What to do when telecom fraud occurs

You’ve been hit with a telecom fraud attack. Now what? We asked Mark Palchick, an attorney and industry expert with a deep understanding of telecom laws and regulations.


We are often asked the question, “My phone system has been hacked and I have a huge telephone bill. What can I do?” TransNexus offers excellent software to prevent telecom fraud, but we can’t give legal advice. In this article, Mr. Palchick provides an overview of the legal landscape to help prepare you to discuss your situation with your attorney.

A serious financial risk for enterprises

Telecom or toll fraud is an increasingly dangerous problem in the telecommunications industry and can affect any organization which uses or sells VoIP services. Enterprises are the primary target for most fraudsters. Few enterprises realize that their telephone system is a fraud target that could cost them hundreds of thousands of dollars in fraud losses.

While many enterprises have been victims of toll fraud, few firms will discuss their losses in public. However, a few well-publicized cases indicate how large the fraud risks are for enterprises and small businesses.

YearFraud LossDetails
2015$2,000,000Doctor's office in Maryland. Telephone system hacked to make calls to Gambia, Ascension Island and Dominica.
2014$166,000Seven-person architecture firm in Georgia. Four-line analog phone system hacked to make calls to Gambia.
2013$600,000Real estate agent in Florida. Phone system hacked to make calls to Somalia, Guinea and Azerbaijan.

What to do before telecom fraud occurs

Preventing toll fraud is much easier and less costly for an enterprise than dealing with large toll fraud losses. Mr. Palchick notes that most enterprises ignore the risks of toll fraud until they are attacked. He recommends that enterprises give telecom toll fraud the same priority as other significant business risks and take the following actions before an attack occurs.

Know what you are purchasing

You need to be intelligent when you are purchasing telephone services. First and foremost, know what you are buying. If international long distance service is not required, do not subscribe to it. International long distance calls pose a high fraud risk to enterprises. If you do not intend to subscribe to international long distance service, make sure your contract clearly states that the service is not included. If international long distance is required, safeguard your phone system by deploying a fraud management system that is capable of preventing and detecting fraud before it enters your network.

Know the terms of your contract

Study the contract from your service provider and become familiar with its terms. Assume that you, the customer, are fully liable for any calls that originate from your telephone system. Most telephone service terms and conditions make it very clear that the customer is fully liable for fraudulent calls. The following clause, taken from the Comcast Business Services Customer Terms and Conditions is a good example:

3.12 Fraudulent Use of Services. Customer is responsible for all charges attributable to Customer with respect to the Services, even if incurred as the result of fraudulent or unauthorized use of the Services.

Ask if your service provider offers telecom fraud protection for a fee

If your telephone service provider offers toll fraud loss protection, it may be the best solution for managing fraud risk. Be sure to ask for toll fraud protection. Refusal of a provider to provide toll fraud protection could be significant in the event toll fraud occurs. Also, ask your service provider to advise you in what steps you should take to minimize fraud and also ask what steps they take to minimize fraud. It could be important later. Also, when you ask, always ask in writing.

What to do after telecom fraud occurs

Once toll fraud has occurred, it will be a challenge for the enterprise to avoid full financial responsibility for the losses. However, there are actions the enterprise can take to possibly reduce their toll fraud losses. Palchick recommends that enterprises follow the four steps below if their telephone system is hacked and they receive a huge bill from their service provider.

  1. Gather as much information/evidence as possible to understand exactly what happened.
  2. Determine if cramming has occurred. Cramming occurs when the enterprise is subscribed to services it did not order. If the enterprise can prove that cramming occurred, they may have a strong argument that there are not liable for the toll fraud losses.
  3. Prepare to negotiate for a settlement that is less than the full retail cost of the toll fraud loss.

    Many service providers will be satisfied if they can recover their wholesale costs related to the fraudulent traffic. Since there can be a large profit margin between international retail and wholesale rates, this could be a significant reduction in fraud loss for the enterprise.

    If no cramming occurred, it is probably not realistic or reasonable for an enterprise to expect its service provider to reduce the enterprises toll fraud liability below the wholesale cost of the fraudulent traffic.

  4. If the service provider does not agree to reduce the enterprise’s toll fraud liability to the service provider’s wholesale cost, then the enterprise should consider filing a formal complaint with the FCC against their service provider.

Winning a formal complaint against a service provider to avoid toll fraud losses will be a major challenge, but it may motivate the service provider to negotiate a reduced settlement. Filing a formal complaint with the FCC will require advice from an attorney who is familiar with FCC rules and decisions regarding telecom fraud.

