Prevent Pretexting using FCC's recent changes to CPNI laws.
The FCC has recently made several changes to CPNI (Customer Proprietary Network Information) law. As a communications company we have to be able to authenticate a customers identity before releasing any information on a customers account. Telecommunication companies are obligated to be able to report every event a customer gains access to an accoun (including identity verification procedure). We are able to authenticate a customer using a pre-established password, secret question, or a State issued identification. We will also need to be able to add indevidual names to the account that are authorized to access the account. Each of which will need to be able to have their own password to the account. Each CPNI event would need to be logged in a customers account. In every log we will need a time stamp, the CSR who authenticated the customer, the authorized customers name, and how they authenticated their Identification (Received Photo ID, They gave password, provided answer to secret question, Internal Company Use, and CALEA Officer Authorization). We would need to beable to notify a username/usergroup in citrus if a certain type of authentication is used. For example if the customer used their security question, we are required to notify the account holder that their account was accessed using their security answer.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- New
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
The new FCC proposal to apply section 222 to internet service providers may make this more relevant to more users of citrus. The internal system does track access to an account and the log activity function could be updated to track CPNI events better as well. The online account access will also need to be updated to track access to the account online via the same CPNI event tracking.