Carriers need to independently verify LOAs
Peter Beckman
beckman at angryox.com
Mon Apr 19 17:53:22 UTC 2021
US/Canada (ideally all of NANPA) Carriers need to standardize the porting
process.
Right now, I have an anecdotal database for each carrier which requires a
slightly different process. For Verizon Wireless, you have to generate a
Port Out PIN for each number, which expire after 7 days. Excellent! But
only if there isn't a Freeze on the number.
For another, you have to call to get your account number and PIN, as you
cannot get it without calling the carrier, and it is different.
For some carriers, the address on file isn't the End-user's address, which
causes regular and constant rejections. Must request a CSR.
For Google Voice, pay $3 first, then unlock.
For $random_carrier, provide anything and they release the number, without
notice to anyone.
Many carriers do not require an LOA to Port, usually where porting is
automated, and the automated carriers require a PIN and Account Number and
service/billing address to ensure numbers don't get "accidentally" ported,
either due to fraud or a typo.
And while it would be nice if everyone "independently verified every LOA"
the cost of doing so in the far-too-many edge cases is business-endingly
high.
It is the lack of a standard that all carriers share that cause these
problems.
In Europe, you generate a UUID, give the UUID and number to Port to the new
carrier, and it's done. If every NANPA carrier allowed the End-User to
generate a UUID for Porting Out that expired after 7 days, all of this
inconsistency would go away. Mostly. Probably.
Beckman
On Mon, 19 Apr 2021, Joe Greco wrote:
> On Mon, Apr 19, 2021 at 01:20:22PM -0400, Sean Donelan wrote:
>> On Sat, 17 Apr 2021, Eric Kuhnke wrote:
>>> Anecdotal: With the prior consent of the DID holders, I have successfully
>>> ported peoples' numbers using nothing more than a JPG scan of a signature
>>> that looks like an illegible 150 dpi black and white blob, pasted in an
>>> image editor on top of a generic looking 'phone bill'.
>>
>> All carriers should independently verify any LOAs received for account
>> changes.
>>
>> Documents received from third-parties, without independently verifying
>> with the customer of record, using the carriers own records, are just junk
>> papers.
>>
>> Almost no carriers verify LOAs by contacting the customer of record.
>> Worse, they call the phone number on the letterhead provide by the scammer
>> for "verification."
>
> Presumably we're kinda talking about a problem parallel to the
> Internet ASN/IP space LOA problem here.
>
> It would be awesome if there were a nice easy way to identify the
> responsible parties, so you could figure out WHOIS the appropriate
> party to contact. If you've ever tried Googling a company with a
> hundred thousand employees, calling their contact number on the Web,
> and getting through to anybody who knows anything at all about IT,
> well, you can spend a day at it and still have gotten nowhere.
>
> It's too bad that this information is so frequently redacted for
> privacy.
>
> ... JG
> --
> Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
> "The strain of anti-intellectualism has been a constant thread winding its way
> through our political and cultural life, nurtured by the false notion that
> democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov
>
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman at angryox.com http://www.angryox.com/
---------------------------------------------------------------------------
More information about the NANOG
mailing list