Call Trust & Security

Is that really your business calling? Prove it.

Your team dials a warm lead, a returning customer, a confirmed appointment, and the phone shows "Spam Likely" before anyone says a word. Carolina Digital Phone authenticates every call with STIR/SHAKEN, working with TransNexus to deliver the highest level of trust the network allows.

Level AFull Attestation target
85%of consumers rarely trust caller ID
TransNexusour authentication partner

Your sales team calls a lead back within the hour, exactly like the training manual says. Support confirms a shipment window. A scheduler reminds a patient about tomorrow's appointment. All good, professional, wanted calls. And on the other end, the phone either goes unanswered, or it answers already suspicious, because the screen reads "Spam Likely" or "Scam Risk" instead of your business name.

That is rarely a random carrier glitch. It is a trust problem baked into the voice network itself, and it is one that legitimate businesses now share with the robocallers and scammers who broke the system in the first place. If your phone provider cannot prove who is calling, the network has no reason to treat your call any differently than a spoofed one.

Why caller ID stopped being trustworthy

For decades, caller ID ran on an honor system. A carrier displayed whatever number a call claimed to be from, with no real mechanism to check whether that claim was true. That worked reasonably well when spoofing a number required real technical effort. It stopped working once cheap, widely available tools made number spoofing trivial for anyone willing to abuse it.

Once spoofing became common, the entire caller ID system lost credibility, not just for the calls that were actually fake. Carriers and consumers responded the only way they could: by getting defensive. Unfamiliar numbers get labeled, screened, or silently sent to voicemail, and a legitimate business calling from a legacy phone setup, a mix of old trunks, forwarded lines, and reused direct-dial numbers, can look just as unverified to the network as a scam call. The industry's response to that breakdown is STIR/SHAKEN, and it is now the backbone of how carriers decide whether to trust a call at all.

In one sentence

STIR/SHAKEN is the framework that lets a carrier digitally sign a call at the moment it originates, so the carrier that delivers it can verify the caller actually has the right to use the number on the screen.

STIR and SHAKEN, in plain English

The two names describe two halves of the same job. STIR, short for Secure Telephone Identity Revisited, is the technical standard, developed through the IETF, that defines how a call gets a verifiable digital signature. SHAKEN, short for Signature-based Handling of Asserted information using toKENs, is the framework, developed by ATIS and the SIP Forum, that tells carriers how to actually apply that standard across real telephone networks.

A useful way to picture it: think of a call as a sealed, certified envelope. The phone number on the outside is what the recipient sees, exactly like before. What is new is the seal itself, a digital signature from the originating provider that effectively says, "We checked this caller, and here is how confident we are that they have the right to use this number." The provider on the receiving end inspects that seal before deciding how much trust to extend to the call. Spoofing depends on the opposite condition, a number presented with no real proof behind it, which is exactly what a digital signature removes.

Worth clearing up

Authentication is not the same thing as a caller ID name. A call can display your company name and still carry weak authentication, or display no name at all and still be fully verified under STIR/SHAKEN. A polished name looks good. A verified signature is what actually earns trust from the network.

Infographic explaining what STIR/SHAKEN caller ID authentication is, the spoofing problem it solves, how it works, and its key business benefits
The fundamentals: what caller ID authentication is, the problem it fixes, and why it matters for answer rates.

The three levels of call attestation

Once a call is signed, it does not just get a pass or fail. It gets graded. That grade is called attestation, and it is the single biggest factor in how a receiving carrier interprets your call. The three levels are labeled A, B, and C, and they describe confidence, not call quality.

LevelWhat the provider is telling the networkWhat it usually means
A — Full Attestation"I know this caller, and I know they are authorized to use this exact number."The strongest possible signal. The provider has a direct relationship with the business and controls how the number was provisioned.
B — Partial Attestation"I know this customer, but I can't fully confirm their right to this specific number."Common with ported numbers or numbers routed through multiple systems. Better than nothing, weaker than it should be for important outbound calls.
C — Gateway Attestation"I only know where this call entered my network. I can't vouch for the caller."Typical of gateway or third-party handoff traffic. It is the minimum signal a carrier can provide.
Diagram of the three STIR/SHAKEN call attestation levels: A full attestation, B partial attestation, and C gateway attestation, ranked from highest to lowest trust
Attestation level A is the goal. Everything below it gives receiving carriers a reason to hesitate.

What actually determines your attestation level is rarely a mystery once you look at it directly. It comes down to the strength of your relationship with your provider, whether that provider controls and can verify the numbers you use, whether your calls originate over a modern, IP-native path, and whether every user, desk phone, softphone, and mobile app, sends calls through that same authenticated environment. Scatter those pieces across a patchwork of legacy trunks and forwarded lines, and Level A becomes difficult to reach no matter how good your sales script is.

