As an outgrowth of the Toll Free Summit in Chicago -- and by "outgrowth" I mean inspired by -- it's become clear that the time has come for a subtle but significant change in toll-free policy. We are calling for toll-free number registration, i.e. customer data that is held and authenticated by a central registry.
Currently, subscriber information is exclusively held by Resporgs – those “responsible organization” that have authority over toll-free numbers in the national toll-free database (SMS/800). Most transfers, commonly know as “ports,” are made on a peer-to-peer basis, that is the new RespOrg submits a transfer request to the old RespOrg and – given a full name and address match – database authority is usually released to the requesting Resporg. There are about 300 such Resporgs including household names like AT&T, MCI, Sprint, Qwest, and others, but many private entities as well.
Public policy requires that customer data be kept confidential, i.e. “unlisted numbers," which means, of course, that these port transactions are done privately and held from public view. In most cases, all parties agree that the authentication is correct. However, this system has clear and alarming vulnerabilities and currently there is no effective way to prevent toll free “hijacking” or to cry foul, once “jacked.”
First, there are actually two essential components to authentication: subscriber name/address and authorized signature. Yet, as a matter of convenience, only name/address match is used by major carriers who are departmentalized and often distanced from their customers. A transfer documents could be signed by “Mickey Mouse,” for all they check.
Next, as a matter of necessity – keeping the phones working – RespOrgs have a Help Desk that facilitates emergency transfers. Here, anyone with a Letter of Authorization – whether from the actual subscriber or not -- can ask their RespOrg to seize control of a number via the Help Desk’s SMS-10 form. The Help Desk has neither name/address nor signature information, so they simply process the emergency transfers and rely on the integrity of the requesting RespOrg. Indeed, they are obligated to process the request.
Transfer paperwork is sent to both the losing and gaining Resporgs under the assumption that someone will object to the action, if necessary. To be fair, many carriers require that requesting party produce a recent bill, but have no way or incentive to confirm that the bill-copy presented is legitimate or authoritative.
In today's world, the only evidence that toll-free number is belongs to you is your bill copy. Without a toll free registry there is no definitive way to assert or demonstrate that you have exclusive rights to a toll free number other than through evidence of use, i.e. a copy of your monthly bill. Yet, this is a faulty premise that assumes that if you get billed you must also have sole authority and the right of exclusive use, and you may not.
Many companies use resellers and call centers that buy toll free services in bulk, so your number appears on their bill. Shared use generates many "bills" for same number. Now, with the move towards on-line billing, the foundation toll free number authority comes with all the insecurity of the Internet. Who hasn't seen fraudulent email from some third world country masquerading as Pay Pal or a major bank, phishing for private information? How hard would it be to phony up an electronic "bill copy?"
Here’s an recent example the current systems vulnerabilities: 1-800-Go-Power was disconnected number stolen twice -- or “hijacked” -- in one weekend. Thieves prey on the weak, so hijacking numbers in a disconnected state carriers less risk as they don’t have to worry about the lines going “dead” and alerting the rightful subscriber. By law, however, disconnected numbers remain under the sole authority of the subscriber, until they actually go spare and are reassigned on a “first come, first basis”
On the Friday before the weekend that 1-800-Go-Power was to go spare, it was stolen by a hapless impostor claiming to be the rightful subscriber. Submitting his own signature along with the actual subscribers name/address to Sprint. MCI mindlessly released the number since the subscriber name/address matched. There is no authentication on signatures by the big carriers, and they rarely dig any deeper unless it’s one of their major accounts. Although Sprint had control, they failed to reactivated the number before the weekend arrived.
Then that Sunday, Mr. Quimby of TollFreeNumbers.com sent a completely fraudulent SMS-10 form directly to the Help Desk – where they don’t check either signature or subscriber name/address – and the number was hijacked into their control. That same night, on behalf of the actual subscriber, 1-800-Go-Power was returned to the MCI via a second Help Desk action on behalf of the legitimate subscriber. This action averted the conversion of the number by this rogue RespOrg, known to hijack toll-free numbers for a fee on almost a nightly basis.
That week, in concert with the rightful subscriber and his authorized RespOrg, MCI, the number was reactivate. It also became clear that neither of these hijackers had any authority over the number. The subscriber had been out of the country and was unaware that the number had even been disconnected.
These same vulnerabilities can be used to convert working numbers to a new subscriber. There’s another well-know thief who submits fraudulent RespOrg port forms in his own company name, address, and signature – and submits the request over and over hoping some hapless employee at the former carrier will “bite” and release the number to his RespOrg. Let’s call it port phishing, because it’s not information he is fishing for but a porting action.
Once released in error, the number begins billing on the thieves account in his name, as that’s how the request was made. The former carrier either stops billing the rightful subscriber, or the their bill is devoid of any traffic and within a few months deemed irrelevant of evidence of use. You would think the carriers would be liable for such negligence, but they're aren't. Negligence is limited under their published tariffs to something like $1,000.00, so don't expect any heroics when it comes to reversing a bad action.
In a more subtle conversion play I’ve only heard about, numbers can be converted to a new carrier but kept working at the former subscribers location for an indefinite period of time – all while billing to the new “owner.” After some time, the hijacker updates the number to ring elsewhere and the rightful, but now former subscriber has no recent bills to prove their authority over the number.
