47 CFR §52.37

1. (a)Applicability. This section applies to all providers of commercial mobile radio service (CMRS), as defined in 47 CFR 20.3, including resellers of wireless service.
2. (b)Authentication of port-out requests. A CMRS provider shall use secure methods to authenticate a customer that are reasonably designed to confirm the customer's identity before effectuating a port-out request, except to the extent otherwise required by 47 U.S.C. 345 (Safe Connections Act of 2022) or Part 64 Subpart II of this chapter. A CMRS provider shall regularly, but not less than annually, review and, as necessary, update its customer authentication methods to ensure that its authentication methods continue to be secure.
3. (c)-(e) [Reserved]
4. (f)Employee Training. A CMRS provider shall develop and implement training for employees to specifically address fraudulent port-out attempts, complaints, and remediation. Training shall include, at a minimum, how to identify fraudulent requests, how to recognize when a customer may be the victim of fraud, and how to direct potential victims and individuals making potentially fraudulent requests to employees specifically trained to handle such incidents.
5. (g)[Reserved]
6. (h)This section contains information-collection and/or recordkeeping requirements. Compliance with this section will not be required until this paragraph is removed or contains a compliance date.