Dear Ms. Dortch:
Rebekah Johnson, Founder & CEO of Numeracle, Inc. (“Numeracle”), and Keith Buell, General Counsel and Head of Global Public Policy of Numeracle, met virtually on October 16, 2025 with Danielle Thumann and Callie Coker from the Office of Chairman Carr, and in person on October 20, 2025, with Ed Bartholme, Mark Stone, and Aaron Garza from the Consumer and Governmental Affairs Bureau (CGB) to discuss the Commission’s forthcoming Further Notice of Proposed Rulemaking (FNPRM) on verified caller identity and display.
Numeracle commends the Commission for advancing this FNPRM, which represents the most significant step yet toward instilling trust in caller identity. Nine years after the Robocall StrikeForce and six years after the TRACED Act urged the Commission “to take steps to ensure the calling party is accurately identified,”1 consumers still cannot reliably determine who is calling them. Numeracle’s goal is that “Every entity on Earth and every person on the planet should know with certainty who is calling them.”
Numeracle has devised the Three Pillars that are the foundation of this trust framework:
Numeracle enthusiastically supports the goals of the FNPRM that seek to implement these concepts, but Numeracle cautioned that the Commission’s implementation would leave open pathways for illegal and fraudulent callers to abuse the requirements and harm consumers by inserting false identity claims. The proposed rules would require display of any self-verified identity claim if the call is transmitted with an A-level attestation under STIR/SHAKEN in situations where the terminating carrier would present an indication of A-level attestation. Numeracle is concerned that this would open the floodgates for illegal callers and the carriers that enable them to assert false and misleading identity information that would harm consumers. It may pose such a risk that security experts at the various carriers may determine that their local policies should not transmit any information that isn't verified to a set of minimum standards.
Data from the TransNexus August 2025 report show that 93.4% of robocall traffic from the most prolific robocall call signers now carry A-level attestations, while YouMail’s SIPNOC 2025 presentation showed that 48 percent of illegal calls are A-attested. This means the current STIR/SHAKEN model is being used to lend false legitimacy to bad actors, proving that implicit trust in carrier self-attestation has failed. Allowing these same carriers to insert unverified identity data that must be displayed will only compound the problem.
The proposed rule would require display of verified caller name when a voice service provider displays “an indication that the call has received an A-level attestation.” Currently, one of the three major wireless providers in the United States has stopped displaying a checkmark indicating STIR/SHAKEN verification, informing Numeracle that the display confused its customers. Numeracle predicts that the effect of this proposed rule would be that all three major wireless providers would do the same and stop displaying any STIR/SHAKEN verification instead of displaying accurate caller identification information, which is the goal of the proposed rules under the NFRPM.
Numeracle noted that Rich Call Data (RCD) and other pathways for this information are not inherently trusted, as they merely transmit metadata such as name, logo, and call intent. Without a verified trust source, these call delivery systems become “a more effective tool for fraudulent actors.”
Numeracle proposed that the FCC or an appointed entity define who gets to assert verified caller identity and what minimum KYC standards must apply. This can be done through a light-touch regulatory framework. Industry has developed multiple competing frameworks and pathways for the display of verified caller identity information. CTIA has developed one through its Branded Calling ID ecosystem, while TransUnion, First Orion, Transaction Network Services, and Hiya have developed other systems that also require rigorous up-front vetting of the caller before any such caller identity information is transmitted and displayed on the call recipient’s device. The Commission should not be choosing winners here; instead, it should be ensuring that all frameworks meet minimum standards such that consumers are not confused. To restore trust to voice calling, consumers must only be shown caller name displays that are verified and accurate. If unverified caller name displays look the same as verified caller name displays, our collective efforts are for naught.
Given that multiple, industry-driven solutions already exist, Numeracle recommended that a neutral governance or standards body could approve or accredit identity frameworks that meet minimum Commission-defined trust criteria. Under such a model, the FCC would set baseline standards, while multiple competitive solutions could operate under those standards, ensuring both trust and market flexibility.
