A $28 Billion Dollar Problem

Each year, the Communications Fraud Control Association (CFCA) conducts fraud loss surveys of the communications industry. For 2019, survey respondents estimated that the cost of fraud was on average 1.74% of revenues, or over $28 billion.

The bad guys never rest.  They continually come up with ways to exploit communications platforms and drive fraudulent traffic.  These events are often very costly for carriers and service providers —  to the tune of $10,000 – $250,000 over short periods of time.  They can wipe out voice margins for months, or even years to come.

Therefore, as we begin a new year, it’s important to re-examine the controls, processes, and protections that can minimize risks and costs of toll fraud.

Nine Best Practices to Reduce Your Risk

Here is a checklist of steps service providers and carriers can take:

  1. Ensure that you have an effective fraud detection capability in place

Whether you use a 3rd party product or something developed in-house, you need to detect problems before you are charged for them — not afterward. If your current solution is based on call detail records (CDRs) from completed calls, it won’t be fully effective and you should consider a solution that uses call setup info (i.e. SIP signaling data) to block bad calls from even being connected

  1. Reduce your attack surface – Don’t implement new customers with all or even any international destinations enabled.

The customer can always contact sales or customer care to add in destinations if needed.  If fraud becomes a recurring issue, then consider requiring users to dial auth codes (PIN) to complete calls to high-cost LD destinations.

  1. Ensure your voice platform is properly configured to limit exposure
  • Don’t allow calls to continue for long periods of time.  We have seen systems that allow calls to be in process for upwards of 24 hours – 3 hours is a good rule of thumb to cut calls as the % of 3-hour calls that are legitimate is likely in the single digits.
  • Restrict the number of concurrent calls that can be originated from one station.  Again, we have seen examples where upwards of 80 calls can be originated from one station simultaneously using SIP Refer or Call Forwarding that can lead to huge losses.
  1. Ensure that your customer agreements contain language to guard against “unacceptable use” so that you can mitigate these situations

Though not technically fraud, “traffic pumping” still occurs.  One form of traffic pumping is where a subscriber will call numbers in high-cost areas like South Dakota, Iowa, etc. The calls will then be made/redialed so that they are in use for as long as possible driving up the cost for the carrier, while the customer’s revenue remains flat as they are on an unlimited service.  What’s worse, as a common carrier, the carrier is not allowed to block or restrict these calls. Don’t make unlimited really mean unlimited.

  1. Most of the international toll providers offer a mix of proactive and reactive fraud mitigation capabilities that should be utilized.

The proactive capabilities include customizing destinations, identifying fraud patterns as it occurs based on a host of different “signatures” and automated blocking / disabling of routes once fraud is suspected.

The reactive capabilities deal with things like blocking destinations once certain minute or dollar thresholds have been reached – think “circuit breaker”.

  1. Ensure that you have a well thought out incident response plan to limit the extent of a fraud event should it happen.

The following should be a part of this incident response plan:

  • All key people should be on the carrier notification lists
  • Access to recent CDRs and the ability to analyze and promptly identify suspect customer endpoints and international destinations is key
  • Must be able to quickly implement route changes and/or blocks to stop the bleeding
  • Keep on-going communications with internal team as well as carriers’ NOCs / Sales Teams
  • Routinely perform post-mortems to learn from these events
  1. Treat destinations differently (i.e. default block, etc.) as some are far more likely to drive fraudulent traffic than others.  The following is a list of countries that experience high rates of fraud:
  • AC Ascension Islands 247
  • AG Antigua/Barbuda 268
  • AI Anguilla 264
  • AS American Samoa 684
  • BB Barbados 246
  • BM Bermuda 441
  • BS Bahamas 242
  • CD Democratic Republic of the Congo 243
  • CF Central African Republic 236
  • CG Congo 242
  • CZ Czech Republic 240
  • DM Dominica 767
  • DO Dominican Republic 809 829 849
  • GD Grenada 473
  • GQ Equatorial Guinea 240
  • GU Guam 671
  • HT Haiti 509
  • JM Jamaica 876
  • KN St. Kitts & Nevis 869
  • KY Cayman Islands 345
  • LC St. Lucia 758
  • LT Lithuania 370
  • MA Morocco 212
  • MF St Martin 590
  • MP Northern Mariana Islands 670
  • MS Montserrat 664
  • MV Maldives 960
  • PK Pakistan 92
  • PW Palau 680
  • SC Seychelles 248
  • SX Sint Maarten 721
  • TC Turks and Caicos Islands 649
  • TD Chad 235
  • TN Tunisia 216
  • TT Trinidad and Tobago 868
  • UG Uganda 256
  • VC Saint Vincent and the Grenadines 784
  • VG British Virgin Islands 284
  • VI U.S. Virgin Islands 340
  • SL Sierra Leone 232
  • SD Sudan   249
  • LR Liberia 231
  • LV Latvia 371
  1. Ensure customers understand how to secure access to the voice system and monitor regularly
  • Use strong passwords (and even multi-factor authentication for critical systems) for Phone / PBX / Voicemail access
  • Block call forwarding or return call features from voicemail
  • Block international calling on call forwarding
  • Keep system software up to date with releases / security patches
  • Disable all ports not In use (esp. IP ports 5060 / 5080)
  1. Lastly, we recommend a multi-layered approach of both internal and carrier fraud mitigation to create an effective toll risk management capability
  • Deploy an effective, internal fraud detection capability and related processes as the first line of defense to filter out suspect calls
  • Utilize the pro-active fraud mitigation tools offered by the carriers to handle any fraud that may get through
  • As the last defense to a runaway train fraud event use minute or dollar value thresholds to shut down routes at the ANI or Trunk Group level

You’ve worked too hard to lose profits to fraud — with these basic precautions you won’t have to.