Free Guide for Telco KYC

The problem of ‘garbage in, garbage out’ (GIGO) was identified during the earliest days of computer science. The concept has never fallen out of use because there is always a temptation to pump worthless garbage into computerized systems in the insane hope that the system will magically produce something of value. Engineers can become so focused on the sophisticated machines they build that they ignore the absence of anyone willing to do the hard work required to operate those machines properly. One of the most stunning current examples of GIGO centers on the overoptimistic promises made for systems that supposedly ‘authenticate’ where a call or message comes from. Regulators have mandated billions of dollars of expenditure on systems that can pass a digital signature along the same route as a phone call but they have not asked for a single additional penny to be spent on ensuring the signature was correctly applied in the first place. This absurdity is analogous to passing a law that demands a signature be collected from every customer who originates a call but without anyone stipulating how to check if the name on the signature is consistent with the name of the customer. Why should we be surprised that crooks have been metaphorically signing their calls as A.N. Other and Mickey Mouse?

The good news is that one business has stepped up and explained how Know Your Customer (KYC) checks should be performed by comms providers. Numeracle has published a document entitled “Model Standards for Know Your Customer” which anyone can obtain free of charge. The contents draw upon the knowledge acquired by Numeracle through working with comms providers and other businesses to restore confidence in the communications ecosystem, and in particular the experience of their Vice President of Trust Solutions, Sarah Delphey. Sarah was responsible for fighting fraud at Bandwidth before she joined Numeracle, so she knows plenty about knowing her customers. Numeracle’s guide fills a critical gap in the anti-robocall strategy adopted by the US comms regulator, the Federal Communications Commission (FCC), which is why both a PDF version of the guide and a covering letter can be downloaded from the FCC’s website. But if you were hoping to simply copy-paste chunks of the guide into your own company’s KYC policy then you would likely prefer to have it as a Word document. Numeracle has generously made a Word version of their KYC guide available for download from their website, so you might pretend to have written it all yourself, though you will need to register to obtain it.

Following Numeracle’s advice is not mandatory but somebody has to start a conversation that will lead to the agreement of common standards for KYC. Otherwise the crooks will keep pretending to be people they are not, with the assistance of comms providers that knowingly choose to know nothing about their customers. The formulation of KYC standards should have begun years before the implementation of technologies like STIR/SHAKEN. It says a lot about the flaws of regulators that they want praise for repeating the sales propaganda of vendors but then spend years ignoring the absence of processes that should have been a pre-condition to implementing the vendors’ technology. It is to the credit of Numeracle that they volunteered to begin the work that a wise and conscientious regulator would have completed already. If good comms providers also volunteer to follow a sensible common KYC standard like that offered by Numeracle then eventually the regulators will impose those KYC standards on the other comms providers who abet crime.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.