Federal Communications Commission DA 13-34
Before the
Federal Communications Commission
Washington, D.C. 20554
In the Matter of
Petition of STi Prepaid, LLC for Declaratory
Ruling, or in the Alternative, Petition for Waiver
IP-Enabled Services
)
)
)
)
)
)
CC Docket No. 96-115
WC Docket No. 04-36
ORDER
Adopted:  January 11, 2013 Released:  January 11, 2013
By the Chief, Wireline Competition Bureau:
I. INTRODUCTION
1. In this Order, we grant a petition for waiver of our customer proprietary network information 
(CPNI) rules filed by STi Prepaid, LLC (STi).  The waiver will permit prepaid calling card providers, 
which generally do not have an ongoing billing or service relationship with their customers, to 
authenticate their customers’ identities to ensure that CPNI is disclosed only with the customers’ consent.  
2. On August 4, 2009, STi, a provider of prepaid calling cards, filed a petition seeking 
clarification or, alternatively, a limited waiver of certain of the Commission’s privacy rules that apply to 
telecommunications service providers and interconnected VoIP providers.
1
  Specifically, STi requests a 
declaratory ruling that prepaid calling card providers may satisfy the customer authentication 
requirements in the Commission’s CPNI rules
2
by having a customer provide the personal identification 
number (PIN) associated with a prepaid calling card.
3
  In the alternative, STi seeks a waiver from the 
Commission’s CPNI rules so that prepaid calling card providers may use the PIN associated with a 
calling card to satisfy the customer authentication requirements in the CPNI rules.
4
  STi states that 
                                                     
1
Petition of STi Prepaid, LLC for Declaratory Ruling, or in the Alternative, Petition for Waiver (filed Aug. 4, 2009) 
(STi Petition).  On September 24, 2009, the Wireline Competition Bureau (WCB) sought comment on the STi 
Petition.  Pleading Cycle Established for STi Prepaid, LLC Petition Regarding Customer Authentication Provisions 
of CPNI Rules, CC Docket No. 96-115, Public Notice, 24 FCC Rcd 12086 (WCB 2009).  No comments were 
received.  On September 24, 2010, STi Prepaid, LLC (STi) and Vivaro Corporation (Vivaro) filed an application 
pursuant to section 214 of the Communications Act, 47 U.S.C. ง 214, to transfer control of STi to Vivaro.  On May 
20, 2011, WCB granted STi’s application for transfer of control.  Domestic Section 214 Authorization Granted, WC 
Docket No. 10-205, Public Notice, 26 FCC Rcd 7615 (WCB 2011).
2
47 C.F.R. ง 64.2010.  CPNI includes information derived from a customer’s relationship with a provider of 
communications services.  See 47 U.S.C. ง 222(h)(1) (defining CPNI as “information that relates to the quantity, 
technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to 
by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by 
virtue of the carrier-customer relationship; and information contained in the bills pertaining to telephone exchange 
service or telephone toll service received by a customer of a carrier; except that such term does not include 
subscriber list information”) (subsection denotations omitted).
3
STi Petition at 1.
4
Id.
Federal Communications Commission DA 13-34
2
providers of prepaid calling cards typically do not have an ongoing relationship with their customers, and 
therefore cannot authenticate their customers using the same tools as providers of other 
telecommunications services.
3. As explained below, using only the PIN associated with a prepaid calling card to authenticate 
the holder of the prepaid calling card would violate subsections (a)-(c) of section 64.2010 of the CPNI 
rules.  However, we find that it is in the public interest for purchasers of prepaid calling cards to have 
access to the CPNI associated with their calling cards.  We further find that allowing prepaid calling card 
providers to rely on the PINs associated with prepaid calling cards in order to authenticate their customers 
will not unduly risk the privacy of those customers’ CPNI.  Therefore, we grant the waiver request. 
II. BACKGROUND
4. In 2007, the Commission strengthened the customer authentication requirements in its CPNI 
rules to address the burgeoning problem of data brokers gaining unauthorized access to consumers’ call 
detail records and other CPNI, and selling that information.
5
  Under the Commission’s rules, 
telecommunications carriers and interconnected VoIP providers are prohibited from providing call detail 
information during a telephone call unless the customer initiating the call provides a password that is not 
based on readily available biographical or account information.
6
  When establishing a customer’s 
password, the carrier must authenticate the customer without reference to readily available biographical or 
account information.
7
  If a carrier is unable to authenticate a customer over the phone or online, the carrier 
may send call detail records to the customer’s address of record, or call the customer’s telephone number 
of record.
8
  Similar protections apply to customers’ online queries for CPNI.
9
  
5. Prepaid calling cards allow consumers to pay a fixed dollar amount in return for calling 
capabilities.  A consumer may receive access to the prepaid service in the form of a plastic card, a paper 
receipt, or a virtual card on the Internet.
10
  In each case, the customer is provided a PIN to access the 
services associated with the account.  The customer’s use of the PIN also identifies, for the service 
provider, the prepaid calling card account from which the service provider should deduct funds.  Prepaid 
calling card service providers assign PINs to customers in different ways.  For example, purchasers of 
plastic prepaid calling cards typically must remove a protective coating that covers the PIN prior to its 
purchase.  Purchasers of electronic prepaid calling cards typically receive the PIN electronically upon 
confirmation of the transaction.
11
                                                     
