Toll fraud targeting telephone systems has been around ever since people started devising ways not to pay for phone calls but VOIP fraud allows professional criminals to hack self-installed systems and call international numbers from which few SMEs could recover with phone bills 10 times bigger than usual.
"Local and international fraudsters cracking a poorly-installed VoIP switchboard can put a small business out of business in minutes," says Greg Massel, MD of VoIP solutions provider, Switch Telecom. Its flagship VoIP product is a PBX switchboard hosted in the Cloud and which contains built-in fraud safeguards such as pre-specified credit limits, regularly updated security patches and suspicious activity alarm notifications.
He explains that the toll fraud threat to the liquidity of SMEs, in particular, comes from the fact that fraudsters can ring up tens of thousands of Rands in phone bills in minutes. "The business owner would be liable for those charges and most SMEs would find it very hard to recover from a phone bill that is perhaps ten times bigger than usual."
Passwords, protocol essential
So how does it all happen? Firstly, because Voice over Internet Protocol (VoIP) technology uses the Internet to make and receive phone calls and not infrastructure owned by the traditional telephone networks, it is significantly cheaper and therefore attracts cost-conscious enterprises such as small business owners.
"Toll fraud problems arise when SMEs believe they can magnify the savings afforded by VoIP technology by using an under-qualified person to install their office PBXs. Unfortunately, in the long run, using an internal employee not adequately versed in the installation of VoIP switchboards can be extremely costly for a number of reasons."
These include the fact that proper user names and passwords are seldom maintained, security patches are not regularly updated and worst of all, SMEs don't often consider the scenario when the only person in the business who has any understanding of the VoIP PBX leaves the company.
"The best option is for companies to engage the services of an experienced VoIP provider that can properly set up a fully managed VoIP PBX solution." Such a provider will set up credit limits on client accounts, properly maintain security patches and generally ensure that any untoward toll fraud activity is speedily identified and combatted.
International premium numbers targeted
According to Massel, the most common type of VoIP toll fraud involves international premium numbers. This is because premium numbers operate on a revenue-sharing basis where the telecom's operator pays a portion of the call revenue to the company that owns the number. Typically, a VoIP subscriber's PBX system is hacked and the hacker then uses the system to make multiple calls to a premium number registered by accomplices. The hacker then receives a percentage of that revenue back from the operator and the VoIP business subscriber ultimately foots the bill.
ISPA taking steps
VoIP will increasingly become the future of voice and, recognising this, the Internet Service Providers' Association of SA (ISPA) is taking proactive steps to limit VoIP toll fraud. For example, the Association for the first time last year held an ISPA Voice Fraud Prevention Workshop aimed at discussing strategies to clamp down on this latest attempt by fraudsters to pilfer money from legitimate businesses.
While industry-wide initiatives to combat voice fraud in general and toll fraud in particular, are to be welcomed, the individual enterprise's best defence remains remembering to use a specialist when it comes to PBX installations.