Numeracle, Inc. (“Numeracle”) respectfully submits these comments in response to theCommission’s Further Notice of Proposed Rulemaking (“FNPRM”)1 concerning caller identification and authentication. While the Commission has made incremental progress through STIR/SHAKEN and related initiatives, the current framework still fails to deliver the single most important piece of information consumers need when deciding whether to answer a call: reliable, verified caller identity.
In the TRACED Act, Congress required the Commission to develop “best practices … to ensure the calling party is accurately identified.”2 The Commission issued best practices,3 which have not helped to deliver consistent, accurate identification information. It’s time for the Commission to act decisively with rules and requirements, not just best practices. The Commission appears poised to do so, but it must be done right in a way that instills trust and does not provide easy bypasses. The technologies are ready. Industry just needs a regulatory nudge to get this done.
The current marketplace for caller identity display remains fragmented, inconsistent, and insecure. Consumers receive conflicting and unreliable call displays, lawful callers are mislabeled, and bad actors continue to exploit weak links. These failures are less technological than they are structural and economic. The Commission’s proposal to require caller identification display based on A-level attestation risks making matters worse. A-level attestation is not an identity verification mechanism; it is merely a representation of a provider’s relationship to a telephone number. Mandating display without a trust framework would either force terminating providers to display unverified information or incentivize them to disable attestation indicators entirely. Neither outcome advances consumer protection.
At the same time, the Commission must acknowledge that terminating carriers now control identity display and frequently monetize the process. Branded calling has become fragmented and priced far above cost, treating trust as a premium product rather than a baseline function.
Importantly, the market has already produced secure, technically superior interoperable solutions capable of delivering verified caller identity at scale, including trust-anchored out-of-band solutions as well as standards-based Rich Call Data overlaid on STIR/SHAKEN. These approaches share a core feature: identity is vetted, verified, and governed—not self-asserted. They stand in sharp contrast to legacy mechanisms such as CNAM, which is unauthenticated, inconsistent, and fundamentally incompatible with modern trust requirements.
The Commission need not select or endorse a specific vendor to move forward. Instead, it should define outcome-based criteria for trustworthy identity delivery, which Numeracle has defined as the three pillars: 1) verify the identity of the originator of a communication; 2) transmit that identity securely through the network; and 3) display that identity to the recipient of the communication. The Commission should either evaluate solutions itself or empower a neutral third party to do so to ensure these three pillars are satisfied. Any solution meeting these three criteria should be permitted to participate, preserving competition while preventing insecure or opportunistic implementations. This principles-based approach avoids vendor advocacy concerns while ensuring that only genuinely trustworthy identity frameworks trigger display obligations.
We strongly support the Commission’s goal of displaying verified caller identity information to the called party. Based on our experience, however, we caution that mandating call display without robust verification and security processes is likely to lead to additional consumer confusion and cause harm rather than increase confidence in the displayed information. If unscrupulous callers can find the weak links to get inaccurate caller identity information displayed on consumers’ phones, the work the industry has done for delivery of accurate and verified caller identity information to consumers is compromised. For example, a bank should be able to get its verified caller identity displayed to the called party with an indication it has been verified, and no other caller should be able to get the same or similar display using a less secure method or a method with lower verification standards. We have already seen that A-level attestation is not a reliable indicator of trust or identity. A lack of KYC standards and lax enforcement of KYC standards has led us here. Relying on the same process that contributed to the attestation problem to now validate identity and create verified caller identity claims would merely perpetuate the same low-level of assurance.
The Commission’s leadership in advancing STIR/SHAKEN has established a critical trust foundation for authenticated voice communications. Building upon that foundation, the industry has developed solutions that securely transmit verified caller identity information, such as CTIA’s Branded Calling ID. The Commission should endorse these market-led initiatives rather than mandate display or use of name data from untrusted, unauthenticated sources. The Commission’s proposed rules lack a trust system to ensure that only accurate, verified information is displayed on the screen of the called party. Instead, the Commission should endorse—directly or indirectly—trust-anchored identity solutions and only mandate caller identification information display that is carried by one of these trust-anchored identity solutions.
