Industry acts to combat toll fraud, but more to do

In truth, the toll fraud question has been one of the most under-debated industry issues, but in recent times there has been an outbreak of common sense with the sector becoming more articulate in promoting coherent anti-fraud strategies that will help to remake the industry into its own image and gain back control.

ITSPA hopes that the industry and Government will be guided by its newly formed Cyber Crime Task Force, part of a campaign to raise the profile of telephony fraud with Government, the regulator and law enforcement. "We have had some constructive meetings," stated David Cargill (pictured), Chair of ITSPA's Operations Working Group. "ITSPA has also highlighted to policy makers that, for the past five and a half years, Ofcom has had the power to request communications providers to block telephone numbers and withhold out payments for frauds occurring in Europe. However, as far as ITSPA is aware, this power has only been used twice."

Instead of sitting on their hands, the Government, law enforcement and Ofcom must commit more resources to fighting this crime, urged Cargill. "Toll fraud is estimated to add around two per cent to users' bills," he added. "It is highly prevalent in states under suspicion of funding crime and, in some cases, terrorist activities."

ITSPA is encouraging Ofcom to use the power it holds regarding frauds that originate in Europe, and is also calling for Government to recognise telephony fraud more broadly, including measures around the training and education of law enforcement and the public as part of the recently announced Cyber Security Strategy. "It is also essential that the Government works more closely with international governments, regulators and the ITU," stated Cargill. "Close international cooperation will be required to block out payments and finally end the crime. A further potential option for the industry is working with Internet service providers to block scanner traffic."

A survey of 1,000 businesses commissioned by an ITSPA member revealed that 27 per cent of those questioned had been the victim of a telephone hack over the past five years, resulting in the company being billed for calls their employees had not made. The average cost to each business was £12,000. The most common losses came from calls being made via a compromised PBX, calls made from elsewhere using SIP credentials that have been harvested, and calls made from VoIP accounts that have been set up using stolen credit card details. All of these result in losses of revenue for the customer and damage to the customer-supplier relationship.

According to Cargill, if more telecoms suppliers and users report fraud using ITSPA's Fraud Reporting Guidelines the issue will be given more attention and be considered a greater priority by the relevant law enforcement agencies. "Toll fraud can potentially become a thing of the past if security measures are followed by end users, scanning traffic is blocked at the national network or ISP level, and out payments for fraudulent calls are stopped," added Cargill.

This wish list would form the basis of a new order in comms that would see the high cost of toll fraud removed in the UK, currently estimated to be in the region of £953 million. Ben O'Leary, Revenue Assurance Manager at Gamma, agrees that it's the responsibility of all parties to do everything in their power to halt the ongoing cycle of fraud. "All parties need to accept a share in the blame for high levels of fraud," he said. "While clearly the only person truly at fault is the perpetrator, all those involved can do more to limit the potential for, and mitigate, the impact of fraud.

"The regulator has announced that it sees UK revenue share fraud as coming under the AIT process, which is something the industry has been exercising for many years already. But it does not say anything on the subject of fraud across borders or the use of international call forwarding services which are an ever increasing concern in the industry. The Government should be involved in arranging cross-border consensus to put a stop to this flow of money."

The Risk & Assurance Group is currently supporting an initiative led by fraud expert David Morrow to use the Proceeds of Crime Act as a mechanism to prevent the flow of money, even if it would cross borders. "This would be a powerful tool to limit IRSF from UK-based phone systems and the whole industry should offer its support to see that to conclusion," added O'Leary. "This does not mean that law enforcement should stop trying to catch the perpetrators. It is after all a worldwide problem that affects calls arriving in the UK as well as those originating here. It's a joint responsibility."

Gamma has witnessed fraud across a large number of business customers. "The only type of fraud we see in our part of the market is revenue share fraud, either international or UK terminated, but through a number of different means," he explained. "The most common method of fraud seen is PBX hacking. Dial-through fraud is becoming less common as consumers become more wary of the security of voicemail.

"As long as there are insecure phone systems and revenue share generating phone services there will always be scope for fraud. The goal we need to work towards is preventing it from being no consequence free money for those engaging in fraud. As businesses move towards online help desks, perhaps before long there will be no need for revenue generating numbers."

Voiceflex's brand of fraud prevention could be described as aggressive, notably because the company has itself been the victim of a crime to the tune of £25,000. "But the legal fees where £75,000," stated Sales Director Paul Taylor. "We decided it wouldn't happen on our platform again and implemented our fraud reporting tool ABBA (Advanced Behaviour Based Analysis), a multi-level application to detect fraudulent activity and stop it at source.

"We still get hundreds of attacks a week, 90 per cent are stopped within our core application, the remaining 10 per cent via our second and third line defences. I keep being told this is an industry problem. Most SIP carriers have applications within the core to spot fraudulent activity and kill it there and then. I know it's harder with PSTN and ISDN, but perhaps when they are completely finished and we are all SIP or hosted the problem will be mostly removed. If the network and/or telephony application was locked down, you could wipe off 60-70 per cent of the fraud."

Is gaining the upper hand over these criminals realistic? Tollring's Managing Director Tony Martino believes so, having also leveraged technology to good effect with the launch of its new real-time Credit and Fraud Management System (CFMS), which last month went live on BT Wholesale's Hosted Centrex platform. "Self-learning predictive analytics that review real-time trends and update dynamically help us to eliminate fraud before or as it happens," commented Martino.

"The issue is how loud can you shout about the problem of fraud when talking to customers. Everyone wants to hear about incidents and how to prevent them, but at the same time no one is willing to talk about it. Education and awareness is needed but without scaring the end user. The customer needs to understand that fraud management is good for them, it offers a lower cost of ownership and greater flexibility. Using automated and self-learning technology empowers everyone in the food chain to play their part in controlling fraud. The tools need to devolve across partners so they can input and manage their customers closely, which promotes shared responsibility across the whole channel down to site level."