STIR/SHAKEN is a caller ID authentication framework used in IP-based phone networks. STIR stands for Secure Telephone Identity Revisited.
What is STIR/SHAKEN?
STIR/SHAKEN is a caller ID authentication framework used in IP-based phone networks. STIR stands for Secure Telephone Identity Revisited. SHAKEN stands for Signature-based Handling of Asserted information using toKENs. Together, they let carriers sign caller identity information and let downstream providers verify whether the displayed number was legitimately associated with the originating call.
How STIR/SHAKEN Works
When a call originates on a participating IP network, the originating provider can attach a digital signature to the call setup information. That signature includes an attestation about the provider's confidence in the calling number. The receiving side can validate the signature and use that result to help determine whether the caller ID should be trusted, flagged, or treated cautiously.
Why STIR/SHAKEN Matters
STIR/SHAKEN raises the cost of some caller ID spoofing scenarios by making it harder to pass off unauthenticated numbers as legitimate on participating networks. It is one of the most important telephony defenses against robocalling and caller ID abuse, but it is not a complete answer to vishing or help desk impersonation.
What STIR/SHAKEN Does Not Solve
STIR/SHAKEN does not eliminate spoofing entirely. It is strongest on IP-to-IP carrier paths and weaker where calls cross legacy networks, international hops, enterprise systems, or providers that do not preserve the signaling chain cleanly. It also does not solve the deeper problem that a trusted-looking number is still not proof of a trusted caller.
How Defenders Should Use STIR/SHAKEN
- Treat STIR/SHAKEN as a useful signal, not a standalone identity control
- Keep callback verification and out-of-band approval procedures in place
- Review how carriers, PBXs, and VoIP providers surface attestation results
- Train employees and help desk staff not to trust caller ID by itself
- Test phone-based workflows even when telephony providers support STIR/SHAKEN
Frequently Asked Questions
What do STIR and SHAKEN stand for?
STIR stands for Secure Telephone Identity Revisited. SHAKEN stands for Signature-based Handling of Asserted information using toKENs.
Does STIR/SHAKEN stop caller ID spoofing completely?
No. It makes some forms of caller ID spoofing harder and more visible, but it does not eliminate spoofing and it does not replace verification procedures.
Is a STIR/SHAKEN-verified call safe to trust?
Not by itself. A verified or highly attested caller ID can be a useful signal, but defenders should still verify sensitive requests through known procedures because the number on the screen is not the same thing as proven intent.
Why does STIR/SHAKEN matter for help desks?
Help desks often work quickly and may treat familiar phone numbers as reassuring. STIR/SHAKEN can improve caller identity assurance in some cases, but it does not remove the need for stronger identity verification in password reset and account recovery workflows.