Sign in Subscribe
Office Hours Featured

The FCC is making a list, and checking it twice

The FCC is making a list, And checking it twice; Gonna find out Who's naughty and nice. The FCC is coming to town

Patrick at Call Theory

4 min read
The FCC is making a list, and checking it twice
Photo by The Chaffins / Unsplash

Enjoy the time with your friends and family for whatever celebrations you are having this month and next. Here's what to expect in this edition:

  • FCC Robocall Mitigation Database (RMD) orders
  • We're bringing Call Center Village to NAEO 2025 in Fort Meyers
  • Call Theory Billing: Auditable and deterministic processing

Reminder: Office Hours & Scripting Sessions

We are having our training and help sessions as normal this week!

Enjoy your holidays. We're here if you need us.

FCC RMD Orders

The FCC Enforcement Bureau sent orders to 2,411 companies to address their Robocall Mitigation Database (RMD) deficiencies or risk having their certificates removed.

As expressly included in the order's introduction:

Removal of a Company’s certification from the RMD would require all intermediate providers and voice service providers to cease accepting all calls directly from the Company.

The risk is clear: fix it, or stop being a voice provider.

I highly recommend you take a look directly at the order (linked below as a PDF which includes all of the companies in a table) and use Ctrl+F to search for your provider(s). There are at least two voice service providers that I've seen working with the greater NAEO industry that are on this list.

https://docs.fcc.gov/public/attachments/DA-24-1235A1.pdf

If your provider is on the list, you should ensure they fix their RMD filings or start looking for a new provider.

I believe regulatory climate in the United States is unclear at the moment, so it's not entirely impossible for this order to be rescinded or changed to avoid any real impact. That's part of the risk assessment, but not one I would dismiss.

For the long-term health of the public switched telephone network (PSTN) – I hope it's enforced. Otherwise, nobody is going to answer their phones (it's already happening with younger generations) and an industry built on people answering their phones will have distinct disadvantages in the market.

Call Center Village at NAEO 2025

www.callcentervillage.com

Call Theory is returning to the 2025 NAEO Annual Conference to showcase Call Center Village, a hands-on security challenge that combines many common CTF (Capture The Flag) concepts with the software and processes used by call centers – in this case, Amtelco software.

Each Call Center Village is customized to the community it's taking place at, allowing for a high-degree of familiarity with the given software and processes for those who wish to learn security.

We're combining a multitude of security-related challenges that have escalating difficulty and community-wide progression into a learning experience and training grounds. More specific details will be announced as we make additional progress - we are doing a talk at a local security meetup to showcase the topics, and we have scheduled a test-run in January before going live at NAEO 2025.

Bring your technical oriented staff to conference. All skill levels will gain valuable insight into security concepts, tools, and processes they can use to ensure your work environment is that much safer.

Topics include OSINT, social engineering, non-destructive physical bypass, websites, APIs, and even the service/client software used in your call center.

Any issues found during reviews are disclosed to the vendor, in this case, Amtelco. Participants will also be asked to responsibly disclose any newly discovered issues found during the village's operations.

We'll also be participating in a cyber-security vendor panel so make sure you stop by that for some of my favorite unhinged security takes!

P.S., I'm looking for a couple of customers/volunteers who will be at conference, and you want to test your call centers social engineering resilience. Email support@calltheory.com if you're interested in more information.

Call Theory Billing

We've got only about 100 or so more formulas to model and assign properties to. We're hoping to generate our first useful file in January and have things robustly tested by the time NAEO 2025 conference rolls around.

We'll keep you updated here as is (mostly) usual.

But while we wait for the rest of the formulas, I wanted to talk a little bit about two key points that I want to ensure we build into Call Theory Billing.

  1. Auditable - The generated data must be verifiable from both a high-level view and when looking at individual records.
  2. Deterministic - The same data input should always generate the same data output.

Generating auditable data is easier said than done, because we have to be able to compare it against a source of truth in order to find out if it's correct. In this case, we're likely going to have to ingest the default Amtelco report so we can then compare it against the generated data.

We need controls at a high-level to identify potential outliers, but we also need to be able to zoom-in so we can effectively check, exclude, or otherwise manage those outliers directly.

From a UI perspective, I'd like to make this as visual as possible so we aren't always "in the weeds" digging through log files. I'm envisioning a clickable graph/map of the statistics and accounts that goes into a more detailed spreadsheet view of individual records when clicking in to it.

Deterministic generation is a little bit easier. These are numbers after all, so anything we create from a formula perspective can be tested using normal software development testing procedures.

While it might take a few iterations, it should otherwise be fairly straightforward to test that our rules apply as expected to our formulas. We need this so that if data changes (think of an MDR Check sync adding records to your billing database after you initially generated a file) we can quickly and easily generate a replacement file with the new data.

From an architectural approach, we're planning on having the following components:

  1. The generated stats file with our formulas applied (.csv)
  2. The Amtelco generated stats file as the source of truth (.csv)
  3. A configuration file that represents the formulas for each account (.json)

These files will allow the process to be easily portable, and will form the basis for future UI and database work as we move beyond the billing file generation into a full-fledged billing package for call centers.

Please yell if you have any feedback on auditing in relationship to billing. We'd love some more eyes and ears in the mix!