5
See Implementation of the Telecommunications Act of 1996: Telecommunications Carriers’ Use of Customer 
Proprietary Network Information and Other Customer Information; IP-Enabled Services, CC Docket No. 96-115; 
WC Docket No. 04-36, Report and Order and Further Notice of Proposed Rulemaking, 22 FCC Rcd 6927, 6953 
(2007) (EPIC CPNI Order), aff’d sub nom. Nat’l Cable & Telecom. Assoc. v. FCC, 555 F.3d 996 (D.C. Cir. 2009).
6
47 C.F.R. ง 64.2010(b).
7
47 C.F.R. ง 64.2010(e).
8
47 C.F.R. ง 64.2010(b).  “An ‘address of record,’ whether postal or electronic, is an address that the carrier has 
associated with the customer’s account for at least 30 days.”  47 C.F.R. ง 64.2003(b).  A telephone number of record 
is “[t]he telephone number associated with the underlying service, not the telephone number supplied as a 
customer’s ‘contact information.’”  47 C.F.R. ง 64.2003(q).     
9
47 C.F.R. ง 64.2010(c).   
10
For purposes of this order, we refer to each of these services as a “prepaid calling card service,” irrespective of 
whether the customer is given a physical calling card associated with the service.  See infra at para. 12 (defining the 
scope of this Order).
11
STi Petition at 1–2.
Federal Communications Commission DA 13-34
3
6. Prepaid calling card providers typically do not know who their customers are or how to 
contact them.
12
  Nevertheless, customers of such services sometimes want or need to access their CPNI.
13
  
According to STi, it has received numerous requests from prepaid calling card customers for CPNI, often 
from customers who must access their calling records for reasons related to court or other legal or 
governmental proceedings.
14
  STi contends that it does not have enough information to authenticate those 
customers in any of the ways provided for in the Commission’s rules.
15
  STi can confirm that the person 
seeking access to CPNI has access to the PIN associated with the prepaid calling card.  STi therefore 
requests that the Commission issue either a declaratory ruling or a waiver that would allow prepaid 
calling card providers to authenticate customers using the PINs provided with prepaid calling cards.    
III. DISCUSSION
7. We deny STi’s request for a declaratory ruling.  A declaratory ruling is appropriate to 
terminate a controversy or remove uncertainty.
16
  No controversy or uncertainty exists here.  STi has 
acknowledged that it does not have enough information about its customers to authenticate them 
according to the Commission’s rules.
17
  STi requests authority to authenticate its customers using the PIN 
associated with a prepaid calling card.  However, the CPNI rules require authentication that does not use 
readily available biographical or account information.  Because the calling card PIN may function as the 
customer’s account number, the Commission’s rules preclude using the PIN to authenticate a customer.
18
  
Therefore, we find a declaratory ruling is not appropriate in this case.
8. We find, however, that good cause exists to grant STi’s waiver request.
19
  A rule may be 
waived where the particular facts make strict compliance inconsistent with the public interest.
20
  Waiver is 
appropriate if deviation from the general rule would better serve the public interest than strict adherence 
to the rule.
21
9. In deciding whether to grant a waiver, it is appropriate to take into account considerations of 
hardship, equity, or more effective implementation of overall policy on an individual basis.
22
  We find 
that granting STi’s waiver will appropriately balance prepaid calling card customers’ privacy with their 
                                                     
