Convoso
Customer LoginSchedule a demo
News - Compliance

    FCC Proposes Closing Non-IP Caller ID Authentication Gap in Fight Against Robocalls

    Convoso
    3 min. read

    In its latest move to combat the scourge of illegal robocalls, the Federal Communications Commission (FCC) has released a Notice of Proposed Rulemaking (NPRM) aimed at closing a critical vulnerability in caller ID authentication. The new proposal targets calls transmitted over non-Internet Protocol (non-IP) networks — a known loophole exploited by fraudsters to spoof caller IDs and evade detection.

    The STIR/SHAKEN framework, mandated by Congress through the TRACED Act, has helped verify caller identity on IP-based voice networks by allowing providers to authenticate calls and block spoofed numbers. However, STIR/SHAKEN only works on IP networks. When calls traverse legacy non-IP networks, which are still widely used by many service providers, the authentication data can be stripped, opening the door for bad actors to spoof numbers and carry out fraud undetected.

    The FCC estimates that illegal robocalls cost the U.S. economy $13.5 billion annually, with individual scam victims losing hundreds or even thousands of dollars per call. Americans, on average, receive up to 28 robocalls a month.

    What the proposal would do

    To close this gap, the FCC is proposing several key actions:

    • Set Evaluation Standards: Establish clear criteria to assess whether non-IP caller ID authentication frameworks are “developed, reasonably available, and effective” under the TRACED Act.

    • Certify Standards: Conclude that two existing standards — In-Band Authentication and Out-of-Band Multiple STI-CPS Authentication — meet the TRACED Act requirements. A third standard, Out-of-Band Agreed STI-CPS Authentication, will be reviewed through public comment.

    • End the Extension for Non-IP Networks: Repeal the current exemption that allows providers using non-IP technology to avoid caller ID authentication mandates.

    • Mandate Compliance: Require all voice service providers, including gateway and intermediate carriers, to implement non-IP caller ID authentication in their legacy systems.

    • Enforce a Two-Year Deadline: Providers would have 24 months from the effective date of the new rules to implement compliant frameworks or complete their transition to IP networks.

    The FCC is also proposing updates to its Robocall Mitigation Database, requiring providers to certify their implementation of these frameworks as part of their anti-robocall obligations.

    Scheduled for commission vote on April 25

    The NPRM is scheduled for consideration at the FCC’s open meeting on April 25, 2025. At that time, the Commission will vote on whether to formally adopt the proposed rulemaking. If adopted, the rule will move into a public comment phase before a final ruling is issued.

    Industry impact and the road ahead

    While many telecom companies have begun transitioning to IP networks, non-IP infrastructure remains in use, particularly in rural areas and by smaller providers. The Commission notes that several solutions to authenticate calls over non-IP networks are already commercially available and in use by some providers, indicating readiness for broader adoption.

    The FCC emphasizes that full IP migration remains the ultimate goal. However, until that transition is complete, enforcing caller ID authentication over non-IP networks is essential to preserve the integrity of the STIR/SHAKEN system and restore consumer trust in voice communications.

    Public comment invited

    The proposed rules are subject to a public comment period, and stakeholders are encouraged to submit their views through the FCC’s Electronic Comment Filing System (https://www.fcc.gov/ecfs) under WC Docket No. 17-97. Comments are due 30 days after the proposal is published in the Federal Register, with reply comments due 60 days after publication.

    Get a recap of the latest contact center compliance news delivered monthly to your inbox. Subscribe here>

    DISCLAIMER: The information on this page and related links is provided for general education purposes only and is not legal advice. Convoso does not guarantee the accuracy or appropriateness of this information to your situation. You are solely responsible for using Convoso’s services in a legally compliant way and should consult your legal counsel for compliance advice. Any quotes are solely the views of the quoted person and do not necessarily reflect the views or opinions of Convoso.

    Schedule a demo

    Supercharge your sales with our AI-powered contact center platform.

    4x your contact rates today!