The Commission’s proposed rule would require the display of verified caller identity information whenever the terminating voice service provider (“TSP”) displays “an indication that the call has received an A-level attestation.”4 If the proposed rule goes into effect, TSPs would be obligated to either: 1) display caller identification information regardless of its accuracy or trustworthiness; or 2) cease altogether displaying an indication that the call has received an A-level attestation. Neither of these inevitable responses advances the Commission’s consumer protection goals.
The Commission should reject the implicit assumption underlying its proposal that originating carriers can be trusted, by default, to provide accurate identity information simply because they originate the call. The Commission has indicated that it intends to flesh out its vague know your customer (“KYC”) requirements.5 Identity display and KYC must be implemented hand in glove.
Even if the Commission develops and enforces specific KYC practices, originating service providers still cannot be trusted as the entity to carry out those KYC practices because of a fundamental conflict of interest as those entities are financially incentivized to originate the calls. Originating carriers are compensated based on traffic volume, not traffic integrity. In many cases, they have limited visibility into end-user intent, business legitimacy, or use-case context. Asking consumers and terminating carriers to trust originating assertions—without independent verification or accountability—undermines the very purpose of authentication. A system that depends on trust without verification is not authentication; it is self-assertion.
The financial industry does not tolerate self-assertions of identity and rights. I cannot walk into a bank and say “I’m Brendan Carr. I’d like to withdraw $10,000 from my account. I don’t recall the account number, but you can look it up. And I forgot my drivers license. Trust me.”Financial institutions require verified identity. Accordingly, the financial industry has taken the lead in addressing this problem—partially due to government regulation coming out of the 2008 financial crisis, partially because it was in their financial self-interest to do so, and partially because it’s the right thing to do for their customers. We tolerate the minor inconvenience of proving identity in exchange for financial security. We should expect no less from our telecommunications ecosystem.
The Commission’s approach to date has been inverted. Rather than ensuring that accurate identity information is reliably transmitted and delivered, the ecosystem has focused on downstream call labeling, blocking, and monetization of uncertainty. As a result, consumers receive a hodgepodge of inconsistent, opaque, and often incorrect information—while lawful callers are mischaracterized, and bad actors continue to exploit structural gaps. This is not a technological failure; it is a market and regulatory failure. The technology to fix this problem exists today. What is missing is a clear regulatory requirement that verified caller identity must be delivered—and accountability for failure to do so. But first, we provide background on the current state of identity delivery for telephone calls in the United States.
When Alexander Graham Bell shouted, “Mr. Watson—come here—I want to see you,” Bell’s identity was never in doubt; there were only two telephones on the network. The need for identity delivery was born the moment a third phone joined the network. In the 150 years since that first call, we have built a global web of billions of telephones, yet our progress in verifying who is on the other end has remained remarkably stagnant.
The current branded calling marketplace was begun by visionaries such as First Orion, Transaction Network Services, and Hiya in response to industry demand for an identity solution better than CNAM. Despite good intentions, today’s marketplace consists of incompatible technical approaches, inconsistent dialing and call origination requirements, and uneven security and verification standards that vary not only across originating providers, but across terminating networks. Terminating carriers are left to choose a winner (or winners) for branded calls it trusts. This leaves the very businesses needing verified identities to navigate multiple solutions to reach all terminating carriers. This is backwards.
Businesses seeking to deploy branded calling face a patchwork of inconsistent requirements that differ by provider and by terminating carrier. As a result, the same enterprise caller may appear branded on one terminating network, unbranded on another, and mislabeled or blocked entirely on a third—despite placing identical calls using the same underlying network infrastructure. Different products are only available to certain terminating carriers, and carrier imposed resale limitations inhibit the ability for one-stop shopping for secure display across the major terminating carriers. This inconsistency erodes caller confidence, frustrates enterprises attempting to comply in good faith, and confuses both callers and consumers who reasonably expect identity displays to be reliable and uniform.
There is no uniform security or verification baseline governing branded calling. Some providers rely on minimal validation of a caller’s asserted identity, while others impose more rigorous but opaque processes. Critically, these standards are not interoperable, and there is no shared trust framework that allows identity assertions made in one ecosystem to be recognized or validated in another.6
This lack of uniformity creates several problems:
Absent baseline identity standards, such as consistent KYC and ongoing monitoring obligations, the presence of branding does not reliably correlate with a call’s legitimacy, frustrating the Commission’s consumer-protection objectives.
