|© 2016 Black Swan Telecom Journal||•||protecting and growing a robust communications business||• a service of|
|Email a colleague|
“Buying fraud software is not a priority for us. Our wholesale carrier is monitoring our traffic, we don’t offer causal access, and we have a good credit screening system in place. We feel we’re pretty safe.”
As the head of sales for the most widely deployed telecom fraud solution in North America, I hear these arguments all the time from carriers who fail to appreciate today’s fraud threat. Here, for example, are the real world cases of four telecoms who figured investing in fraud software was not a high enough priority:
Obviously these carriers gambled and lost. I hope for their sake, the next time they visit Las Vegas they skip the casinos and see the Blue Man Group instead.
Now there’s nothing wrong with gambling. We do it all the time in life and in business. But unfortunately, the fraud problem cannot be reduced to simple gambling odds or risk formulas — the criminal mind is too cunning and resourceful. If you close one breach, the bad guys are flexible enough to exploit other avenues of attack.
There’s a saying in the fraud business: “It’s not a question of whether you’ll be hit by fraud, only when, how bad, and from which direction.“
It’s that “from which direction“ part that gets a lot of people in trouble. Too many carriers assume that fraudsters are playing from the same deck of cards they used five years ago. Yes, you may indeed be “safe” from yesterday’s threats, but you are still highly exposed to today’s threats.
These days the biggest fraud risk factor is not casual dialing, calling cards, or poor credit screening — it’s simply selling telecom services to business.
Surprising, but true: The majority of fraud we see these days is PBX fraud, and that’s precisely the niche of most competitive carriers. They sell services to small and medium businesses with a PBX.
The reason a PBX is so vulnerable is, frankly, it’s a marvelous piece of equipment — with more capabilities than a recent generation, high-end Class 5 switch. For example, an IP PBX allows you to call in, listen to your voice mail, press a button to make an outbound call, send your voice mail to your computer, and many other functions. You can also set up complicated follow-me routing such as: If a call comes to my office, let it ring three times then route it to my cell phone. If the cell phone doesn’t answer, ring my home phone.
Trouble is: Hackers can gain access to those sophisticated features. For instance, hackers can often detect what type of PBX it is from the voice greetings and prompts. And if the default password for the PBX is 1234 and it hasn’t been changed, then boom: The fraudster is in the door. Pretty soon, with an automated dialer, they start flooding the business with phone calls. Exploiting the follow-me feature, they redirect those calls to expensive international destinations that can charge $2 a minute or more.
The typical small business that owns a PBX is caught completely off-guard by this stuff ... many are simply not worried about the security of a device that’s sitting in a closet somewhere. They have no idea how risky that device can be and how much financial exposure it creates.
In many cases, the service provider figures they’re safe because they run reports every workday to detect unusual usage. Problem is, if the bad guys hit you at 6 p.m. on Friday night, by the time you run that report on Monday morning, you could be out $50,000.
Now the customer is clearly responsible for the fraud traffic that comes through its PBX. Most small businesses sign a contract with their carrier saying they assume full responsibility for their traffic.
Yet here’s the kicker: In the world of fraud, knowing who you’re supposed to bill doesn’t mean you get paid. The small business may simply not have the cash to pay that $50,000 bill. What’s more, the business could declare bankruptcy, in which case the chances of recovering that revenue will be practically nil.
It’s never been a better time to monitor your network for fraud activity — and it makes sense even if you have a closed network and customers that you’ve screened for their creditworthiness.
The beauty of the latest fraud management software is it can notify you proactively. Fraud typically doesn’t happen during business hours, so it’s essential that you receive alerts around the clock to limit the damage.
A rural LEC recently bought our Protector fraud solution and I got flack from some people for a selling our solution to a carrier with a small “low volume network.“ Yet within a month of installation, the PBX of one of their customers was hacked, prompting a weekend shutdown and a fraud loss of $200. Without those alerts, the LEC could have easily lost $20,000 by Monday morning.
Just because yesterday’s fraud issues are under control doesn’t mean you’re home free. The only secure telephone switch is one that’s not plugged in, and today’s sophisticated PBXs are proving to be a lucrative money-making machine for the fraudster.
Fraud software is a proven insurance policy for limiting your financial exposure. Can your business really afford to delay that protection?
This article first appeared in Billing and OSS World.
Copyright 2010 Black Swan Telecom Journal