The FCC has proposed a $4,492,500 fine against VoIP service provider Telnyx for allegedly allowing customers to make robocalls posing as fictitious FCC “Fraud Prevention Team,” by failing to comply with Know Your Customer (KYC) rules. However, Telnyx says the FCC is mistaken and denies the accusations.
The individuals behind these calls registered Telnyx accounts using the “Christian Mitchell” and “Henry Walker” names with the same address in Toronto, Canada, but IP addresses from Scotland and England. They are known as the “MarioCop” accounts because they both used email addresses on the same mariocop123.com domain.
Between February 6 and February 7, 2024, they made 1,797 imposter calls before Telnyx terminated their accounts. Ironically, their calls also reached over a dozen FCC staff and family members on their personal and work phone numbers one year ago.
According to the FCC, the callers used prerecorded messages with artificial voices, saying, “Hello [first name of recipient], you are receiving an automated call from the Federal Communications Commission notifying you the Fraud Prevention Team would like to speak with you.”
But the FCC has no fraud prevention team, and the agency’s Enforcement Bureau believes the calls’ purpose was “to threaten, intimidate, and defraud,” seeing that at least one recipient of these imposter calls was connected to someone who “demand[ed] that [they] pay the FCC $1000 in Google gift cards to avoid jail time for [their] crimes against the state.”
The FCC also added that it doesn’t “publish or otherwise share staff personal phone numbers” and is “unclear how these individuals were targeted.”
According to the FCC, Telnyx failed to take the necessary measures to prevent malicious actors from using its VoIP network for illegal voice traffic, violating Know Your Customer (KYC) rules.
Such measures include requesting copies of government-issued identification, corporate formation records, and third-party records of a customer’s physical address to verify the identity of customers who request access to services that would allow them to make a significant volume of calls.
However, the FCC claims that before opening the MarioCop accounts, Telnyx only collected a name, non-free email address, physical address, and IP address from each applicant, all of which were accepted at face value “without any further requests for corroboration or independent verification.”
“Cracking down on illegal robocalls will be a top priority at the FCC. That is why I am pleased that our first Commission-level action is a bipartisan vote in favor of this nearly $4.5 million proposed fine. This fine flows from an apparently illegal robocalling scheme and continues the FCC’s longstanding work to stop bad actors,” said FCC Chairman Brendan Carr on Tuesday.
“Providers are required to know their customers and secure their networks to deter fraudulent and malicious calls,” added Patrick Webre, Acting Chief of the Enforcement Bureau.
Telnyx denies FCC’s accusations
Telnyx is a cloud-based platform that provides carrier-grade voice services over the Internet. It holds carrier status in over 30 countries worldwide, offers global calling services, local calling in over 80 countries, and Public Switched Telephone Network (PSTN) replacement in 45+ markets.
The company also allows customers to build “unique, context-aware AI voice bots in minutes using propriety data” and offers customers a Voice API that helps them “make, receive, and control calls globally with programmable voice capabilities.”
In a press release published on Wednesday, Telnyx denied all allegations, said the “FCC’s Notice of Apparent Liability is factually mistaken,” and added that it is “surprised by the FCC’s mistaken decision.”
“Telnyx has done everything and more than the FCC has required for Know-Your-Customer (‘KYC’) and customer due diligence procedures,” the company stated.
“More importantly, the FCC is mistaken about the KYC and due diligence standards that apply to the industry. The FCC’s own regulations have long stated that perfection in mitigating illegal traffic is not required. [..] Notably, there has been no allegation of subsequent recurring activity.”