Because branding is ultimately displayed (or suppressed) by terminating carriers, the marketplace is structurally imbalanced. Originating parties and callers bear the cost and compliance burden, while terminating networks exercise unilateral discretion over whether and how identity is presented and the charges to do so.
This dynamic:
In effect, the party least responsible for originating identity quality exerts the greatest control over its display. Right now, verified caller information through RCD under CTIA’s BCID framework is reaching all terminating carriers—wireless, MVNO, cable, POTS, and other types of wireline voice services. Only T-Mobile and Verizon Wireless are displaying the information. For the rest, the verified information is ignored.
The cumulative effect of inconsistent requirements, divergent security standards, incompatible systems, and termination-side control is a branded calling marketplace that cannot scale reliably or equitably. Enterprises struggle to achieve consistent outcomes, and consumers receive mixed, unreliable signals. Without Commission action to promote interoperability, baseline standards, and neutral trust frameworks, this fragmentation will persist.
For decades, Calling Name Delivery (“CNAM”) has been a foundational element of caller identification in the United States. Originally designed for a circuit-switched environment, CNAM was never intended to serve as a trust signal, a consumer protection mechanism, or a proxy for caller legitimacy. Yet over time, it has been pressed into all three roles—all of which it is fundamentally incapable of fulfilling. As the Commission considers how to modernize caller identity in an IP-based, globally interconnected voice ecosystem, it is increasingly clear that CNAM is not merely inadequate, but actively harmful to the Commission’s consumer protection objectives. CNAM must therefore be retired, not preserved or incrementally reformed.
CNAM emerged in an era of local exchange monopolies, static telephone numbers, and closed signaling networks. Critically, CNAM was never designed to be authenticated or cryptographically protected. Instead, it relies on loosely governed databases, query-based lookups, and provider-specific provisioning practices that vary widely across the industry.
In today’s IP-based environment, where calls routinely traverse multiple networks, CNAM’s architectural assumptions simply no longer hold. The modern voice ecosystem demands end-to-end integrity and accountability. CNAM provides neither of these. It is an unauthenticated text label that can be inserted, altered, or misrepresented with ease and no enforcement.
Perhaps the most compelling reason CNAM must be retired is that it is structurally incapable of being trusted. There is no uniform standard governing how CNAM values are selected, validated, or updated. Some providers require documentation; others allow customers to self-assign names; still others auto-populate CNAM fields based on billing records. As a result, the same telephone number can—and often does—return different CNAM values depending on which terminating provider performs the lookup.
This inconsistency is not a bug; it is a feature of CNAM’s design. CNAM was never intended to serve as a reliable identity signal, and no amount of incremental tightening can transform it into one. Attempts to reform CNAM merely obscure the underlying flaw: CNAM has no verifiable relationship to the actual caller.
The industry has invested significant resources to deploy STIR/SHAKEN as the foundation for call authentication. That framework is based on cryptographic signatures, certificate governance, and attestation levels that reflect a provider’s relationship to the calling party and telephone number. RCD expands on this foundation. CNAM, by contrast, operates entirely outside this trust architecture.
The coexistence of STIR/SHAKEN and CNAM creates a false sense of confidence for consumers. A call may carry an A-level attestation with a green checkmark—indicating strong confidence in the caller’s right to use the number—while simultaneously displaying a CNAM value that is unverified, misleading, or outright fraudulent. From a consumer perspective, these signals are indistinguishable and often contradictory.
Rather than complementing STIR/SHAKEN, CNAM actively dilutes its value. It injects an unauthenticated identity element into an otherwise authenticated call flow, creating ambiguity where clarity is needed. Continuing to rely on CNAM as a consumer-facing identity mechanism risks entrenching confusion precisely at the moment when the industry is finally capable of delivering verifiable caller identity.
The Commission should therefore take the affirmative step of de-emphasizing and ultimately retiring CNAM as a regulatory artifact and identity mechanism. This does not require an abrupt shutdown of legacy systems, but it does require a clear policy signal: CNAM should no longer be treated as a valid or sufficient source of caller identity, and during the transition period, consumer displays should clearly reflect when a caller identity is verified and when it is not.