Finally, there are many world-class numbers being shared by multiple parties—often hundreds of parties—each receiving a monthly “bill copy” for local toll free traffic on the number. The vulnerability here is that one affiliate can shut down the entire network. The SMS-10 rules only require that bill copy, “clearly indicates the end-user subscriber,” or that the requesting RespOrg be convinced enough to assert authority.
Early this year, a New England affiliate of 1-800-A-New-You authorized a sales agent to change over their office phones to Verizon, and included their local toll-free number in the request. Convinced from the affiliates website and letterhead that the affiliate had full authority over the number, Verizon used the Help Desk to expedite the transfer. The entire shared network was down for 15 hours before Telesmart convinced the top authority at DSMI (Data Services Management Inc, the group that runs the SMS/800 database) to intervene and restore routing.
Whether through impersonation, highjacking, port phishing, and outright fraud, any number can be converted under the current system. Any nut with the $4.50 and a careless RespOrg can hijack 1-800-Red-Cross, 1-800-Flowers, or 1-800-Verizon and reroute them to a sex line – if only for a little while.
We’re not at all saying that unconfirmed SMS-10 actions via the Help Desk are always dangerous and should be eliminated. As you may recall, it was a Help Desk action that saved 1-800-Go-Power for the rightful subscriber – who was unreachable late on a Sunday night. Rather, we need authentication in a central registry to assure that none of these conversions are possible.
Toll-free registration -- where customer data is held and authenticated by a central registry -- will avert all these bad actions, while ensuring that Help Desk actions are still available for the rightful subscriber. The logical place to manager the registry is the SMS/800 database and Help Desk itself.
I feel strongly that registration should be optional; a feature not imposed on subscribers but, rather, elected by subscriber who deemed their numbers are valuable enough to warrant added security. There is no doubt that 1-800-Flowers, 1-800-Collect, 1-800-I-Fly-SWA, and many others will jump at the chance to protect their numbers from hijackings. Anyone with a shared use program or number entrusted to a call center will see registration as God sent.
Once a central registry is established, existing RespOrgs would simply self-register numbers on behalf of their subscribers. Fields would be updated and the numbers designated under a special code, say ‘RG” for registered. From that point forward, no further peer-to-peer transfers would are allowed, and any Help Desk action would require authentication. All other day-to-day management functions would remain under control of the current RespOrg. Only the transfer update would be restricted.
There are unused name and address fields already in the SMS/800 database originally intended for directory assistance – Listed Name and Listed Address. These fields seem to be the ideal location to display the authoritative customer data.
In addition, existing designations in the SMS/800 database already permit users to block, publish, or list-but-not-publish registrant data. These existing field options could be used to set privacy preferences when it come to public display of the registrant. This information would be visible to the current RespOrg and the Help Desk, but could be updated only if the Help Desk authenticates the rightful subscriber.
As many of you know, the SMS/800 database and Help Desk are run as a non-profit service. This arrangement affords the possibility to fund additional programming and policy updates with the cost shared across all subscribers, should that be necessary.
I strongly believe that we need to decouple authentication from the quantity of numbers transferred at any one time, and thus the cost. Currently, an SMS-10 Help Desk action costs around $4.50 per number. At those rates if West Communication were to transfer its 60,000 or some odd numbers from one carrier to another via the Help Desk, it would cost over a quarter million dollars!
Yet, unlike an SMS-10 action, the only human interaction involved is authentication. The transfers themselves can be batched and done for the nominal batch fee, or for free by the current RespOrg – so long as they’re cleared by the Help Desk. Authentication would be charge in the $20-30 range.
In concert, authenticated end user ID’s might be created– that include a signature card and email verification. Registered toll-free numbers could then be tagged with an associated ID; data would automatically populate the Listed Name and Listed Address fields from a central registry, and set a default privacy selection.
Privacy setting could then be customized on a number-by-number basis, at the subscriber’s direction. Regardless of published data, there needs to be complete list of all registered toll-free number available for public look-up and to validate authority.
There are other issues, of course, that need to be resolved by the various stakeholders. Not the least of which is potential for fraudulent or contested registrations. Disputes could be first addressed by a panel of toll-free professionals, as are domain disputes today, leaving the courts as a venue of last resort.
There’s been a lot of talk over the years about creating property rights in toll-free numbers. Yet, is this beneficial or even desirable? With “property rights,” comes taxes and assessments; not just federal, but county, city, state, use, and even death taxes! Besides, according to the FCC it would take an act of Congress to declare toll-free numbers as actual “property.”
It’s essential to recognize that Internet Domains are not considered “property,” yet the Whois database serves to validate authority of the rightful subscriber and to express claims of a financier, should you take out a business loan. It is my belief that a central registry would serve the same purpose for toll free numbers without exposing users to the unwelcomed burden of taxes.
Unlike Internet Domains, we have the good fortune of having a not-for-profit database management that can be held to a higher standard then the self-serving, for-profit registries that control Internet Domains. Registration adds the essential benefits of “property rights” -- the security that your toll free number will endure most any act of 3rd party negligence, conversion, or fraud -- without the tax burdens and at essentially no additional cost.
A central registry for toll-free numbers may actually be an improvement over Domain security. While security has improved for Internet addressing, most top-level domains remain subject to peer-to-peer transfers and, therefore, hijackings can occur at the Registrar level.
Most essential, toll free registration benefits both the small and major powers in the toll-free world, so why would anyone object to this vital system enhancement? Those that may, can simply opt-out.