The Federal Communications Commission (FCC) has proposed stricter “Know Your Customer” (KYC) requirements for voice service providers as part of a broader effort to stop illegal robocalls before they enter US telecommunications networks.
The proposal would require providers to perform more rigorous identity checks on customers opening or renewing phone services, including many Voice over IP (VoIP) platforms commonly used by businesses and consumers.
The FCC says existing KYC obligations have proven insufficient, with some originating providers allegedly failing to properly vet customers and allowing scammers to exploit their networks for illegal robocalling campaigns.
The FCC has spent years attempting to curb robocalls through measures such as STIR/SHAKEN caller ID authentication frameworks, mandatory call blocking, and traceback coordination with telecom carriers. However, robocalls and phone scams remain one of the most persistent consumer complaints in the United States.
VoIP users to be identified
Although the FCC announcement broadly references “voice service providers,” the proposal primarily impacts originating providers, companies that allow users to place outbound calls onto the public telephone network. This category includes traditional telecom carriers, VoIP providers, SIP trunking services, cloud calling platforms, and business telephony vendors.
For consumers and businesses, this could mean stricter identity verification requirements when signing up for VoIP services such as internet-based business phone systems, virtual numbers, call center platforms, or programmable voice APIs.
Services commonly used by remote workers, startups, customer support operations, and international businesses may need to collect significantly more customer information before accounts are approved or renewed.
The FCC argues that these providers are uniquely positioned to stop abuse because they control the entry point where calls originate. Criminal actors frequently rely on disposable VoIP accounts, spoofed caller IDs, and anonymously registered services to launch robocall and phone fraud campaigns at scale.
The proposed rules are designed to make it more difficult to create anonymous or fraudulent accounts while improving traceability for law enforcement investigations.
Privacy concerns emerge
The proposal raises notable privacy and data protection concerns, particularly for privacy-conscious users who intentionally choose VoIP services that minimize identity collection requirements.
Under the FCC’s proposal, providers are expected to retain sensitive customer data, including government-issued IDs, physical addresses, and secondary contact information. Questions on how long this information would be stored, how securely it would be protected, and whether it could become a target for breaches or surveillance requests are now open.
The FCC has not yet outlined specific data retention periods or cybersecurity requirements tied to the proposed KYC expansion, though these issues are likely to surface during the public comment process.
Beyond stronger verification requirements, the FCC is also seeking comment on implementing per-call penalties for providers that fail to comply with KYC obligations.
The agency says fines linked to the number of illegal calls transmitted through a provider’s network would better reflect the scale of harm caused to consumers.
The FCC is now accepting public comments on the proposal under CG Docket Nos. 17-59 and 02-278.
Leave a Reply