In its place, the Commission should encourage and facilitate the transition to verifiable, standards-based identity frameworks that are cryptographically bound to call authentication, governed by transparent rules, and capable of scaling across modern IP networks. These frameworks can provide meaningful accountability and restore consumer trust in voice communications—outcomes CNAM was never designed to achieve. Preserving CNAM risks perpetuating confusion, enabling abuse, and undermining the very reforms the Commission seeks to advance. If the goal is real, reliable caller identity, then the conclusion is unavoidable: CNAM must die so that something better can finally take its place.
Two distinct but compatible mechanisms have emerged in the marketplace for the secure, verifiable transmission of trusted caller identity information to TSPs:
While architecturally distinct, both approaches confirm that the market has already produced viable solutions capable of delivering verified caller identity at scale—without requiring new protocols or Commission selection of one specific provider or technology.
Numeracle has been advocating for robust KYC standards and secure verified identity delivery since 2018.7 Numeracle has been pushing for this all the while regulators and the industry tried to solve the robocall and associated fraud problems with after-the-fact analytic determination as to whether a call is legal or illegal, good or bad, wanted or unwanted.
Numeracle is relieved that industry, the Commission, and the world are recognizing that the foundation of fighting telecom fraud must be knowing with certainty who is originating the communication.8
Numeracle urges the Commission to reorient its approach around a simple principle:verified and authenticated identity must come first. Calling party identity should not be treated asa luxury add-on; it should be a baseline feature of modern voice service. Identity verification should occur prior to onboarding and be reaffirmed through periodic renewal and monitoring. Branded calling must not remain a premium product available only to well-capitalized telemarketers calculating return on investment on each outbound call, while consumers and other legitimate callers are left with uncertainty. The core of branded calling must be identity verification, and not just pretty logos and call reasons. The public interest is not served by a model in which trust is optional and priced at a premium. Consumers should be able to know who is calling them—consistently, reliably, and by default—because verified calling identity must be a foundational element of the network.
Industry stakeholders will likely argue in response to this FNPRM that no regulatory action is necessary—that market forces, voluntary standards, and bilateral agreements will eventually resolve the issues the Commission has identified. Experience shows otherwise. For more than a decade, progress has been incremental, fragmented, and largely reactive, driven by enforcement actions or discrete mandates rather than sustained, coordinated implementation. Absent clear Commission direction, incentives remain misaligned: bad actors externalize harm, intermediaries avoid costs, and good-faith participants are left to compete against those who do nothing. History demonstrates that meaningful advances in this space, such as STIR/SHAKEN and robocall mitigation obligations, have occurred when the Commission established clear rules. Without continued government leadership to set minimum requirements and align incentives, the industry will not “figure it out” on its own, and consumers will continue to bear the cost of inaction.
To accelerate deployment and promote consumer confidence, the Commission should:
Ultimately, the Commission’s goal should be that verified caller identification is displayed to the called party regardless of whether the caller is a business, government entity, or individual10 and that unverified information is not presented.
To avoid misunderstanding, Numeracle emphasizes that the approach described herein does not propose the following:
In short, Numeracle urges the Commission to require trustworthy identity delivery as a baseline network function, not to dictate business models, technical architectures, or commercial outcomes beyond what is necessary to restore confidence in caller identification.
The market has already created secure, standards-based systems that can fulfill the Commission’s goals for trusted caller identification. The Commission’s role at this juncture should be to endorse these trust-anchored approaches (and others that may emerge) and to prevent the use or display of identity information derived from sources lacking verifiable trust foundations.
The Commission has an opportunity in this FNPRM to correct course. The tools exist. The market is ready. What is required now is regulatory clarity that prioritizes verified identity over downstream guesswork. Consumers deserve to know who is calling them. Lawful callers deserve to be accurately represented. And the voice ecosystem deserves a foundation built on facts, not inference. Numeracle respectfully urges the Commission to seize this moment and fix caller identity—properly, finally, and decisively. By providing clear regulatory recognition of vetted mechanisms while maintaining flexibility for future innovation, the Commission will promote both consumer trust and technological progress in caller identity services. The undersigned stand ready to assist the Commission as it develops a trust-based framework for caller identification.
Keith Buell, General Counsel and Head of Global Public Policy
Rebekah Johnson, Founder and Chief Executive Officer
