Comments on caller ID authentication best practices

The CATA Working Group of the NANC issued a best practices document, and the FCC asked for comments. Here’s a summary of the feedback they received.

The Best Practices for the Implementation of Call Authentication Frameworks cover the following topics:

  1. Subscriber vetting
  2. Telephone number validation
  3. A-level (full) attestation
  4. B- (partial) and C-level (gateway) attestation
  5. Third-party validation services
  6. International call originators using NANP numbers
  7. Ongoing robocall mitigation.

Here’s a summary of the comments received.

CTIA

  • CTIA supports the NANC report and encourages the Commission to issue the call authentication best practices without modification.
Comments on caller ID authentication best practices

INCOMPAS

  • INCOMPAS is generally supportive of these recommendations, but challenges remain:
    • Concerns from competitive providers about achieving proper attestation
    • Solving for enterprise use cases
  • INCOMPAS has championed certificate delegation for complex use cases and business models.
  • The FCC determined that it was unnecessary to require standards for certificate delegation at this time. INCOMPAS recommends that the Commission reconsider this position.

Inteliquent

  • Inteliquent is concerned that the recommended best practices would inappropriately exclude multiple categories of legitimate call scenarios from receiving full attestation.
  • The best practices document suggests allowing A-level full attestation under more narrow circumstances than the ATIS standards.
  • Defining attestation levels in relation to the end user will needlessly limit full attestation.
  • Originating service providers can find ways to vet caller identities and achieve full attestation.

NCTA

  • NCTA agrees that the Commission should adopt these recommended voluntary practices.

Noble Systems

  • The best practices document is beneficial, but its recommendations should not be mandated.
  • Originating service providers need flexibility to vet customer use of calling numbers.
  • OSPs do not have to validate the use of a calling number. Partial or gateway attestation is not necessarily a deficiency.
  • Robocall mitigation is separate from call authentication. Therefore, discussion of robocall mitigation is outside of the scope of this document.

Numeracle

  • Numeracle is concerned that carriers and their analytics partners will impose barriers to the transmission of end-to-end caller identity by adding non-standards based requirements, obstacles, or charges that prevent the identity of the caller from being displayed on the call recipient’s device.
  • Service providers should be able to hire third-party vetting services, such as Numeracle, to verify the identities of legal callers and enable them to use delegate certificates.
  • Delegate certificates are now part of STIR/SHAKEN standards. The TRACED Act requires implementation of STIR/SHAKEN. Accordingly, voice service providers must accept delegate certificates in the same manner as they accept other types of certificates.
  • Rich Call Data should be the vehicle through STIR/SHAKEN for caller identification information.

Professional Association for Customer Engagement

  • PACE generally supports best practices for caller ID authentication.
  • The best practices offered in this report should not be imposed as regulatory mandates.
  • Use of a third-party vetting service should be optional to the caller.
  • Enterprises should be able to validate their use of client numbers and receive a full A level attestation by demonstrating that it has contract provisions in place.
  • The report does not describe call patterns consistent with illegal robocalling. These questions are left open. Standardization of these processes across the industry could be beneficial in reducing inefficiency and burden on callers.
  • Best practices should be suggestions, not mandates.

USTelecom – The Broadband Association

  • USTelecom wholeheartedly supports the best practices.
  • Robocall mitigation should be required for all traffic, regardless of whether it is signed.

YouMail

  • These best practices are a positive step forward.
  • Service providers should be encouraged to use currently available technology.
  • Small service providers must implement robocall mitigation programs.
  • Measurement and reporting must be a part of a robocall mitigation program.

ZipDX

  • Agrees with USTelecom that service providers should have ongoing robocall mitigation program in addition to implementing call authentication.
  • Sympathetic with Inteliquent’s concern that full attestation may be too narrowly defined but believes that the best practices should not be relaxed.
  • Disagrees with Noble Systems that robocall mitigation is out of scope. STIR/SHAKEN and robocall mitigation are and should be intertwined.
  • Best practices should set a high bar for foreign-originated calls.

TransNexus solutions

We offer STIR/SHAKEN and robocall mitigation solutions in our ClearIP and NexOSS software platforms. Contact us today to learn more about these solutions.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.