ITEXPO begins in:   New Coverage :  Asterisk  |  Fax Software  |  SIP Phones  |  Small Cells

Understanding and Mitigating Risk in the VoIP World

By William Duffy Mich


As more and more businesses and consumers are finding out, there a lot of inherent benefits in using Voice over IP (VoIP) technology.

Businesses appreciate VoIP for a multitude of reasons, such as the fact that they can collapse redundant voice and data networks into one infrastructure, and that they can transparently link several remote locations and mobile workers through a single system, not to mention the reduction in network administration costs they enjoy in most instances.

Judging by the adoption rates the cable providers claim theyre getting for their VoIP offers, consumers, too, seem enamored with the technology, particularly with the unlimited calling plans that have permeated the market.

With the air of panacea that VoIP is currently enjoying, one would conclude that telcos, cable companies, and other service providers that offer VoIP solutions would be delighted with this up-tick in the publics embrace of technology. After all, sales are up, demand is up, and the reliability and stability of VoIP technology is constantly improving. So whats there to worry about?

According to the VoIP providers, theres plenty to worry about. Proffering VoIP services is one thing, but managing usage, maintaining revenue, and complying with various security, financial, and regulatory mandates is whats keeping the providers up at night.

Voice over IP offers a unique set of challenges that all providers must wrestle with in order to maintain the financial and operational integrity of their respective organizations.

The Myth of Unlimited Services
VoIP providers face several inherent risks in offering VoIP services especially to consumers who are using unlimited services. First, lets be clear: there is no such thing as unlimited services. Every provider weve come across including Vonage and the cable providers place limitations on their VoIP offerings. Most contracts list a number of conditions that give providers the right to shut down services. These may include unauthorized business use, auto dialing, faxing, or other behaviors not typically related to consumer use of phone service. One nationally known provider even goes so far in its contracts to state that it reserves the right to shut down service immediately if in its sole discretion it determines that calling patterns appear to be irregular.

These alleged unlimited services are starting to cost VoIP providers a bundle, particularly in international calling plans. Each time those free calls come off the IP infrastructure onto the public telephone network, the VoIP provider must pay a termination fee to the destination telco. That would be reasonable in normal phone usage, but now consider the very nature of these unlimited plans. In many ethnic neighborhoods around the globe, the VoIP phone becomes the neighborhood phone. These termination charges rack up pretty fast when 20 or 30 international calls are made from a single location, eating up whatever profit was built into the unlimited offer that was sold to the consumer.

Beware: Sarbanes-Oxley (And Other Mandates)
There are other areas of concern VoIP operators should be aware of in addition to the inherent financial risks of offering unlimited packages.

VoIP providers that trade publicly, including international-based operators that are listed on U.S. exchanges, must comply with the various regulations of the Sarbanes-Oxley Act, which mandates certain operational and financial reporting criteria. The problem for VoIP providers in meeting these mandates is twofold. First, the very nature of VoIP, as a portable communications technology that has the ability of masking caller origination and identity, presents a challenge for service providers who must be able to draw a clear line between services offered, revenue, costs and profit in order to meet Sarbanes-Oxley requirements. In the world of VoIP, it is exceedingly difficult for providers to capture accurate call data, and assign the appropriate fixed costs and toll charges to these calls.

The other reality is that many VoIP operators simply lack the sophisticated reporting and accounting systems that can accurately track and monitor usage among customers. For most of these providers, the lack of systems is not intentional. VoIP is still a largely unregulated business, but the emergence of Sarbanes-Oxley, along with other regulations coming out of the European Union and other countries, will force providers to pay meticulous attention to VoIP reporting and accounting activities.

Meeting DHS Requirements
Security and other related initiatives will also have a profound affect on VoIP providers. As it stands today, the United States Department of Homeland Security has the legal authority to demand call detail records from any service provider that does business in the United States, including telecommunications operators, cable companies, Internet service providers, and the emerging VoIP providers, like Skype. Again, these federal requests may prove to be problematic in the unregulated world of VoIP. While call records and Web hits are fairly easy to collect and produce in the traditional telecom and ISP models, they are not as readily available for VoIP companies. Some providers do not have systems in place to track customer activity in sufficient detail and, with the portable nature of VoIP, many have chosen to overlook these fundamentals. Unfortunately, the U.S. Government is not nearly as forgiving, and failure to produce accurate customer data could cost VoIP operators dearly.

Simple Strategies to Mitigate Risk

All is not gloom and doom for VoIP providers who wish to minimize potential risk. Every operator already owns the critical data to protect against these threats. All they need to understand is how to go about this task. There are a number of strategies that VoIP operators can easily and cost-efficiently employ to protect their organizations against unauthorized usage and the subsequent negative impact. For example:

Near real-time switch data and traffic pattern analysis. These technologies enable providers to obtain a clear snapshot of what typical VoIP usage looks like. As the baseline profile is drawn, ongoing analytics and evaluation can help identify customers that regularly exceed acceptable thresholds of usage. Usually, three continuous months of data retrieval and analysis is sufficient to generate accurate profiles. Implementing these analytics are relatively easy for the provider, most can be readily integrated into an operators customer relationship management (CRM) platform.
Once customers who have abused these VoIP services have been identified, operators should be very cautious in how they approach these end users. A tiered approach is often the best solution.

For example, if a very good cable customer (one that uses voice, data, and video services) is regularly at the threshold of VoIP usage, the provider may wish to send this customer a subtle reminder of the terms of VoIP services, as to not alienate or offend a customer that spends a good deal of money on multiple services.

On the other hand, a customer that uses only VoIP services, resists cross selling overtures and regularly racks termination charges as a neighborhood phone, is the perfect candidate to have his or her service terminated immediately, no questions asked.

Enforcing these risk management policies demands insight and nuance on the part of the provider but all decisions can be reinforced by properly evaluating call data and other analytics.

As VoIP services continue to gain increased market and mind share among businesses and consumers, providers need to be cognizant of the potential risks they may face if these services are continually abused. Expensive termination charges can quickly add up by users who make an abnormally high volume of calls, particularly in unlimited plans that may include international dialing.

In addition, operators are required to maintain meticulous call details, that could end up justifying billing and accounting processes to meet financial reporting mandates, or may even be subpoenaed as part of Homeland Security compliance.

The easiest way for VoIP providers to manage any risk continues to be a thorough analytics capability using call data records that can build up a reliable profile of users who have the propensity to use VoIP in unauthorized ways and then take the necessary steps to either persuade the user to curb this behavior, or shut them down completely. The one thing a provider cannot afford to do is ignore this issue entirely. IT

William Duffy Mich is Chairman and CEO of Aperio CI. For more information, please visit the company online at (news - alerts).

If you are interested in purchasing reprints of this article (in either print or PDF format), please visit Reprint Management Services online at or contact a representative via e-mail at [email protected] or by phone at 800-290-5460.


Today @ TMC
Upcoming Events
ITEXPO West 2012
October 2- 5, 2012
The Austin Convention Center
Austin, Texas
The World's Premier Managed Services and Cloud Computing Event
Click for Dates and Locations
Mobility Tech Conference & Expo
October 3- 5, 2012
The Austin Convention Center
Austin, Texas
Cloud Communications Summit
October 3- 5, 2012
The Austin Convention Center
Austin, Texas