Is your phone system ready to be stirred and shaken?

Deciding to host your hotel phone system in the cloud may seem daunting, but in today’s cloud-driven business world, it is the next step in the evolution of telecommunications. There are many reasons to convert your old PBX to a cloud communication system, but one of the most important reasons for hoteliers is compliance. 

There is a need for compliance in every aspect of a business. Human resources, operations and the safety of your employees and guests are top of mind to owners/operators. What is often overlooked, however, are the compliance requirements and regulations mandated by the Federal Communications Commission. But what does that have to do with your hotel? Your phone company handles all that, right?

The easy answer is—not always. Why must hoteliers be aware of FCC regulations? Even more importantly, does your phone system comply with these regulations?

Our phone systems are rapidly changing: Old equipment continues to be replaced by more efficient cloud-based solutions. However, whether you are a carrier network (AT&T, Verizon or T-Mobile) or hosted phone service provider, being in the cloud communications business can be challenging. In addition to the ongoing development of hardware and software innovations, behind-the-scenes service providers are inundated with various FCC regulations to comply with new laws passed by Congress. 

Unfortunately, as we have seen in recent congressional hearings, many technology problems that come to the attention of lawmakers are not easily fixed. Implementing these new laws is often left to associated organizations or business leaders to determine how to accomplish these mandates. 

The rise of the cloud, the ubiquitous cell phone, and the need to replace aging infrastructure has come to a head in recent years. However, at the end of the day, like many technology solutions meant to save time and money, the protection of the end user is often disregarded until the solution has been released into the wild. Today we are seeing the fallout of that disregard for security. 

Breaking Down the Cloud vs. Wired Telecommunication Puzzle

The reality today is that our phone systems have been moving to the cloud for some time. RCR Wireless did a great explainer of why, but the hard fact is that legacy phone systems are quickly becoming obsolete. The cloud revolution has been widely adopted within IT, with most businesses taking a “cloud-first” approach when deploying new applications. Gartner predicts that 85 percent of organizations will be “cloud first” by 2025. But when it comes to adoption in telecom, the pace can best be described as slow but steady. Why? It’s complicated.

Sending phone and internet data over long distances can require a complicated system of multiple devices and structures. The carrier network is a series of devices and infrastructure that transmits data from one location to another. Various carriers may own and maintain equipment in this infrastructure or buy services from other providers to complete their network. The system is vast and replacing legacy equipment to adapt it to the cloud takes time. Switching equipment and cabling has been ongoing for years.

But the elephant in the room is the bad actors always waiting in the wings to take advantage of new technology. We all know that a complicated network requires a robust security protocol. But we only know what we know and what we don’t know is waiting just around the corner.

Keeping Up with Regulations

We are all familiar with regulatory bodies in the United States. They govern, monitor, and control many aspects of our lives and businesses. Consider the new “Real ID” driver’s license the government has been trying to implement in the wake of 9/11. The process of implementing this idea began in 2005. However, its deadline has been extended for various reasons and has now been pushed to May 2025. This is a prime example of legislation being passed, but the reality of implementing it doesn’t happen overnight. 

The same is true of the most recent regulations for telecommunication providers. Let’s consider a recent bill passed by Congress and adopted by the FCC. In December 2019, the TRACED (Telephone Robocall Abuse Criminal Enforcement and Deterrence) Act, a piece of bipartisan legislation, was signed into law and gave the FCC new tools to fight unwanted, and often illegal, robocalls, the top consumer complaint reported to the FCC annually.

The FCC has worked diligently to meet the TRACED Act’s deadlines and quickly provide Americans with new protections against unwanted robocalls. Caller ID Authentication Tools allow voice service providers to verify that the caller ID information transmitted with a particular call matches the caller’s actual number. This helps determine whether the call should be blocked or labeled. Widespread deployment of caller ID authentication will reduce the effectiveness of illegal spoofed caller ID, allow law enforcement to identify bad actors more easily, and enable phone companies to block illegal calls before those calls reach consumers.

The TRACED Act required the FCC to mandate the STIR/SHAKEN, a framework of interconnected standards. STIR/SHAKEN is an acronym for Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using TOKENs (SHAKEN) standards. This complex and regulated framework essentially means that calls traveling through interconnected phone networks would have their caller ID “signed” as legitimate by originating carriers and validated by other carriers before reaching consumers. It essentially enables phone companies to verify that the caller ID information transmitted with a call matches the caller’s actual phone number. 

FCC rules required providers to implement STIR/SHAKEN in their networks' Internet Protocol portions by June 2023. However, this date, not unlike the REAL ID implementation date, is a moving target because the steps needed to accomplish this task are extensive. 

Providers must now work with third-party companies that enable them to authenticate and digitally sign calls the telco originates and verify signed calls they receive. As you can imagine, this service is not cheap, thus the ongoing rise of the “Other” charges we find at the bottom of our phone bills as phone carriers and service providers incur the fees needed to comply with the FCC.

Even more critical is that if spam calls—or worse, fraud calls—originate from your hotel, your property may be penalized by the FCC.

So, Who Do You Trust?

When choosing a service provider, consider these questions before engaging with a new vendor: 

  1. Price. Primary consideration is cost. Some providers offer a range of pricing that can vary depending on various factors, including the number of phones and whether or not you are a new build property or one dealing with legacy equipment. 
  2. Additional fees. Some service providers charge installation fees, hardware, software, or service and support in addition to their payment plans. Ask for a detailed list of what is included.
  3. Features. Different service provider plans may offer different features. Ask what features are included and if there are any additional fees for them
  4. FCC regulatory compliance. Ask about the upcoming FCC regulations and how they manage, update, and work with these new regulations. You can verify compliance through the Robocall Mitigation Database. It was established to ensure all voice service providers and gateway providers file certifications to this database and provide detailed information regarding their implementation of the STIR/SHAKEN caller ID authentication framework and/or a robocall mitigation program.
  5. Years working with hotels. To ensure your provider will be around to handle your system, ask them how long they have been in business. Also, it is essential to determine if they work specifically with hotels. Having deep knowledge of hotel-specific needs is essential. As with any new vendor, ask for referrals.
  6. Service and support. A communication system vendor should be available 24/7/365 for technical issues. Also, look for a vendor that provides an end-to-end solution. Avoid those that want to bring in third-party installers or maintenance personnel.
  7. Ongoing updates. A best-in-class cloud communication vendor should provide continuous innovations to your phone system. Your cell phone providers do, and so should your cloud communication provider. 

Phone Systems Built for Tomorrow

So, is your legacy phone system ready to be Stirred and Shaken? Have you asked your current provider about FCC regulations, or are you assuming your provider is on top of that? 

Buying a new phone system can be challenging. Plenty of options are on the market today, so do your due diligence in vetting your vendor. Contracts should be easy to understand, as should your monthly invoice. Finally, make sure your phone system is robust enough to handle today’s and tomorrow’s cloud communication innovations and new regulations.  

Alexander Perovich is the co-founder and managing director of Think Simplicity.