This is my take on Simon’s recent post about essentially the same topic – yes, we were both driven to rant independently, and you can’t waste a rant!
We’ve recently been recertified for another year with ISO 9001 and 27001. This is a headache every year for Vicky who co-ordinates the audit, chases people (mainly me) for what she needs, and then threatens people (mainly me) as deadlines loom.
Unlike some implementations of ISO frameworks I’ve seen, Simwood takes it seriously because, done right, it adds value. There’s no things for the sake of ticking a box annually here.
For the vast majority of our customers, I see the same embracing of Ofcom’s guidance on sub-allocations of numbers (or “KYC” as it is increasingly referred to). Honest service providers, taking their duties seriously. Even before Ofcom’s pronouncements, these same companies were being good corporate citizens and not actively enabling scammers, and taking complaints seriously.
However, like some implementations of ISO, there are some out there, which treat the so-called KYC process as a box ticking exercise. A task to do in order to provide a service, as opposed to its true purpose – a safeguard to prevent our grandmas from being defrauded.
We do our checks when a customer is onboarded, then, we may repeat them according to various criteria. I had cause to review a repeated KYC this morning. I’m looking at it on one half of my monitor, and the stats from the nuisance call algorithm on the other half.
Projected ACD – >2 mins. Actual ACD – actually, approaching a minute, not the worst. “Numbers are used for account management and service related activities with businesses we sell to direct”. Yet 40% of calls are to numbers not in service, with an ASR or 13% (60% less than asserted). If I can see something on the left of my screen that doesn’t match what I see on the right, trouble is brewing. If you’re obviously war-dialling the UK, while asserting retail conversational uses, trouble has brewed.
I re-read the submission a couple of times. It had the feeling of curated answers deliberately aimed at ticking boxes, assuming the exercise was one of regulator-mandated paperwork for the sake of keeping bureaucrats employed. That might have passed muster a few years ago (and probably still does with some providers), but not with those taking a stand.
Today, we whacked that mole. It’ll pop up somewhere else soon enough, hopefully with another provider that takes this seriously. If enough providers whack enough moles, eventually the entire value chain will take this stuff seriously. When it’s all too hard and difficult to try and scam someone in the UK, the scammers will go scam another country. We hope France. But actually, their rules are tougher than the UK’s. In a way that makes sense for once.
What’s the moral of this story? The sub-allocation assurance process isn’t just a box to be ticked, it’s very important. As are follow up questions and enquiries thereafter. Onboarding a scrote on your network that pollutes the rest of your traffic – all your traffic and numbers are at risk.