12
Id. at 4–5.
13
Calling card services have been regulated by the Commission as telecommunications services because they 
provide transmission of information, without a change in form or content, for a fee directly to the public.  See, e.g.,
AT&T Corp. Petition for Declaratory Ruling Regarding Enhanced Prepaid Calling Card Services; Regulation of 
Prepaid Calling Card Services, WC Docket Nos. 02-133, 05-68, Order and Notice of Proposed Rulemaking, 20 
FCC Rcd 4826, 4827, para. 4 (2005).
14
Id. at 2.
15
Id.
16
47 C.F.R. ง 1.2.
17
STi Petition at 2.  
18
The PIN may be associated with the individual account – and is often the only way to identify a customer’s usage 
and remaining value on a prepaid card – in the same way that an address, phone number, or account number is 
associated with a subscriber that receives monthly bills at a fixed address.
19
The Commission’s rules may be waived for good cause shown.  47 C.F.R. ง 1.3.
20
Northeast Cellular Telephone Co. v. FCC, 897 F.2d 1164, 1166 (D.C. Cir. 1990) (Northeast Cellular).
21
Northeast Cellular, 897 F.2d at 1166; accord NetworkIP, LLC v. FCC, 548 F.3d 116, 127 (D.C. Cir. 2008).
22
WAIT Radio v. FCC, 418 F.2d 1153, 1157 (D.C. Cir. 1969).
Federal Communications Commission DA 13-34
4
interest in having access to their own CPNI.  As the Commission has explained, “[s]ection 222 reflects 
the balance Congress sought to achieve between giving each customer ready access to his or her own 
CPNI, and protecting customers from unauthorized use or disclosure of CPNI.”
23
  This balance is 
reflected in section 222(c)(2), which requires telecommunications carriers to disclose CPNI “upon 
affirmative written request by the customer, to any person designated by the customer,”
24
and section 
222(a), which imposes a duty on every telecommunications carrier to protect the confidentiality of 
proprietary information of and relating to their customers.
25
10. The Commission also recognized the need to balance “consumers’ interests in ready access to 
their call detail record, and carriers’ interests in providing efficient customer service with the public 
interest in maintaining the security and confidentiality of call detail information.”
26
  The Commission’s 
CPNI authentication rules appropriately balance these interests when the carrier and customer have an 
ongoing relationship because the carrier has information regarding the customer’s identity.  However, in 
the case of prepaid calling cards, where the provider does not have an ongoing relationship with its 
customers, authenticating customers for purposes of providing CPNI is not feasible under the 
Commission’s rules.  The Commission’s rules instead have the effect of preventing purchasers of prepaid 
calling cards from being able to access their CPNI. 
11. Prepaid calling card customers should have a means to access the call detail records and other 
CPNI associated with their use of prepaid calling cards.  The public interest is not well served by failing 
to provide a viable method for calling card customers to access their CPNI, which they may need for legal 
or governmental proceedings or to verify that the number of calling minutes they have received from a 
calling card are consistent with the number of minutes advertised.  
12. While we are mindful of the importance of protecting CPNI records, there is no evidence in 
the record to suggest that use of the PIN associated with a prepaid calling card to authenticate a customer 
for purposes of providing the customer with CPNI will expose that CPNI to undue risk of unauthorized 
access.
27
  The PINs associated with prepaid calling cards are randomly generated and are not widely 
available.  Moreover, the PINs are issued to the card purchaser and under the control of the purchaser, 
similar to a password that is known only to the provider and customer.  We limit the scope of this order to 
customer authentication by prepaid calling card providers that do not have telephone numbers or 
addresses of record for their customers, and do not have any other relationship with their customer that 
could be used to authenticate the customer.   
13. Accordingly, we grant STi’s request for a waiver of sections 64.2010(b) and (c) of the 
Commission’s rules to allow the use of PINs issued with prepaid calling cards to be used to authenticate 
prepaid calling card customers in satisfaction of the Commission’s CPNI rules.  We emphasize that 
prepaid calling card providers remain subject to all of the other provisions of the Commission’s CPNI 
rules, including the requirement to take reasonable measures to discover and protect against attempts to 
                                                     
23
EPIC CPNI Order, 22 FCC Rcd at 6931, para. 6.
24
47 U.S.C. ง 222(c)(2). 
25
47 U.S.C. ง 222(a).
26
EPIC CPNI Order, 22 FCC Rcd at 6939, para. 17.
27
We recognize, however, that in some cases, it is possible that CPNI will be exposed to persons other than the 
customer who purchased the card or for whose use the card was purchased.  For example, particularly in the case of 
scratch-off PINs, if the card is lost or stolen, whoever is in possession of the card and its associated PIN will be able 
to access the CPNI associated with the card.  However, we believe that on balance the risk of such exposure is 
outweighed by allowing customers to have access to their CPNI associated with prepaid calling cards.
Federal Communications Commission DA 13-34
5
gain unauthorized access to CPNI.
28
IV. ORDERING CLAUSES
14. Accordingly, IT IS ORDERED, pursuant to sections 1, 4(i), 5(c), 201, 202, and 222 of the 
Communications Act, as amended, 47 U.S.C. งง 151, 154(i), 155(c), 201, 202, 222, and sections 0.91, 
0.291, and 1.3 of the Commission’s rules, 47 C.F.R. งง 0.91, 0.291, 1.3, that the requirements contained 
in 47 C.F.R. ง 64.2010(b), (c) that customers be authenticated without reference to account information 
and that passwords be created without reference to account information are waived to allow prepaid 
calling card providers that do not have telephone numbers or addresses of record for their customers, and 
do not have any other relationship with their customer that could be used to authenticate the customer, as 
described in this Order, to use the Personal Identification Number associated with a prepaid calling card 
to satisfy the authentication requirements and password creation requirements contained in 47 C.F.R.
ง 64.2010.  
15. IT IS FURTHER ORDERED that STi Prepaid, LLC’s Petition for Waiver IS GRANTED
to the extent indicated herein, and its accompanying Petition for Declaratory Ruling IS DENIED.
FEDERAL COMMUNICATIONS COMMISSION
Julie A. Veach
Chief
Wireline Competition Bureau
                                                     
28
47 C.F.R. ง 64.2010.