Numeracle reiterated that RCD is only a delivery mechanism, not a trust mechanism. Requiring display of unverified RCD claims would hand fraudsters “a free new tool.” The identity itself must be trusted—not just its transmission.
The FNPRM fails to reference the Commission’s existing KYC obligations established in the Fourth Report and Order. Without a defined trust anchor—a recognized authority enforcing consistent KYC and delivery standards—any system built on originating carrier assertions remains fragmented, manipulable, and vulnerable to bad actors.
Numeracle also urged the Commission to acknowledge that CNAM—an unauthenticated, out-of-band lookup system—is incompatible with any cryptographically secure framework. CNAM is spoofable, unverifiable, and conflicts with STIR/SHAKEN and RCD.
Finally, Numeracle emphasized that the FCC can lead globally. GSMA and One Consortium are investigating interoperable identity frameworks for verified identity display; adopting a standards-based trust anchor in the United States would position the FCC to set the international benchmark and be able to lead on this issue rather than conform U.S. policy to meet a preexisting international standard.
Numeracle submits the following updated rule text (attached separately) to align the FNPRM with these recommendations. The redline replaces “A-level attestation” with “verified caller identity” validated through an approved trusted identity framework and requires that only Commission-accredited trust anchors may authorize the display of verified caller information.
Numeracle appreciates the Commission’s leadership and the opportunity to collaborate on these issues. Verified caller identity must rest on a foundation of trust, robust KYC standards, and a governance framework, not on self-assertions by the originating carrier. Without these foundations, “verified” will become just another unverified label—undermining the very trust this proceeding seeks to restore.
§ 64.1607 Verification, Transmission, and Presentation of Caller Identity Information.
(a) When a voice service provider includes in caller identification information transmitted to a called party an indication that the call has received verified caller identity information, the provider must ensure that such information:
(b) A voice service provider that originates caller identity information must:
(c) For purposes of this section—
The Commission seeks further comment on whether the success of verified caller identity depends upon the establishment of a recognized trust anchor—a body or framework empowered to determine which entities may assert verified identity information in the call signaling process—and, if so, what structure that trust anchor should take. The record demonstrates that allowing any of the thousands of voice service providers operating in the United States to make self-attested “verified” identity claims has not produced a trustworthy system. Recent analyses, including data presented by TransNexus2 and YouMail3, indicate that many unlawful calls now carry supposedly verified A-level attestations, illustrating that self-certification without oversight has failed to prevent abuse of the STIR/SHAKEN system.
The Commission therefore seeks detailed comment on the establishment of a governance and accreditation framework for verified caller identity. Specifically, we ask whether a single Commission-designated trust anchor should be authorized to define and enforce minimum standards for proof of identity and credential issuance. Is there a pre-existing entity poised to perform such a role? What is the role of the terminating carriers in establishing this framework that is ultimately protecting the customers of that terminating carrier?
The Commission further seeks comment on the interaction between the trust anchor and existing or emerging frameworks such as Rich Call Data (RCD), Branded Calling ID (BCID), and branded calling products created by First Orion, TransUnion, Hiya, Transaction Network Services, and others. Commenters are encouraged to address whether a trust anchor could approve or accredit multiple identity frameworks that meet Commission-defined trust criteria—thereby allowing different identity ecosystems to coexist under a unified root of trust—while prohibiting display of “verified” identity claims that originate from unaccredited or unverified sources.
Finally, the Commission invites input on whether the continued use of legacy CNAM systems is compatible with the Commission’s goal of verified caller identity. CNAM relies on unauthenticated, out-of-band databases and cannot provide cryptographic or authoritative assurance of identity. We therefore seek comment on whether CNAM should be deprecated in favor of trust-anchored identity systems capable of end-to-end authentication, and whether any transitional measures are necessary to protect consumers and small providers during such a migration.
Keith Buell, General Counsel and Head of Global Public Policy
Rebekah Johnson, Founder and Chief Executive Officer
