Toll fraud is on the rise. Just last month, one of my clients faced a $1,200 bill due to fraudulent activity on their VoIP phone system. Somebody hacked into their system by using the default user name and password for a conference phone and made hundreds of minutes of international calls.
Toll fraud is more common today because VoIP phone systems are more popular. VoIP systems can be hacked because they are connected to the Internet. The costs associated with fraudulent activity add up fast. (Incidentally, digital phone systems can be hacked, too, but it's much harder.)
3 ways to protect your business from toll fraud
#1: Purchase new phone systems from your phone and Internet service provider, not from an independent dealer or direct from the manufacturer.
Buying from your provider puts the provider on the hook for any costs associated with toll fraud. They install and manage your phone system, so they may assume financial responsibility (not always, but more on that later). Independent phone system dealers and phone system manufacturers will just tell you to go secure your network (i.e. good luck with that).
Phone and Internet service providers, on the other hand want to catch toll fraud fast because it’s a liability for them. If business customers can’t pay the charges, the provider has to pay for them. Also, there are underlining wholesale costs for carrying the fraudulent traffic that the provider must absorb.
To combat this, the best-in-class service providers now monitor customers’ accounts and immediately jump on anything suspicious.
For example, my client’s more than $1,200 toll charge was due to unapproved international calling that occurred over one weekend. The provider’s Network Services Unit identified the suspicious traffic and immediately blocked all international calls. This prevented any additional charges. Then they called my client to alert them of the activity and charges.
Incidentally, quality providers do this for hosted phone systems, as well. With hosted phone systems (Hosted PBX), the provider actually owns your phone system, so they are definitely responsible for any toll fraud that occurs.
Now, all this proactivity was great, but my client was still sitting on a $1,200 bill. The provider did not automatically assume financial responsibility for the costs. Not until I got involved, anyway. Which brings me to the second way to protect your business telecom.
#2: Work with a telecom advocate.
Telecom consultants should act as your advocate. Good ones know how to get stuff done for you, like credits. In this case, my client immediately called us when they received word from the provider of the fraudulent activity. We helped them know what to do next and explained that they should ask the provider to cover the bill. We helped craft an argument for why the provider was liable. Ultimately, the provider accepted liability and credited the customer fully for the fraudulent traffic costs because of Caisson’s work. It was a big win.
In general, working with a telecom consultant helps you know what to ask for, how to negotiate and what to leverage. I explain more about why this is the case here. Also, good consultants usually only recommend providers that have a high level of customer service. Not all providers will entertain a customer’s attempt to negotiate, let alone issue a credit for fraudulent charges. At least not without a fight. Working with a telecom consultancy, like Caisson helps eliminate this hassle.
#3 Change your default settings
In this case, the hacker used default settings to access my client's system. When you get devices that connect to the Internet, be sure to change the default user names and passwords. Do this even for seemingly low-profile devices, like a generic Polycom conference phone.
Helping business customers with free advice and 10+ years of industry expertise is what Caisson is all about. If you have questions about your business phone and Internet service, including phone systems, please give us a call: (206) 420-0140.
We'd love the chance to work with you. Plus, our brokerage service is free. Here's how.
P.S. If you have VoIP service or are considering getting it, you might find this article helpful. It's about other steps you can take to avoid the pitfalls of VoIP. In particular, VoIP service across managed vs. unmanaged networks.