Field advice: If your calls keep landing at B or C attestation, do not start by rewriting scripts or retraining staff. Start by auditing who owns your numbers, how they were provisioned, and whether every calling path in your business actually originates from the same authenticated system.

Why the attestation level actually affects your business

Unverified calls do not just create a technical footnote. They change how people behave on the other end of the line. Numeracle's 2024 consumer research, based on a survey of just over 2,000 U.S. consumers, found that 85% of people rarely or never trust caller ID for an unrecognized number, and 69% said they have missed, ignored, or declined an important call because the caller information was not trustworthy. The same research found that two-thirds of consumers said more accurate caller information would make them more willing to answer an unfamiliar number in the first place.

Translate that into a normal business week and the cost spreads across nearly every department that relies on outbound calling. Sales reps burn extra attempts reaching prospects who have learned to screen unfamiliar numbers. Support and scheduling teams get blamed for "never calling back" when the callback happened and simply was not trusted enough to answer. Billing and collections outreach gets harder precisely when timing matters most. None of that shows up as a single line item on a budget. It shows up as a slow erosion of an outcome that used to be simple: a business calls, and someone answers.

How the signing and verification process actually works

It helps to walk through what happens between the moment someone dials and the moment the other phone rings.

  • A call is placed from your network, using the number assigned to your business
  • Your provider's authentication service checks the caller and creates a digital certificate for that call
  • The call is digitally signed with a token, sometimes called a PASSporT, and passed along with the call setup information
  • The call travels across the telephone network to the receiving provider, carrying that signed token
  • The receiving provider's verification service checks the signature against trusted certificates
  • The call is labeled A, B, or C based on the result, and delivered with that attestation result attached
Technical diagram showing how STIR/SHAKEN authentication works, from originating and signing a call through verification and delivery with an attestation result
Every call passes through an authentication service on the way out and a verification service on the way in.

The Federal Communications Commission requires voice service providers to implement STIR/SHAKEN across their IP networks, and treats caller ID authentication as a core piece of its robocall mitigation strategy. You can read the FCC's own explanation of the framework on its call authentication page. That is federal policy, not a marketing claim, and it is exactly why the provider standing behind your authentication service matters as much as the phone plan itself.

Why Carolina Digital Phone works with TransNexus

Signing a call correctly requires real infrastructure: an approved certificate authority, a secure key store, a certificate repository, and a verification service that carriers across the country actually trust. Building and maintaining that stack alone is not a reasonable ask for most phone service providers, let alone most businesses. So we do not build it alone.

Carolina Digital Phone authenticates outbound calls through TransNexus, an approved Certificate Authority whose STIR/SHAKEN solutions are compliant with ATIS and IETF standards and are already in production across telephone networks nationwide. TransNexus provides the authentication service that digitally signs the calls you place through us, and the verification service that checks the calls you receive. That partnership is how we can aim for Level A, Full Attestation, on the calls our customers place, rather than hoping a patchwork of legacy carrier relationships happens to add up to something trustworthy.

This is not a background detail we mention once and move past. Ensuring your calls are delivered as valid, trusted calls is something we treat as core infrastructure, the same category as uptime and call quality, not an optional add-on.

Getting flagged as spam, or not sure what attestation level your calls are landing at? Call ☎ (336) 544-4000 and a Carolina Digital Phone engineer will look at your outbound setup with you, no guesswork required.

"Making sure your calls are delivered as valid calls isn't a checkbox for us. It's infrastructure, the same as uptime."Nicky Smith, founder, Carolina Digital Phone

What this means if you are still running a legacy PBX

Older, non-IP phone systems, traditional PBX hardware, PRI circuits, and hybrid setups with aging gateways, sit at the center of the authentication gap. These systems can carry voice traffic just fine. What they generally cannot do is natively support the digital signing model that STIR/SHAKEN depends on, because that model was built for IP-based calling.

The pressure to close that gap is no longer theoretical. In an April 29, 2026 fact sheet, the FCC laid out a Notice of Proposed Rulemaking aimed directly at the non-IP authentication gap, proposing to repeal the existing exemption for non-IP networks and require providers to either upgrade to IP or implement an approved non-IP authentication framework, with roughly 24 months to comply once the rules take effect. You can read the FCC's own summary in its April 29, 2026 fact sheet on closing the non-IP caller ID authentication gap. Waiting out an aging PBX may feel like avoiding disruption. In practice, it is extending a setup that makes your calls harder to trust, and the regulatory runway to fix it later is getting shorter.

Five-step phased approach to migrating a legacy PBX to a modern system that supports STIR/SHAKEN caller ID authentication
A phased migration, not a rip-and-replace weekend, is what actually protects call continuity.

