This is part 2 of a 2-part technical briefing by SmartIPX on the subject of fraud in the telecommunications industry. You can read part 1 here.
How fraud affects the end client
VoIP fraud can and does occur in any industry, although certain industries, such as banking, tend to attract more fraud than others.
A recent study from Pindrop Security found that nine out of the top ten banks, and 34 of the top 50 banks had been victims of call fraud.
In most cases, the fraud target is an enterprise, most of which never realize that they have been hacked, refuse to pay the fraudulent charges and threaten to switch to a different service provider.
The service provider has little leverage over its international long distance vendors and is left to cover the bill as liability is always at the service provider level; enforced contractually by IP Transit, Wholesale Termination, MNO and/or MVNA partner.
However, in some cases, service providers will demand the enterprise pay for fraudulent charges. This was the case in a 2009 when Michael Smith, a small business owner in Massachusetts, found that someone had hacked into his PBX to make USD$ 900,000 worth of calls to Somalia.
AT&T attempted to sue Smith for USD$ 1.15 million to recoup the cost of the calls and interest. Though AT&T eventually dropped the charges, a spokeswoman for the company maintained that they had been entitled by law to collect the amounts owed, and that Smith should have put more safeguards in place to protect his phone system.
Besides the potential risk of end client liability – likely to be tested in the courts at some time, especially at the enterprise level – there is the cost of handling a fraud once discovered in terms of fixes, time spent by key staff and liaison with the service provider.
As better educated enterprises and customers learn about fraud, they will increasingly ask their service provider to prove that they have an effective fraud handling process that will minimise their own exposure to fraud, quite possibly pushed by their own insurers protecting themselves from exposure to this minefield.
Best practices: How SmartIPX help our customers deal with fraud
You can lose a lot of money in a short time of time if you are not capable of detecting or responding to fraud very quickly. You don’t just need to know that you’ve had a fraud, you need to react to it – it’s not enough to have a fraud detection department staffed only during office hours. The CFCA 2013 global fraud report shows that significantly less than 50% of all organisations staffed operated fraud detection on a 24×7 basis.
SmartIPX have a management service to monitor vs normal usage patterns with an alerts procedure which includes our 24*7 service desk. This allows us to respond to unexpected usage patterns that may indicate fraud by shutting down or suspending activity, escalation and further monitoring, minimising our clients’ exposure. SmartIPX monitor in real-time to prevent dial-through fraud.
SmartIPX works with several customer in house systems and our own managed services, one tariff and location based and the other usage (minutes and call attempts), we combine the alert functionality which highlights unusual network activity with a known and proven escalation procedure handled by our 24*7 team who know our customer networks, operations teams and end users!
This is risk management activity of a critical kind, as once a fraud is occurring the potential losses can be business threatening; we have worked with partner customers to benchmark fraud incidents to identify the true value of deploying and maintaining a managed service.
15% of respondents to the CFCA 2013 survey already outsource their fraud management services, avoiding the massive capex of setting up and managing a fraud detection team 24×7. Speak to us about how SmartIPX could help you make the smart decision in setting up best practices around monitoring and handling fraud.