If you've noticed that fewer people answer your outbound calls than they did five years ago, STIR/SHAKEN is part of the explanation. Not the whole story, but a significant chapter of it.
Robocalls and caller ID spoofing have been eroding trust in phone communication for long enough that the damage is now structural. Consumers don't just screen suspicious calls. They screen most calls. The FTC has documented this consistently: caller ID can be faked even when a name or number looks familiar, and people have absorbed that lesson in ways that affect legitimate businesses just as much as fraudulent ones.
What the framework actually is
STIR stands for Secure Telephone Identity Revisited. SHAKEN stands for Signature-based Handling of Asserted information using toKENs. Nobody uses the full names. What matters is what the framework does: it gives service providers a mechanism to sign calls at the point of origin and verify them as they travel across networks.
ATIS, the standards body behind much of this, describes SHAKEN as an end-to-end cryptographic authentication and verification framework. The FCC puts it more plainly: it digitally validates the handoff of calls across networks. Both descriptions are accurate and neither fully captures why it matters in practice.
Here's the part that trips people up. STIR/SHAKEN does not tell you whether a call is wanted or safe. It tells you whether the calling party has a credible right to use the number being displayed. Authentication and legitimacy are different things. The FCC has said this explicitly. A verified call can still be a nuisance. An unverified call is not automatically fraud. The framework raises the cost of spoofing at scale. It does not eliminate bad actors.
Why this is a business problem, not just a telecom problem
Most businesses that run outbound calling operations don't think of themselves as having a spoofing problem. They think of themselves as having a performance problem. Contact rates are down. Callbacks aren't happening. Appointment reminders aren't working. The root cause often traces back to trust erosion that STIR/SHAKEN is specifically designed to address, but the symptom shows up in sales dashboards and customer service metrics rather than security reports.
Fraudsters impersonating business numbers make this worse in a specific way. When a scammer uses your company's number to run a scheme, the reputational damage lands on you. Customers who got burned call to complain. Numbers get flagged. Legitimate calls from those numbers start getting labeled as suspected spam. The business finds out weeks or months later when someone finally connects the dots.
How it works at the carrier level
Originating providers authenticate caller ID when a call enters the network. Downstream providers verify that authentication as the call moves toward the recipient. In most enterprise calling environments, calls pass through multiple carriers before reaching the end user, so that chain of verification matters more than it might seem.
The FCC has been tightening implementation requirements steadily, pushing providers toward genuine compliance rather than nominal adoption. That distinction has real consequences. A framework implemented inconsistently across the carrier ecosystem provides limited protection. The rules exist specifically because voluntary adoption was moving too slowly.
What businesses actually control
STIR/SHAKEN operates at the carrier level. Businesses don't configure it directly. What businesses do control: whether their voice provider is implementing the standards properly, how their outbound numbers are registered, and whether their calling practices are inadvertently creating conditions where legitimate calls get flagged.
That last point gets missed more often than it should. High-volume outbound calling from numbers that aren't properly authenticated, or that have accumulated complaints, can result in spam labeling on legitimate calls. STIR/SHAKEN compliance at the provider level addresses part of that. Number registration hygiene, call frequency, and opt-out handling address the rest. The framework works alongside call blocking, labeling, and reporting tools. It was never designed to replace them.
What it doesn't fix
Spoofing is not a problem that gets solved once. The fraud ecosystem adapts. Numbers that get flagged get rotated. New techniques emerge. STIR/SHAKEN raises the floor on what's easy to fake at scale. It doesn't raise the ceiling on what determined bad actors can do with enough resources.
For businesses, the realistic expectation is better baseline protection and more reliable information for carriers to act on. That's worth having. It's just not the same as having the problem solved.
If your business depends on outbound calling, customer contact, or fraud prevention, Voyce Telecom can help you build a more secure and trustworthy voice strategy with solutions tailored to enterprise needs.
Michael Hargrove,
Director of Enterprise Voice Solutions at Voyce Telecom.