We are often asked the question, “My phone system has been hacked and I have a huge telephone bill. What can I do?” TransNexus offers excellent software to prevent telecom fraud, but we do not have a solution for fraud victims after an attack has occurred. So, to answer this question, we asked Mark Palchick, an attorney and industry expert with a deep understanding of telecom laws and regulations. This article summarizes what TransNexus learned from Mr. Palchick.
A Serious Financial Risk for Enterprises
Telecom or toll fraud is an increasingly dangerous problem in the telecommunications industry and can affect any organization which uses or sells VoIP services. Enterprises are the primary target for most fraudsters. Few enterprises realize that their telephone system is a fraud target that could cost them hundreds of thousands of dollars in fraud losses.
While many enterprises have been victims of toll fraud, few firms will discuss their losses in public. However, a few well publicized cases indicate how large the fraud risks are for enterprises and small businesses.
What To Do Before Fraud Occurs
Preventing toll fraud is much easier and less costly for an enterprise than dealing with large toll fraud losses. Palchick notes that most enterprises ignore the risks of toll fraud until they are attacked. He recommends that enterprises give telecom toll fraud the same priority as other significant business risks and take the following actions before an attack occurs.
1) Know What You Are Purchasing
You need to be intelligent when you are purchasing telephone services. First and foremost, know what you are buying. If international long distance service is not required, do not subscribe to it. International long distance calls pose a high fraud risk to enterprises. If you do not intend to subscribe to international long distance service, make sure your contract clearly states that the service is not included. If international long distance is required, implement the TransNexus telecom security checklist. Also, safeguard your phone system by deploying a fraud management system that is capable of preventing and detecting fraud before it enters your network.
2) Know the Terms of Your Contract
Study the contract from your service provider and become familiar with its terms. Assume that you, the customer, are fully liable for any calls that originate from your telephone system. Most telephone service terms and conditions make it very clear that the customer is fully liable for fraudulent calls. The following clause, taken from the Comcast Business Services Customer Terms and Conditions is a good example.
3.12 Fraudulent Use of Services. Customer is responsible for all charges attributable to Customer with respect to the Services, even if incurred as the result of fraudulent or unauthorized use of the Services.
3) Ask If Your Service Provider Offers Toll Fraud Protection for a Fee
If your telephone service provider offers toll fraud loss protection, it may be the best solution for managing fraud risk. Be sure to ask for toll fraud protection. Refusal of a provider to provide toll fraud protection could be significant in the event toll fraud occurs. Also, ask your service provider to advise you in what steps you should take to minimize fraud and also ask what steps they take to minimize fraud. It could be important later. Also, when you ask, always ask in writing.
What To Do After Fraud Occurs
Once toll fraud has occurred, it will be a challenge for the enterprise to avoid full financial responsibility for the losses. However, there are actions the enterprise can take to possibly reduce their toll fraud losses. Palchick recommends that enterprises follow the four steps below if their telephone system is hacked and they receive a huge bill from their service provider.
- Gather as much information/evidence as possible to understand exactly what happened.
- Determine if cramming has occurred. Cramming occurs when the enterprise is subscribed to services it did not order. If the enterprise can prove that cramming occurred, they may have a strong argument that there are not liable for the toll fraud losses.
- Prepare to negotiate for a settlement that is less than the full retail cost of the toll fraud loss. Many service providers will be satisfied if they can recover their wholesale costs related to the fraudulent traffic. Since there can be a large profit margin between international retail and wholesale rates, this could be a significant reduction in fraud loss for the enterprise. If no cramming occurred, it is probably not realistic or reasonable for an enterprise to expect its service provider to reduce the enterprises toll fraud liability below the wholesale cost of the fraudulent traffic.
- If the service provider does not agree to reduce the enterprise’s toll fraud liability to the service provider’s wholesale cost, then the enterprise should consider filing a formal complaint with the FCC against their service provider. Winning a formal complaint against a service provider to avoid toll fraud losses will be a major challenge, but it may motivate the service provider to negotiate a reduced settlement. Filing a formal
complaint with the FCC will require advice from an attorney who is familiar with FCC rules and decisions regarding telecom fraud. The FCC has ruled on five formal complaints regarding telecom fraud and four were clearly in favor of the service provider. However, all these decisions occurred in 2001, or before, and the world has changed dramatically with the widespread adoption of VoIP technology. A summary of the FCC rulings on telecom fraud complaints are summarized in the following table.
Mark Palchick is an attorney in the Washington, DC office of Womble Carlyle Sandridge & Rice. He has worked in the communications field since 1975. He is experienced in matters relating to international copyright, negotiations of program affiliation agreements, E-rate funding, pole attachment matters, interconnection agreements between carriers and other FCC regulatory matters. You can contact Mr. Palchick at [email protected]