Where, What, and How of Toll Fraud and Its Prevention

Where, What, and How of Toll Fraud and Best Practices for Prevention Banner


The business switch to cloud communications and VoIP technology raises questions about fraud and security of cloud-based systems. As a leading provider of cloud communications and toll free business numbers, AVOXI has 16 plus years’ experience in addressing customer questions about fraud prevention and security. Specifically, VoIP fraud incurs long distance per-minute charges that add up fast. And, while the best VoIP providers offer fraud monitoring, businesses also can take steps to prevent fraudulent phone calls from their accounts.

Toll fraud is the use of a telecommunications product or service without the intent to pay. It’s not new—fraudulent activity occurred in the 1970s and 1980s with a “phreaking” technique used to mimic a signaling system that controlled long-distance calls. The advent of Voice over Internet Protocol (VoIP) provided fraudsters an even greater range of targets. Traditional wireline systems constrained the volume of fraud calls by the number of phone lines. However, VoIP technology allowed a line to make simultaneous calls—greatly increasing fraudulent opportunity.

In its 2015 survey, the Communications Fraud Control Association (CFCA) attributed $38.1 billion in losses to fraudulent toll free call forwarding schemes.While that is an 18% decrease from its $46.3 estimate in 2013, the battle to prevent fraudulent activity remains a critical issue for global businesses. Typically, your VoIP provider offers fraud monitoring as part of its service; however, business owners need to be aware of any vulnerabilities they may have and take precautions by following best practice protocols for prevention.

Toll Fraud: Where, What and How

The CFCA survey indicated that many companies report fewer cases of fraud to law enforcement. However, 89% of respondents said that fraud losses increased or remained the same. Highlights from the CFCA survey indicated three “top 5” areas:

Where: Top 5 Countries for Terminating Fraudulent Calls

  • Cuba
  • Somalia
  • Bosnia & Herzegovina
  • Estonia
  • Latvia

What: Top 5 Types of Fraud

  • International Revenue Share Fund (IRSF)
  • Interconnect Bypass (example: SIM Box)
  • Premium Rate Service
  • Arbitrage
  • Theft / Stolen Goods

How: Top 5 Methods for Committing Fraud

  • PBX Hacking
  • IP PBX Hacking
  • Subscription Fraud (Application)
  • Dealer Fraud
  • Subscription Fraud (Identity)

What’s the answer to preventing fraudulent activity while continuing to reap the benefits of VoIP?

Toll Fraud Prevention Best Practices

Although top VoIP providers offer diligent fraud monitoring, it is still important for business owners to be aware of potential vulnerabilities and take steps to prevent toll fraud. AVOXI relates these steps to its customers.

Step 1: Analyze and Define Which Computer Systems Require Protection

  • Create a list of all equipment and define the degree and nature of their vulnerabilities.
  • Establish the economic impact or other impact if equipment is affected, disconnected, or damaged.
  • Set priorities on computers with highest vulnerability and/or impact.
  • Structure vulnerability reduction plan.
  • Create emergency and contingency plans.
  • Check with your PBX/SIP Gateway vendor for possible vulnerabilities or risks.
  • Document the results of all the above.

Step 2: Establish Policies with Passwords

  • Consider the minimum length to be at least 16 characters that require use of special characters, upper and lower case letters and numbers.
  • Define how often the password must be changed based on the importance of the safeguarded information.
  • Define policies regarding the blocking or closure of an account (peers) by entering a certain number of times a password is entered incorrectly. AVOXI recommends blocking after 3 failed attempts.
  • Determine whether the passwords are administered by each end user or by the information technology (IT) staff or both.

Step 3: Educate All Employees about Computer Responsibilities and Use

  • Inform the network administrator or IT staff(s) about any irregular behavior such as reduced speed of the data network or depreciation of call quality.
  • Follow the policies and guidelines established in the security plan.
  • Inform employees about Phishing and about the possible injury from disclosing passwords or other personal or business information.

