Tackling toll fraud: Is the industry doing enough?

Strong carrier led counter fraud measures combined with a tightening up of standard anti-hacking processes, along with end user education and a channel rally in support of greater industry collaboration could bring a new dimension to clamping down on fraudsters. Big strides have been made in the war against phone hackers, but far more ground can be gained by advancing a policy of industry collaboration.

The Communications Fraud Control Association's latest worldwide comms industry survey estimates 2015 fraud losses to be $38.1 billion, down 18 per cent from 2013. But the issue remains a hot potato with much still to be achieved in the war against fraudsters. One industry body taking decisive action is ITSPA which is making big strides in tackling both the financial and reputational damage caused by telecoms fraud. "We engage with the industry, experts and law enforcement agencies to ensure that best practices for fraud prevention, reporting and recording are documented and distributed to interested parties," explained David Cargill, Chair of ITSPA's Operations Working Group.

Toll Fraud, where fraudsters use compromised IP PBXs or IP-phones to make calls to international destinations for the purpose of carrying voice calls for free is declining as international termination rates reduce. However, International Revenue Share Fraud (IRSF), where fraudsters call revenue share numbers they control in countries like Latvia, Gambia, Sierra Leone, Guinea etc is increasing exponentially. "Fraudsters are actively scanning the Internet for targets 24x7," added Cargill. "Once targets are identified they run through a sequence of automated steps that are fine tuned to the device they want to compromise. Typically, fraudsters will find an IP phone or IP PBX that is not secure and then harvest the SIP credentials (username, password and proxy address) to make calls on that account from an automated system abroad."

Losses by UK telcos to fraud are substantial, but most go unreported as businesses deal with the cost and consequences internally. "ITSPA is working to improve this through a joint initiative with Action Fraud to encourage service providers, resellers and customers to report fraud online using the ITSPA Action Fraud Reporting Instructions," said Cargill. "Resellers need to understand how these frauds occur and also check deployments using a scanner or penetration testing tool, either themselves or using a third party. Resellers should also ensure that calls cannot be connected to known IRSF numbers and be able to block access to new number ranges as they become known."

Remote zero touch phone provisioning enables service providers and resellers to roll out services rapidly, but the provisioning server is a high value target for fraudsters so extra care must be taken to ensure the service and the servers it's run on are secure and hardened, pointed out Cargill (ITSPA's Provisioning Best Practice Paper discusses the key elements of secure provisioning). "Organisations such as TUFF, Financial Fraud Action UK, Action Fraud, ITSPA and FCS all have initiatives in this area but we could do with a joint committee to represent all the various telco interests to the law enforcement and legislative communities," commented Cargill.

That said, the biggest security threat is a lack of proper engagement with the issue, according to Simon Woodhead (pictured above), Managing Director of Simwood, who is on a mission to turn apathy into action and is driving his agenda with what could be the strongest piece of fraud research to date. Simwood's VoIP Fraud Analysis 2016, published in January, is an update to a document first published two years earlier. Its findings have been presented in many forums, both public and private, and the 2016 document was much anticipated, containing deep insights into all aspects of toll fraud, and it serves as an information resource for the industry.

"Toll fraud, in particular dial through fraud, is one of the biggest risks facing businesses operating in the VoIP space or for end user organisations with IP-enabled PBXs," stated Woodhead. "The costs are only limited by effective controls and prompt action. And the death of, or severe damage to, an otherwise healthy business can happen in minutes. Diligent service providers realise that their success depends more on minimising actual risk than maximising theoretical margin. A good value high quality carrier can provide a comprehensive portfolio of features to avoid or contain the cost of toll fraud."

International revenue share fraud is the primary concern of Ben O'Leary, Revenue Assurance Manager, Gamma. "We rarely see voicemail dial through frauds which used to be abundant, but there is a greater variety of direct PBX hacks," he warned. "The simplest preventative steps are the most effective. Resellers need to understand these and be prepared to talk about fraud risk controls as part of the sales conversation.

"We have had great success with our automated monitoring and capping services on our IP products, reducing the average cost of a fraudulent incident by around 40 per cent over the past three years. No one can promise a watertight communications environment. However, experience shows that our customers are significantly better protected if they move away from a PBX solution to our hosted IP service where we have visibility of the entire environment."

