Toll Fraud Prevention is important for anyone using a PBX that’s connected to a network. Toll Fraud occurs when a phone system is hacked and calls are terminated via its PSTN connection to international and other high priced destinations.
Protecting yourself from these liabilities are becoming more important as VoIP capabilities develop allowing hackers to spoof IPs, phone numbers, and more.
Security starts with your updates and backups, then your gateways, and your ability to recover from a potential loss (BCDR). We’ve outlined five steps to batten down the hatches for toll fraud prevention.
Updates and Settings
Handsets and phone systems need to be constantly updated like any other computer with an operating system. Systems with old firmware are vulnerable to compromise. This goes for handsets as well.
The PSTN or Public Switched Telephone Network and the carriers that connect your company to it have destinations or phone numbers that they block access to because of significant toll fraud. Some carriers do not restrict access but you’re more likely to be held liable.
General Counsel or Consultant
Toll Fraud Prevention can be proactively addressed using various systems but to recover from an incident you’ll need an experienced voice consultant and/or general counsel. Ideally, terms and conditions in the contract verbiage should be negotiated at the outset however if you’re past that point you want to call in an expert before you simply cut a check to the carrier or they cut off your service.
If you need an Ogre to have your back… contact us here
Intrusion Detection or SIEM
An intrusion detection system is your best proactive toll fraud prevention tool. Port based firewalls can help reduce the amount of traffic in your viewer to better detect anomalies. Tools like MaaS360 and QResponse from IBM can be used to seal up any gaps in your security network security. Managing real time voice traffic and getting screen captures are beneficial practices to ensure calls aren’t being terminated form your PSTN connection.
Calls per minute/second and limits on spend
Some carriers can limit your spend on international calls. A PBX can be used to block calling to and from particular destinations. A least access security policy in a voice environment is extremely problematic since it’s so close to the end user. Using your PBX in conjunction with your carrier to limit the ability for rob dials can help prevent toll fraud. If you’re not operating a call center environment to make twenty calls per second.
Two Factor Authorization and PINs
Permission settings are another valuable tool for toll fraud prevention. Restricting access to dial tone to some users or phones in places like common areas is a good practice. Requiring users to enter PIN numbers for access to outbound dial tone is another good practice to prevent unauthorized calls, whether from hackers or rogue employees. Many legal and accounting practices employ account codes to further detail calls, allowing for easy billing of clients. This can be done at the PBX and carrier level.
With SIP and VoIP being more widely adopted and hackers targeting these systems more frequently, toll fraud is a growing concern. For many companies its a s simple as turning off international calling. Larger companies don’t have that option so employing the above practices are a great way to seal up and gaps in your voice security and further prevent toll fraud.