Telecom toll fraud is an increasingly dangerous problem, and can affect any organization which uses or sells VoIP services. In this case, prevention is the best medicine; it’s much easier and less costly to prevent an attack than recover losses after the fact.
According to Mark Palchick, an attorney in the Washington, D.C. office of Womble Carlyle Sandridge & Rice, few enterprises realize that their telephone system is a target that could cost them hundreds of thousands of dollars in fraud losses. But the reality is that even a small hack can translate into big financial consequences.
For instance, a doctor’s office in Maryland was taken for $2 million when its telephone system was hacked to make calls to Gambia, Ascension Island and Dominica. A seven-person architecture firm in Georgia lost $166,000 when its four-line, analog phone system was hacked to make calls to Gambia. And a real-estate agent in Florida was defrauded out of $600,000 when his phone system was hacked to make calls to Somalia and Guinea, and to Azerbaijan.
On the preventative front, users can safeguard their phone system by deploying a fraud management system that is capable of preventing and detecting fraud before it enters the VoIP network. But it also pays to educate oneself about the risk, to avoid unnecessary exposure.
“You need to be intelligent when you are purchasing telephone services,” Palchick said in a column. “First and foremost, know what you are buying. If international long distance service is not required, do not subscribe to it. International long distance calls pose a high fraud risk to enterprises.”
Organizations should also study the contract from their service provider and become familiar with its terms.
“Assume that you, the customer, are fully liable for any calls that originate from your telephone system,” Palchick said. “Most telephone service terms and conditions make it very clear that the customer is fully liable for fraudulent calls.”
If a telephone service provider offers toll fraud loss protection, it may be the best solution for managing fraud risk—so companies should be sure to ask for it.
Even with risk assessed and anti-fraud measures in place, some amount of toll fraud still happens. If one is a victim of a breach, Palchick said that there are actions the enterprise can take to possibly reduce their toll fraud losses.
First and foremost, victims should gather as much information/evidence as possible to understand exactly what happened. This includes determining if “cramming” has occurred. Cramming occurs when the enterprise is subscribed to services it did not order.
Organizations should also prepare to negotiate for a settlement that is less than the full retail cost of the toll-fraud loss.
“Many service providers will be satisfied if they can recover their wholesale costs related to the fraudulent traffic,” Palchick said. “Since there can be a large profit margin between international retail and wholesale rates, this could be a significant reduction in fraud loss for the enterprise.”
And finally, if the service provider does not agree to reduce the enterprise’s toll fraud liability to the service provider’s wholesale cost, then the enterprise should consider filing a formal complaint with the FCC (News - Alert) against their service provider.
“Winning a formal complaint against a service provider to avoid toll-fraud losses will be a major challenge, but it may motivate the service provider to negotiate a reduced settlement,” Palchick said. “Filing a formal complaint with the FCC will require advice from an attorney who is familiar with FCC rules and decisions regarding telecom fraud.”