The good news is that migration does not have to mean tearing everything out at once. Businesses that move successfully tend to inventory what they actually have, decide what has to move first, such as main numbers and critical call queues, move their identity layer onto a modern authenticated path as early as possible, retire old call-forwarding workarounds that quietly undermine attestation, and test real scenarios like transfers and remote users before calling the project done. If you are weighing that decision, our companion breakdown of hosted PBX versus onsite PBX covers the reliability and cost side of that same choice.

Because Carolina Digital Phone originates calls on a modern, IP-native platform from day one, our customers are not staring down a future compliance deadline for this specific gap. The authenticated path is already the path your calls travel today.

The next layer beyond authentication: Branded Caller ID

STIR/SHAKEN answers one specific question: is this call authentic. It does not, by itself, put your company name, logo, or reason for calling on the recipient's screen. That next layer is an emerging, CTIA-governed framework called Branded Calling ID, or BCID, which builds on top of STIR/SHAKEN's authentication to display a verified business name, a stated call reason, and a Rich Call Data logo directly on the handset, rather than leaving the recipient to guess. Providers like NumHub are already building enablement platforms around that standard.

We are intentionally keeping this article focused on STIR/SHAKEN, because it is the foundation everything else sits on top of. Branded Caller ID deserves its own detailed article, and we will cover it separately, including how it works, what it costs, and whether it makes sense for your business. For now, the short version is this: authentication earns the right to be trusted. Branding is what you do with that trust once you have it.

Questions worth asking your phone provider

Almost every provider will say yes if you ask, "Do you support STIR/SHAKEN?" That question is too easy to answer well. Ask questions that actually expose whether your specific setup can reach Full Attestation.

  • How exactly do you verify my right to use each outbound number I present?
  • What happens to my attestation level when I port a number from an older carrier or PBX?
  • Who investigates it when my calls start showing partial trust or spam labeling, and how fast?
  • Do my remote staff and mobile app users still originate calls through the same authenticated path as the office?

A phone system that can simply place and receive calls is not enough in 2026. A usable business phone system has to support trust as a baseline, not an upgrade.

Carolina Digital Phone: verified calls, every time

North Carolina businesses, schools, and government agencies choose Carolina Digital Phone because we treat call trust as core infrastructure, not a feature you have to ask for. Every call placed through our platform is authenticated through our partnership with TransNexus, on a modern IP-native network built to reach Full Attestation, backed by a real North Carolina team instead of a distant support queue. Carolina Digital Phone has worked in this industry since 2000, led by a founder whose technology career spans more than 45 years, and ensuring your calls are delivered as valid, trusted calls is something we take seriously because your revenue depends on someone actually answering.

If you want the fuller picture, read why organizations choose us, learn what hosted VoIP is and how it works, or see how we approach network reliability across our platform.

Want to know your current attestation level, or map a path off a legacy system that can't support modern authentication? Call ☎ (336) 544-4000 and talk with a Carolina Digital Phone engineer, no scripts, just straight answers.

Straight answers

STIR/SHAKEN and caller ID authentication: frequently asked questions

STIR/SHAKEN is the industry framework carriers use to digitally sign and verify caller identity on phone calls. STIR defines the technical signing standard, developed through the IETF, and SHAKEN defines how carriers apply it across real telephone networks, developed by ATIS and the SIP Forum.

Attestation is the confidence level a provider attaches to an outbound call. Level A, Full Attestation, means the provider fully verified both the caller and their right to use the number. Level B means partial confidence, and Level C means the provider can only verify where the call entered its network, not the caller itself.

No. CNAM controls the name displayed with a call, but it does not verify that the caller has the right to use that number. STIR/SHAKEN authentication and CNAM display are related but separate systems, and a call can display a name while still carrying weak authentication.

Usually because the outbound calling path cannot be strongly authenticated, often due to legacy trunking, inconsistent number provisioning, or numbers ported through multiple systems. Carriers default to caution when they cannot confirm a caller's identity, which can catch real businesses in the same net as scammers.

STIR/SHAKEN authenticates that a call is legitimate. Branded Caller ID, or BCID, is a newer, CTIA-governed layer built on top of that authentication which displays a verified business name, logo, and call reason on the recipient's screen. We will cover Branded Caller ID in a dedicated article.

We authenticate calls through TransNexus, an approved Certificate Authority whose STIR/SHAKEN solutions comply with ATIS and IETF standards, on a modern IP-native platform we control end to end. That combination is what allows us to target Level A, Full Attestation, on the calls our customers place.

Verified calls, local engineers

Make sure your calls are actually trusted, not just dialed.

Whether you are dealing with spam labeling today or planning a move off a legacy PBX before the non-IP authentication gap closes, a Carolina Digital Phone engineer will look at your real setup and show you exactly where your attestation stands. Backed by our partnership with TransNexus, transparent pricing, and a local North Carolina team that answers the phone.

☎ (336) 544-4000

Request a free consultation