Email a colleague    

August 2010

Why Selling to Business Customers Makes You a High Risk Target for Fraud

Why Selling to Business Customers Makes You a High Risk Target for Fraud

“Buying fraud software is not a priority for us.  Our wholesale carrier is monitoring our traffic, we don’t offer causal access, and we have a good credit screening system in place.  We feel we’re pretty safe.”

As the head of sales for the most widely deployed telecom fraud solution in North America, I hear these arguments all the time from carriers who fail to appreciate today’s fraud threat.  Here, for example, are the real world cases of four telecoms who figured investing in fraud software was not a high enough priority:

  • A Business CLEC toyed with the idea of buying fraud software for two years but never signed a deal.  This spring they experienced a fraud hit costing them $100,000.  The carrier sought legal arbitration arguing that their wholesale carrier was supposed to provide fraud protection.  This single instance of fraud was almost twice as expensive as fraud management systems used by similar carriers.
  • A Broadband Provider said new security measures in place obviated the need for fraud software.  Within six months, they were hit again with a fraud loss of more than $125,000.  This loss contributed to a tough financial picture that ultimately led to the firm’s sale to another operator.
  • A VoIP and Unified Communications Provider declined to invest in fraud software citing improved PBX security practices.  Within three months, they were hit with fraud costing them $60,000 — enough to cover the cost of fraud management for a carrier of their size.
  • Another VoIP Carrier agreed to purchase a fraud management system, but never got around to paying for and installing it.  They subsequently experienced a major fraud hit — which cost them more than the software!  Soon thereafter, the company was purchased by another service provider.

Obviously these carriers gambled and lost.  I hope for their sake, the next time they visit Las Vegas they skip the casinos and see the Blue Man Group instead.

Now there’s nothing wrong with gambling.  We do it all the time in life and in business.  But unfortunately, the fraud problem cannot be reduced to simple gambling odds or risk formulas — the criminal mind is too cunning and resourceful.  If you close one breach, the bad guys are flexible enough to exploit other avenues of attack.

There’s a saying in the fraud business: “It’s not a question of whether you’ll be hit by fraud, only when, how bad, and from which direction.“

It’s that “from which direction“ part that gets a lot of people in trouble.  Too many carriers assume that fraudsters are playing from the same deck of cards they used five years ago.  Yes, you may indeed be “safe” from yesterday’s threats, but you are still highly exposed to today’s threats.

These days the biggest fraud risk factor is not casual dialing, calling cards, or poor credit screening — it’s simply selling telecom services to business.

Surprising, but true: The majority of fraud we see these days is PBX fraud, and that’s precisely the niche of most competitive carriers.  They sell services to small and medium businesses with a PBX.

The Highly Vulnerable PBX

The reason a PBX is so vulnerable is, frankly, it’s a marvelous piece of equipment — with more capabilities than a recent generation, high-end Class 5 switch.  For example, an IP PBX allows you to call in, listen to your voice mail, press a button to make an outbound call, send your voice mail to your computer, and many other functions.  You can also set up complicated follow-me routing such as: If a call comes to my office, let it ring three times then route it to my cell phone.  If the cell phone doesn’t answer, ring my home phone.

Trouble is: Hackers can gain access to those sophisticated features.  For instance, hackers can often detect what type of PBX it is from the voice greetings and prompts.  And if the default password for the PBX is 1234 and it hasn’t been changed, then boom: The fraudster is in the door.  Pretty soon, with an automated dialer, they start flooding the business with phone calls.  Exploiting the follow-me feature, they redirect those calls to expensive international destinations that can charge $2 a minute or more.

The typical small business that owns a PBX is caught completely off-guard by this stuff ... many are simply not worried about the security of a device that’s sitting in a closet somewhere.  They have no idea how risky that device can be and how much financial exposure it creates.

In many cases, the service provider figures they’re safe because they run reports every workday to detect unusual usage.  Problem is, if the bad guys hit you at 6 p.m. on Friday night, by the time you run that report on Monday morning, you could be out $50,000.

Now the customer is clearly responsible for the fraud traffic that comes through its PBX.  Most small businesses sign a contract with their carrier saying they assume full responsibility for their traffic.

Yet here’s the kicker: In the world of fraud, knowing who you’re supposed to bill doesn’t mean you get paid.  The small business may simply not have the cash to pay that $50,000 bill.  What’s more, the business could declare bankruptcy, in which case the chances of recovering that revenue will be practically nil.

Monitoring Your Network Aggressively

It’s never been a better time to monitor your network for fraud activity — and it makes sense even if you have a closed network and customers that you’ve screened for their creditworthiness.

The beauty of the latest fraud management software is it can notify you proactively.  Fraud typically doesn’t happen during business hours, so it’s essential that you receive alerts around the clock to limit the damage.

A rural LEC recently bought our Protector fraud solution and I got flack from some people for a selling our solution to a carrier with a small “low volume network.“  Yet within a month of installation, the PBX of one of their customers was hacked, prompting a weekend shutdown and a fraud loss of $200.  Without those alerts, the LEC could have easily lost $20,000 by Monday morning.

Conclusion

Just because yesterday’s fraud issues are under control doesn’t mean you’re home free.  The only secure telephone switch is one that’s not plugged in, and today’s sophisticated PBXs are proving to be a lucrative money-making machine for the fraudster.

Fraud software is a proven insurance policy for limiting your financial exposure.  Can your business really afford to delay that protection?

This article first appeared in Billing and OSS World.

Copyright 2010 Black Swan Telecom Journal

 

About the Expert

David West

David West

David West is executive vice president of Equinox Information Systems, responsible for developing and implementing the company’s long-term strategic plan, including product design and marketing.

Equinox Information Systems is one of the leading fraud and RA software vendors in the U.S.   Contact David via

Related Stories

  • Oculeus Launches IRSF Fraud Defense-in-Depth for Enterprises; Cloud Service Screens & Blocks Calls at PBX interview with Arnd Baranowski — A revolutionary IRSF fraud service stops and blocks fraud at the enterprise PBX.  The story explains the service’s SIP signaling, global PBX registration, security, and plans for telecoms to offer the service to their enterprise customers.
  • IRSF Protection: Software that Blocks Telecom Fraud at the Enterprise PBX interview with Roger Ansin — The richest criminal path to International Revenue Share Fraud (IRSF) goes through the enterprise PBX.  Hijacking the PBX has cost businesses and telecoms countless billions of dollars in the past 15 years.  In this interview you’ll learn about this industry challenge and an affordable and proven tool that blocks IRSF at the enterprise.
  • Why Selling to Business Customers Makes You a High Risk Target for Fraud by David West — There’s a saying in the fraud business: “It’s not a question of whether you’ll be hit by fraud — only when, how bad, and from which direction.“  Citing four recent cases where operators were hit by fraud, this article explains why investing in a fraud soluiont — and keeping up-to-date — are so critical.  The article gives several examples of vulnerability points that fraudsters commonly exploit.

Related Articles