The FCC has ruled on five formal complaints regarding telecom fraud and four were clearly in favor of the service provider. However, all these decisions occurred in 2001, or before, and the world has changed dramatically with the widespread adoption of VoIP technology.

A summary of the FCC rulings on telecom fraud complaints are summarized in the following table:

FCC ComplaintYearDescription
Chartways Technologies, Inc. v. AT&T Communications, 6 FCC Rcd 4241991Chartways experienced a large volume of unauthorized long distance calls to Pakistan utilizing its PBX system. The FCC ruling claimed Chartways was liable for the fraudulent charges, since they failed to provide evidence demonstrating AT&T’s negligence and did not take preventative fraud detection measures.
United Artists Payphone Corporation v. New Telephone Co, 8 FCC Rcd 55631993United Artists experienced unauthorized calls through their payphone business that was connected to a public network through lines bought from a provider. United Artists did not presubscribe their lines to a primary interexchange carrier and specified 1 + interexchange calls were only permitted to certain areas in New Jersey. The FCC ruled that United Artists was not liable for the fraudulent calls, since they took multiple steps to control potential fraud, monitor their lines and report suspected fraud occurrences. Further, United Artists was not responsible for the charges, as they were not AT&T’s customer.
Directel, Inc. v. American Telephone and Telegraph Co., 11 FCC Rcd 75541996Directel was a victim of fraudulent international calls through their Westerville and Cincinnati PBX systems. The FCC ruled that Directel was liable for the fraudulent charges, since they failed to produce affirmations that supported their claims and did not take any steps to control or restrict unauthorized access to their PBX systems.
Halperin v. MCI Telecommunications Corporation, 13 FCC Rcd 225681998Halprin sublet offices to a Nextwave, who subscribed to MCI for long distance calling. An administrative error unknown to Halprin resulted in MCI becoming the presubscribed carrier for the company. When Nextwave ended their agreement with MCI, Halprin's subscription was terminated, but their service remained intact. This resulted in “non-subscriber” rate charges for calls. The FCC ruled that MCI’s tariff was not explicit as necessary.
Gerri Murphy Realty, Inc. (GMRI) v. AT&T Corp., 16 FCC Rcd 191342001GMRI’s 800-number received a large volume of inbound calls from the New York area and a large volume of international calls to areas where suspected fraud has occurred previously. GMRI claimed that they complied with all of AT&T’s recommendations, however, the fraudulent calls continuously accumulated. AT&T, on the other hand, claimed that GMRI initially declined the blockage of specific area codes of concern. They also claimed that they took action without previous authorization, after multiple days of unapproved calls, to put an end to the toll fraud. GMRI refuted AT&T’s claim by stating the cease in toll fraud occurred only after AT&T recommended discontinuing the 800-number, with the exception of calls from Alaska and Guam.

Article contributor

Mark Palchick

Mark Palchick is Communications Technology and Media Partner at Womble Bond Dickinson (US) LLP. He has worked in the communications field since 1975. He is experienced in matters relating to international copyright, negotiations of program affiliation agreements, E-rate funding, pole attachment matters, interconnection agreements between carriers and other FCC regulatory matters.

More on TransNexus.com

February 15, 2023

Suggestions to curb access arbitrage

June 27, 2022

FCC proposes new rules to prevent access stimulation

June 6, 2022

Denial of service attack and ransom demand defeated

May 18, 2022

China cracks down on telecom fraud

December 6, 2021

Telecom fraud losses increasing, according to CFCA report

December 1, 2020

FCC Report and Order on one-ring scam calls

November 9, 2020

Domestic telecom toll fraud is still a problem

October 12, 2020

FCC changes rules for intercarrier compensation on toll free calls

January 23, 2020

TRACED Act calls for one-ring scam protection

November 19, 2019

Robocall and TDoS case studies

October 28, 2019

FCC denies stay request on their Access Arbitrage Order

October 28, 2019

Wangiri telecom fraud activity reported in Canada

September 26, 2019

FCC issues order to prevent access stimulation

July 16, 2019

ClearIP adds new call forwarding blacklist capabilities

July 10, 2019

July holiday week telecom fraud attack profiles

June 13, 2019

ClearIP enhancements for blacklisting of SPID and location

May 20, 2019

Anatomy of a telecom fraud attack

May 14, 2019

Study on rule changes to eliminate access arbitrage

May 8, 2019

FCC warns of Wangiri telecom fraud scams

March 8, 2019

SIP Analytics vs. CDR-based fraud management – a case study

October 22, 2018

FCC proposal to curb domestic telecom fraud

September 27, 2018

Lessons learned from call forwarding attacks