traces back to a trusted STI-CA
- Timestamp freshness — the
iatis within an acceptable window (typically 60 seconds) - Originating authority — the carrier is authorized to sign for the originating number
Certificates and Governance
SHAKEN/STIR relies on a public key infrastructure (PKI) specific to the telecom industry. In the United States:
- STI-PA (Secure Telephone Identity Policy Administrator) — governs overall policy, maintains the authorized carrier list, and manages the trust anchor. Currently operated by iconectiv.
- STI-CA (Secure Telephone Identity Certification Authority) — issues signing certificates to authorized carriers. Multiple STI-CAs exist (Comodo, Sansay, TransNexus, etc.).
- STI-VS (Verification Service) — the service terminating carriers use to validate incoming signatures in real time.
Only carriers that have been vetted and authorized by the STI-PA can receive signing certificates. This is a deliberate gatekeeping mechanism — it means that a carrier operating dirty routes or with weak KYC cannot obtain the credentials needed to issue A-level attestation.
Why Cheap VoIP Providers Fail at SHAKEN/STIR
Most low-cost VoIP providers cannot deliver A-level attestation because they:
- Resell capacity from wholesale carriers rather than owning their own infrastructure
- Use shared trunks where number ownership is ambiguous
- Have weak or non-existent KYC processes
- Lack the certificate infrastructure to sign calls at the origination point
- Route through intermediaries that strip or downgrade attestation
The practical consequences for businesses using these providers:
- Lower answer rates on outbound calls (spam labels suppress pickup)
- Calls blocked by major carriers (AT&T, Verizon, T-Mobile all have aggressive filtering)
- Failed delivery to enterprise PBX systems with strict verification policies
- Reputation damage when your number gets flagged as "Spam Likely"
The consolidation is already happening
- The FCC's STIR/SHAKEN mandate has already forced hundreds of small carriers to upgrade or exit
- Major analytics providers (Hiya, First Orion, TNS) now factor attestation level into spam scoring
- Enterprise buyers increasingly require A-level attestation in carrier contracts
- Carriers that cannot deliver verified identity will lose enterprise traffic to those that can
Limitations — What SHAKEN/STIR Doesn't Fix
SHAKEN/STIR is a significant improvement, but it is not a complete solution to call fraud. It is important to understand what it does not do:
| What SHAKEN/STIR does | What it does NOT do |
|---|---|
| Verifies the originating carrier signed the call | Guarantee the caller is honest or legitimate |
| Confirms the number was assigned to the caller | Stop fraud from verified but compromised numbers |
| Reduces spoofing of numbers the caller doesn't own | Eliminate robocalls from legitimate-looking sources |
| Provides a trust signal to terminating carriers | Fully secure international traffic |
| Enables analytics-based spam scoring | Replace the need for behavioral fraud detection |
Fraudsters have adapted. Modern attack vectors include:
- Verified but compromised numbers — legitimate businesses whose numbers have been hijacked or whose accounts have been taken over
- SIM farms — large-scale mobile number operations that can obtain A-level attestation through legitimate mobile carriers
- Social engineering — using verified calls to build trust before executing fraud
- Legitimate business impersonation — registering shell companies to obtain carrier accounts and certificates
International Problems
SHAKEN/STIR adoption outside the United States and Canada is fragmented and inconsistent. This creates significant gaps in the global call authentication chain.
Major challenges:
- Incompatible regulations — different countries have different mandates, timelines, and technical standards
- Weak carrier governance — many international carriers lack the infrastructure or incentive to implement STIR
- International gateway gaps — calls crossing borders often lose attestation at the gateway
- Legacy TDM infrastructure — PSTN-based networks in many countries cannot carry SIP Identity headers
- Inconsistent certificate management — no global equivalent of the STI-PA exists yet
A call that originates internationally may:
- Start with valid attestation in its home country
- Lose the Identity header when crossing an international gateway
- Arrive at a US terminating carrier with no attestation at all
- Be treated as unverified and potentially labeled as spam
This is a known problem the industry is working to solve through frameworks like ATIS's international STIR working groups and bilateral agreements between carriers. Progress is slow.
What This Means for Your Business
If you're buying VoIP or SIP trunking services, SHAKEN/STIR attestation level is a concrete, measurable quality indicator — not marketing language.
Questions to ask your carrier:
- What attestation level do you provide for my outbound calls?
- Are you a direct STI-CA certificate holder or do you rely on an upstream provider?
- How do you handle calls that originate from my PBX or BYOC setup?
- What is your answer rate data for A-level vs. C-level attested calls?
The telecom industry is in the middle of a trust consolidation. Carriers that can prove call authenticity will win enterprise traffic. Those that cannot will be filtered out — literally. SHAKEN/STIR is the mechanism that makes that sorting happen.