Step 4: Establish Roles for Each IT Employee

  • Identify which equipment each IT employee can manipulate.
  • Maintain a log book with each action taken as it relates to the equipment (upgrades, operating system upgrades, relocation, and other actions that cause significant changes in the original topology.
  • Maintain a secure software that stores user names and passwords of the network’s main equipment.
  • Establish, at most, a maximum of two administrators with full permissions.
  • Define the profiles and permissions for each IT staff member independently.
  • Set how many and which employees are authorized for handling telecommunications equipment (switches, routers, access points, firewalls).
  • Perform periodic audits of access and changes to the configuration of the equipment.

Step 5: Back Up All Your Configurations

  • Maintain updated database backups and data restoration procedures—well documented.
  • Print and store in safe places the current settings for all network computers.
  • If possible, photograph the equipment and connections and store them in a safe place.
  • Use information to restore the network and its components in case of unauthorized or mishandling of equipment.

Step 6: Install Specialized Security Equipment/Software

  • In large environments, it is advisable to use physical firewalls. In small- to medium-sized businesses, it is possible to use software-based firewalls or to take advantage of existing router(s) to implement firewall functions.
  • Implement at least one of the following services:
    • Proxy servers—where it is considered necessary to implement. You can define bandwidth policies and permits for Internet use or outside the company network.
    • AAA (Authentication, Authorization, Accounting) Servers—RADIUS can be used (free) or TACACS+ (owner).
    • SysLog Servers—in companies with large number of computers to centralize the logs into a single monitoring point.
    • IPS or IDS Security—devices to detect early alerts from unusual network behavior and possible threads.

Step 7: Use Security Features on Your Computers

  • Disable all unwanted services or protocols in routers, firewalls and other network computers that are not in use and can become accessible to attack (for example: H.323, SIP, CDP, services TCP, UDP, RTP, ICMP, FTP, VNC, TFTP)
  • Use security protocols such as IPSec VPNs such as, PPTP, L2TP.
  • Use SSH (Secure Shell) protocol instead of Telnet.
  • Use NAT to hide the IPs of the company.
  • Encrypt the links using recognized encryption schemes such as DES, 3DES or AES. And use the keys of at least 128 bits.
  • Avoid the use of most DHCP (Dynamic Host Configuration Protocol), avoiding the assignment of IP addresses automatically.

Step 8: Ensure Appropriate Setup and Monitoring for Your PABX, PBX or Switchboard

  • Restrict access to international networks from the unauthorized internal PBX extensions.
  • Establish an administrator to authorize extensions or users with special permissions (international calls); document and store in a safe place.
  • Use PINs for telephone services—highly recommended in some cases.
  • Do not place telephone services in areas without monitoring or within the reach of people outside the company.
  • Establish a plan of frequently monitoring records such as CDRs, logs, and bills generated by your PBX and your provider to verify and scan for unauthorized calls.
  • For international calls, maintain current documentation of the common destinations of the company (country, number of remote offices, home offices, and suppliers) and periodically compare the PBX records. In case of major differences, take appropriate action and follow the procedures outlined in the safety plan.
  • Restrict or remove unused categories, such as DISA (Direct Inward System Access) that can be used by unauthorized users for fraudulent actions or for immoral/unethical usage.
  • Generate alarms when detecting national or international traffic during nonbusiness days and hours.
  • When detecting an irregular event or a variant in calling behavior, immediately inform your provider’s Fraud Control Team.

What to Expect from Your Provider

The best VoIP providers conduct round the clock fraud monitoring. Using detection rules allows your provider to suspend service immediately if there is an indication of fraudulent activity. Analysis of a customer’s call patterns, unusual international calls—in volume or location, and other aberrations provide indications of fraudulent activity. AVOXI incorporates fraud monitoring and customer notification of suspected activity as part of its service to help its customers keep their VoIP connections safe. For the best security, businesses need to be aware of potential risks and understand their role in preventing toll fraud.

For more information, explore the related articles below:

To learn more about VoIP, talk an AVOXI Specialist today or request pricing on International Toll Free Numbers or Local Numbers.