If you work for a Voice Service Provider (VSP), you have a responsibility to protect not only your own business, but also your customers, consumers, and the communications industry as a whole. Illegal robocalls hurt everyone! Every VSP needs to help identify and address suspicious traffic, as well as ensure prompt responses to the Industry Traceback Group (ITG) and your fellow providers.
At Commio, we take reports of illegal robocalls and unwanted text messages seriously. To report an unwanted call or text, use our report a number form.
Be Proactive, and Support ITG Efforts
When the ITG initiates a traceback, the robocalls in question have probably traversed multiple networks, each layer requiring additional time and resources when time is of the essence. As such, a rapid response by each VSP in the chain is critical. Specifically:
- You must designate a point of contact for suspicious traffic requests and provide your contact information to the ITG now, if you haven’t done so already.
- Engage in collective coordination through the ITG to address instances of suspicious traffic and respond to traceback requests.
- You need to respond to requests promptly, with investigations initiated within four business hours and results returned within 24 hours.
- You should know your immediate upstream provider and vet the identity of your customers—ideally while they’re still prospects—by collecting the necessary information up front to assist in traceback requests and enforcement efforts (see Know Your Customer). This information should be readily available if a traceback is initiated.
- If you discover your own systems or end users are generating suspicious traffic, you should take steps to investigate immediately, and mitigate unlawful calls going forward (see below).
- You should analyze and monitor network traffic to identify patterns consistent with illegal robocalls and take appropriate action.
- If a pattern consistent with illegal robocalls is detected, you should work to identify the responsible party and take the necessary actions, including initiating a traceback investigation and notifying law enforcement promptly.
- Call traceback information should be kept private and only shared with the ITG, other relevant VSPs, or as part of a valid legal process.
Violation! You’ve been Tagged – Now What?
If your service has been identified as a source of spam, there are several steps you should take to address the issue and comply with regulatory requirements:
• Immediate Actions
Cease the Transmission of Spam! The first and foremost step is to immediately stop transmitting the identified spam calls. This helps prevent further propagation of spam and reduces the potential harm to consumers and even your other customers.
Investigate the Source: Conduct a thorough internal investigation to determine how and why the spam calls are being routed through your network. This might involve reviewing call logs, customer accounts, and any third-party relationships.
• Compliance and Cooperation
Notify the Authorities: Inform the relevant regulatory bodies, such as the Federal Communications Commission (FCC) in the United States, about the steps being taken to address the issue. Proactive transparency with the authorities can help mitigate potential penalties and protect your business.
Cooperate with Traceback Requests: Fully cooperate with traceback requests from the Industry Traceback Group (ITG) and other industry bodies to help trace the origin of the spam calls. This cooperation is essential for identifying the bad actors behind the calls and demonstrates your commitment to fighting illegal robocalls.
• Implement Preventative Measures
If you haven’t already taken the preventative steps to protect your business and your customers from fraudsters, you need to do the following as quickly as possible.This not only reduces your risk going forward, it shows that you are committed to eradicating illicit traffic and supporting enforcement efforts.
Strengthen Caller Authentication: If you haven’t done so already (eek!), implement STIR/SHAKEN (Secure Telephone Identity Revisited/Signature-based Handling of Asserted information using toKENs) protocols to ensure caller ID authentication. This helps in verifying the legitimacy of calls and reducing spoofed calls. And, make sure you’ve documented your efforts in the Robocall Mitigation Database (RMD) maintained by the FCC. Note that effective May 28, 2024, providers are required to reject all traffic from VSPs that aren’t in the RMD!
Enhance Call Monitoring and Filtering: Utilize advanced call monitoring and filtering technologies to detect and block potential spam calls before they reach end users. This may involve using Artificial Intelligence (AI) and machine learning algorithms to analyze calling patterns.
Review and Update Policies: Reassess and update internal policies related to customer onboarding, call traffic monitoring, and compliance with regulations. Ensure that robust checks are in place to prevent misuse of the network.
• Customer and Public Communication
Notify Affected Customers: Inform any affected customers about the issue and provide guidance on how to protect themselves from spam and fraud. This might include advising them to use call-blocking apps and services.
Public Statement: If necessary, issue a public statement detailing the steps being taken to address the spam issue and reassure customers and stakeholders about the measures implemented to prevent future occurrences. If the violation is substantial, consider engaging a PR firm with experience in negative press.
• Continuous Improvement
Regular Audits and Training: Conduct regular audits of the network to identify and address any vulnerabilities. Provide ongoing training to staff about the latest trends in spam and fraud, and how to prevent them. Stay up to date on the most current technology used by bad actors, as well as the latest technology to identify and eliminate bad traffic.
• Industry Collaboration
Participate in Industry Initiatives: Engage with industry initiatives such as ITG and working groups aimed at combating robocalls and spam. Sharing insights and collaborating with other providers can help develop more effective solutions.
• Legal and Regulatory Compliance
Adhere to Regulations: Ensure strict adherence to all relevant regulations and guidelines issued by the FCC and other regulatory bodies. This includes maintaining accurate records and reporting any suspicious activities promptly.
* * * * *
By taking these steps, a voice service provider can not only address the immediate implications of being identified as a spam source but also build a more robust system. Ultimately, every provider should be working to prevent future occurrences of illegal traffic, and contribute to the broader effort to combat spam and fraudulent calls.
See also: How the Telecom Industry is Fighting Robocalls, and Consumer Tips to Stop Unwanted Robocalls
Report a Phone Number
Commio works hard to keep unwanted traffic off our network. If you receive an illegal robocall on a phone number that appears to belong to Commio, we want to know! Share the details with us here.