Unless the authorities become more effective at catching the perpetrators of fraud, the only option is to ensure it becomes ever less profitable, believes O'Leary. "Communication within the industry about monitoring techniques and stopping the flow of funds will be important over the next five years," he said. "The EU regulatory roaming data cap is a useful model and addresses the same basic problem, cutting off unwanted traffic. To address fraud, a similar regulatory requirement could be that all networks must offer the ability to bar any services at an agreed industry-wide threshold on an opt-out basis."

Communicating the risks of fraud is the first step to reducing them. "A sales manager once said to me that no one wants to mention fraud when making a sale," added O'Leary. "If your competition focuses on all the positives and you leave the customer thinking about the negatives then you'll lose the deal. This approach does not serve the customer or the industry well. By partnering with the right network and understanding the basics resellers can turn fraud risk management into a sales strength."

Firstcom Europe reports no incidences of toll fraud this year but it usually sees on average one a month, and sometimes they occur more frequently. Toll fraud and network security continues to be a key area of concern for the company as a service provider, but despite the temporary lull Chris Harding, SIP Encrypt Product Specialist, does not envisage the problem going away any time soon. "Wherever there is an opportunity fraudsters will look for ways to profit from it," he said. "We primarily see PBX dial through carried out remotely by opportunistic hackers to premium rate numbers in order benefit from revenue generating fraud. Quite often the premium rate numbers are overseas."

Firstcom Europe provides anti toll fraud measures in the form of spend threshold dead stops and irregular activity alerts. "But we always caution customers and partners that fraud monitoring is not fraud prevention," stated Harding. "Thresholds and alerts will minimise losses and we also encourage partners to be vigilant with strong passwords across PSTN lines and voicemail systems, and to educate their customers about access rights and the importance of passwords.

"With hackers getting more and more adept at taking advantage of the latest technology and software to identify insecure systems and crack the password, we did an experiment of our own to get a scope of the problem. We used a well known piece of scanning software and found 160,000 open IP addresses on a randomly selected class A IP range. In order to provide a watertight comms environment partners could deploy an additional call encryption device to act as a firewall and effectively camouflage the IP address."

Harding welcomes collaboration in the channel to address fraud but he believes there is potential for conflict due to confusion over who along the supply chain bears the financial responsibility when toll fraud occurs. "As we are all ultimately on the same side, the industry could consider a policy whereby charges are not passed on in proven cases of toll fraud, meaning that the revenue stream never reaches the perpetrator," stated Harding.

"Obviously, this would work for domestic calls only as international carriers must be paid regardless of the fraud. A complete industry fix would be for the major carriers to not pay their international bill for fraudulent use. This would close down the services overnight. More often than not anti-fraud measures are aimed at the symptom rather than the cause. One way of getting rid of premium rate number scams would be to scrap revenue generating numbers altogether so there is no profit to be had."

The importance of vetting potential clients should not be underestimated, according to Tony Martino, Managing Director, Tollring. "Fraudulent clients can rack up costs quickly then 'disappear', so resellers need to proactively monitor behaviour and usage with the ability to turn off a service quickly," he stated. "Remaining agile and dynamic is imperative in this market. And as fraudsters become more sophisticated in their methods, so must fraud monitoring tools evolve."

Martino supports the argument for more collaboration and coordination among carriers to identify and stop fraudulent activity. "In other areas of the market such collaboration exists to strengthen protection against computer viruses and bad credit, for example," he stated.

Channel Telecom Managing Director Clifford Norton has also called for greater collaboration, but his personal crusade has so far fallen on deaf ears. "I have tried to get the industry to talk to each other," he commented. "I have even invited some of the larger companies to discuss this in an open forum. Out of the 20 asked two responded. I have reported it to all the official bodies and even provided proof of certain people and companies actually committing the fraud. The police are far too busy and the regulatory bodies have little or no power. The only real way to get the industry heard would be to get a good group of telecom companies together and lobby our concerns to the Government. This would of course need to be backed by various politicians."

Not surprisingly, toll fraud ranks as a top priority for Channel Telecom. "It is our partners and customers that have to pay the bill, and so do we when the customer refuses to pay or leaves us feeling we could have done better," added Norton. "Why, when a carrier sees or monitors such strange behaviour do they not cease the service themselves? And in the case of premium rate fraud who gets the payments and makes a profit from this?

"We bar all premium rate calls unless the customer agrees to having them not barred. We download CDRs from the carriers every four hours, so normally within five hours we will stop incidences of fraud as best we can. But the future should see carriers take more responsibility and not argue over which numbers are premium rate and which are not. They should also offer better barring options. The industry's general response to these issues is poor."•

Related Topics

Share this story