Prevent Pretexting using FCC's recent changes to CPNI laws.

Registered by John Hurst on 2009-09-17

The FCC has recently made several changes to CPNI (Customer Proprietary Network Information) law. As a communications company we have to be able to authenticate a customers identity before releasing any information on a customers account. Telecommunication companies are obligated to be able to report every event a customer gains access to an accoun (including identity verification procedure). We are able to authenticate a customer using a pre-established password, secret question, or a State issued identification. We will also need to be able to add indevidual names to the account that are authorized to access the account. Each of which will need to be able to have their own password to the account. Each CPNI event would need to be logged in a customers account. In every log we will need a time stamp, the CSR who authenticated the customer, the authorized customers name, and how they authenticated their Identification (Received Photo ID, They gave password, provided answer to secret question, Internal Company Use, and CALEA Officer Authorization). We would need to beable to notify a username/usergroup in citrus if a certain type of authentication is used. For example if the customer used their security question, we are required to notify the account holder that their account was accessed using their security answer.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

The new FCC proposal to apply section 222 to internet service providers may make this more relevant to more users of citrus. The internal system does track access to an account and the log activity function could be updated to track CPNI events better as well. The online account access will also need to be updated to track access to the account online via the same CPNI event tracking.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.