Implementing a Robocall Mitigation Program

This post is written for originating providers that want to meet the FCC’s mandates for effective robocall mitigation. In our last post, we talked about the importance of segregating conversational vs. auto-dialed traffic, and making sure that your customers adhere to the commitments made when you onboarded them. Here are five things to consider:

FIRST: Make sure your contract (Terms of Service and/or Acceptable Use Policy) is clear about the kind of traffic you will (and will not) accept from them. Tell them that if they do not follow the rules, they will be subject to prompt termination. If they are found sending calls you believe are illegal, they will forfeit confidentiality and their information will be shared with enforcers and industry partners.

SECOND: Vet each customer thoroughly, with additional scrutiny on those from which you will accept auto-dialed traffic. They must be familiar with ALL the applicable regulations and should have a reputable regulatory attorney on retainer. Remember that fraudsters are relentlessly trying to find their way onto the network, and will lie, cheat and steal to do so. Do not give them the benefit of the doubt – make sure any suspicions are allayed before turning on service. Do not give anonymous test accounts to auto-dialers.

THIRD: Place tight real-time controls on their traffic. All calls must have valid caller-ID values, and for auto-dialed calls, each value must be checked against the list of numbers that customer provided and that you verified before turning them on. Each customer must have a calls-per-second limit commensurate with the traffic description they provided to you.

FOURTH: Monitor the traffic moving through your network. Nightly, analyze your CDRs, customer-by-customer. Inspect call durations to ensure that no dialer traffic is being sent by customers that signed up for conversational service. Track call volumes and caller-ID utilization to spot changes indicative of foul play. Verify most-frequent Caller-IDs to identify any that are being misused.

FIFTH: Act promptly and decisively on anything suspicious detected by your monitoring. If you get a traceback notice for an illegal robocall, it means your RMP is NOT adequate. Look beyond just the particular customer involved; adjust your parameters as you continuously learn and improve. Do not leave issues unresolved; insist on specific, deterministic explanations with explicit corrective actions. Fraud callers and customers with sloppy controls cannot be rewarded with on-going forgiveness.

Two specific cautions: (1) Be especially suspicious of foreign sources sending auto-dialed traffic using USA +1 telephone numbers. There are only a very few legitimate scenarios for this; most often, the traffic is completely fraudulent. (2) Callers at home and abroad will tell you they are calling with consent and thus exempt from the rules. Be sure you understand exactly how they are obtaining the consent  and that the volume of calls is consistent with a common-sense analysis of how many people would actually sign up for those calls. Further, remember that certain rules apply even with consent and must be followed in all cases (including, for example, stating the name of the calling entity at the beginning of the call).

Finally: Implementing an RMD is not free; it is now part of the cost of doing business. It may make certain customers unprofitable. It is expected to result in loss of revenue – fraudsters that are today paying to have their calls completed are going to disappear, and that is exactly how it is supposed to work.

A couple of technical notes. If your current switching systems do not have the capabilities required for the real-time monitoring dictated by an effective RMP, you can use the least-cost-routing features to incorporate an external platform or service. The first entry in your route will be to that off-board RMD function. The call will never complete via that route, but it will return an indication that either the call should route advance (if all checks pass), or it should be rejected. Companies like TransNexus have robust capabilities that can check caller-ID’s against allowed values and can monitor call rates.

And if you do not have in-house horsepower to do nightly CDR analysis, cloud servers are available for relatively little money (at Amazon Web Services or Microsoft Azure, as examples). You can upload millions of call records and do sophisticated analysis in a matter of minutes.

Illegal robocalls are a huge problem and stopping them is a big undertaking. But if everybody does their part, it will happen. It must.