STIR/SHAKEN Caller-ID Authentication
A US and Canadian framework that cryptographically signs outgoing calls so receiving carriers can verify whether the displayed caller-ID number is legitimate.
Also known as: STIR SHAKEN, caller ID verification framework, call attestation
Last reviewed: 10 June 2026
STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs) are complementary standards mandated by the FCC following the TRACED Act of 2019. When a call originates on a STIR/SHAKEN-enabled carrier, a digital certificate is attached to the call header asserting the level of confidence that the displayed number belongs to the originating subscriber. Receiving carriers can check this attestation and label calls accordingly — 'Verified', 'Unverified', or the call is blocked.
The framework has reduced some categories of spoofed robocalls, but it has important gaps. Calls originating from non-compliant carriers — particularly international voice-over-IP providers — carry no attestation. Fraudsters route calls through foreign termination points specifically to bypass signing requirements. Small carriers and gateway providers took time to implement the standards, creating pass-through gaps that sophisticated fraud operations exploit.
Consumers benefit from STIR/SHAKEN indirectly: many carriers now label calls 'Spam Risk' or 'Scam Likely' based partly on attestation status combined with analytics. However, a 'Verified' label means only that the calling number belongs to the originating carrier's customer — not that the caller is legitimate. Treat unexpected calls from even verified numbers with appropriate scepticism.