Best Practice to reduce the risk of toll fraud
Posted on June 05, 2018
Toll fraud, or the unauthorised use of phone lines, is costly for both telecommunications companies as well as their customers. However there are some simple steps which can be taken to better protect yourself and your business to minimise the risk of becoming a victim of toll fraud.
What is toll fraud?
According to the international body for fraud risk management and prevention, the Communications Fraud Control Association (CFCA), it is estimated that toll fraud cost telecommunications providers and their customers $US 38 billion in 2015.
Toll fraud is when an unauthorised person, or persons, is able to access a phone system and make fraudulent long distance calls from your account or calls to premium rate numbers. It’s also referred to as VoIP fraud or phone card fraud and can be carried out in several different ways. This includes international revenue share, call termination hijacking, the use of illegal phone cards or private branch exchange (PBX) hacking. PBX hacking is thought to be the type of toll fraud most pertinent to Australian businesses.
Typically hackers search the internet for compromised routers and PBX systems via a script written to look for vulnerabilities in a business’s firewalls, such as open ports and where information can be extracted. Hackers then buy phone numbers in poorly regulated jurisdictions, such as some African countries or former Eastern Bloc countries.
The criminals can on-sell the information about the compromised accounts and also on-sell call minutes at discounted rates via the purchased numbers. Alternatively, they can establish their own premium rate information service lines through the hijacked PBX system.
The hackers run up huge costs, which are charged to the affected customers by their telecommunications provider. All phones are at risk, but it can often go undetected for longer within a company or larger business. It is almost impossible for telecommunications companies to detect the fraud, as they are lost among the network of legitimately billed international minutes.
By the time the large bill is received, it is too late. The lucrative fraud has been committed, the customers are generally liable to pay and the criminals have packed up and moved on before the fraud has even been detected.
There are some easy steps however which can be taken to minimise the risk of toll fraud, both on your personal network as well as within your business’s.
Work with your telecommunications provider
A good telecommunications company is part of the solution in mitigating the risk of toll fraud. Speak with your provider and ask about their risk reductions strategies. These might include imposing quota caps or international barring.
Use a managed firewall
Telecommunications companies are very adept at configuring firewalls to minimise the chances of toll fraud or another breach. You might have a great all-round IT manager within your business, but since telecommunications providers face this problem daily, they have valuable expertise. Ask their advice in configuring your firewall, or better yet, use a managed firewall for your organisation.
If managing your own firewall, reduce ports exposed to remote access as much as possible. As this is generally the way hackers find their way in. minimising the possible access areas is going to make your PBX more secure.
This point cannot be stressed enough. The most effective measure to take against PBX hacking or other cyber crime is to use complex and varied passwords.
If you have difficulty remembering a complex password, use a password keeper software to keep track of them or use a memorable phrase with substituted numerical, capitalisation and punctuation variations. Change regularly.
Check the ISDN configuration
SIP (Session Initiation Protocol) is a great technology for business communications. It cuts down on call costs and when utilised within a well-configured IP network, can deliver better security than Internet telephony options..
Block international prefixes
Most PBX’s can block all or some international numbers.
The top countries for toll fraud termination include Latvia (+371), Gambia (+220), Somalia (+252), Sierra Leone (+232) and Guinea (+224). Cuba, Timor-Leste and Lithuania are also hot spots for toll fraud termination. Unless you are specifically doing business internationally, blocking certain country prefixes can limit your risk.
What telecommunications providers do to protect against toll fraud
Toll fraud can be very difficult for telecommunications companies to detect. They are however able to take a few precautions to safeguard Australian networks. They look out for unusual and atypical activity and can impose channel limitations, which can limit damage by limiting the number of concurrent calls made from an individual PBX. Because of the large number of international calls made through a limited PBX, providers can then more easily detect this as unusual activity.
Similarly, telecommunications providers can also limit to the amount of billable calls a company can incur, though this is used primarily as a last case resort. More commonly used, providers can impose a threshold on the maximum per minute cost of a phone call. Unless clients have specifically requested this limitation be removed, it means that premium rates numbers cannot be called from that PBX.
As well as taking some basic security steps, working with your telecommunications provider is the best way of protecting yourself again toll fraud. Speak with Vocus on 1800 035 540 to see what we can do to help minimise the risk of fraudulent activity against your business.