July 20, 2022

FCC’s R&O on Gateway Providers Originating Foreign-Based Robocalls

In recent years, the Federal Communications Commission (FCC) committed to eradicating robocalls, call spoofing, and call scams, has doubled down on enforcement. Eliminating misleading, fake, and fraudulent calls reaching American citizens is one of the FCC’s highest priorities. This year, the FCC added to its list of already stringent rules, regulations, and guidelines for the telecommunications industry and gateway providers.

New Regulations for Gateway Providers

The FCC released a “Report and Order” (R&O) in May 2022 proposing new regulations for gateway providers. This order took effect on June 30, 2022, providing additional regulations gateway providers must follow in efforts to curb — and eventually eliminate — robocalls.

The FCC also provided an FNPRM, or Further Notice of Proposed Rulemaking. The FNPRM looks to solicit comments regarding additional means of addressing robocalls — specifically illegal robocalls.

In addition to the FNPRM, the FCC offered an Order of Reconsideration, expanding the prohibition of call acceptance from any provider not currently listed in the RMD, or Robocall Mitigation Database. This expansion will include any calls originating from non-U.S. intermediate providers.

As the FCC explains in a recent news release, these new regulations are an effort to put a portion of the compliance responsibility on the shoulders of gateway providers. These smaller companies route calls through subsequent networks and are often the paths that scammers use to help disguise a call’s country of origin.

Fraudulent callers choose to make robocalls from outside the United States because it hinders prosecution efforts. It’s not easy for U.S. law enforcement officials to track telecommunications criminals in other countries. Even when tracing efforts are successful, extraditing the fraudulent actors proves time-consuming, complicated, and, ultimately, fruitless.

What Are Some Tell-Tale Signs of a Robocall Scam?

While fraudulent callers are quite resourceful and creative with multiple methods for gaining trust, there are a few signals that give these criminals away, such as:

They’re Not Polite

You’d think someone wanting to gain a called party’s trust would be overly polite. This isn’t the case. In fact, they have an air of impatience. If the called party doesn’t follow along, the scammer uses threats of legal or police action.

Believe it or not, they know exactly what they’re doing. Human psychology illustrates that a person makes poorer decisions when in a state of fear.

They Won’t Disclose Who They Are

When making fraudulent phone calls, scammers never give away their personal identities. They may provide a name, but it’ll be a common name, such as David or John.

They Emphasize Time

A scam caller will place a recognizable emphasis on immediacy. They stress the importance of now. Phrases like, “You must act today, or …” are a dead giveaway. If the called party doesn’t have the time to question the caller or the reason for calling, the scammer has a higher likelihood of tricking them.

The scariest part is these scammers found a way to hide their foreign phone numbers using such scams as call spoofing.

Where Do Most Robocalls Come From?

The majority of robocalls come from outside the United States. This makes prosecution much more difficult for several reasons. According to YouMail, the countries originating the most robocalls are:

  • India
  • The Philippines
  • Mexico
  • Costa Rica
  • Guatemala

Robocalls from overseas require a “Gateway Provider” to connect to phones in the United States. The FCC noted in its statement that over 65% of providers that transmitted illegal robocalls in 2021 were either a gateway network, not based in the United States, or both.

Why Are Gateway Providers Important?

A gateway provider is typically a smaller company that facilitates calls between networks. These gateways connect calls from networks outside the U.S. to ones within the U.S. While they serve an important purpose in telecom, such as family members living in a different country calling their family members in the United States — but these gateways are often the point of exploitation for robocallers.

The FCC’s new regulations mean gateway providers must follow established procedures to accurately identify the identities of networks and callers, as well as authenticate the identities of the gateways and networks the calls are forwarded from. Gateways are the critical link in the robocall chain and the most apropos place to attempt weeding out fraudulent robocalls.

The FCC has previously announced that gateway providers must adopt STIR/SHAKEN protocols and the requisite technology to provide more accurate information on call origination from their traffic. If a gateway provider is found non-compliant, the FCC can remove the gateway from the RMD, making its blocking mandatory for other providers in the network.

What Does the R&O Mean for Gateway Providers?

In addition to adopting STIR/SHAKEN technology and associated protocols, gateways must block traffic that the FCC reports as illegal. The R&O expands RMD rules and requires gateways to employ several actions.

The new R&O effectively adds the following requirements to the already extensive regulations following STIR/SHAKEN:

  • The FCC will provide notice that certain call traffic is considered potentially illegal. At that time, the gateway must block said calls.  Any gateways downstream are also expected to block the designated calls.
  • The gateway is responsible for creating and maintaining a Do-Not-Originate list and must block all calls from that list that attempt to route through its gateway.
  • Begin providing call authentication according to STIR/SHAKEN framework to all unauthenticated foreign-originated SIP calls using U.S. phone numbers to mask a call’s country of origin.
  • Respond to any requests for call tracing in 24 hours or less.
  • Implement mitigation efforts to ensure foreign gateways immediately upstream cannot use the provider’s gateway to route robocalls.
  • These steps must immediately begin, within reason, regardless of the gateway’s STIR/SHAKEN implementation status.

The FCC has fought against unsolicited and illegal robocalling for decades, and it’s also the main focus of consumer complaints. Doing your part begins with monitoring your phone numbers for spoofing and maintaining an excellent caller ID reputation.