Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



97 posts

Master Geek


Topic # 57078 2-Feb-2010 16:40 Send private message

Hi All,

Can anyone tell me what the Telco's responsibility is with regard to Fraud Calls made by hacking a PBX (e.g. using voicemail to redirect local DDI number calls to an external international number)? I realise that the PBX itself is the owner's responsibility but is there a responsibility on the Telco to advise a customer should Fraud-like activity be occurring on their account (e.g. repeated calling to the same numbers in somewhere like Somalia or Nigeria that the customer never calls, calls occurring every 2-5 minutes 24-hours a day with multiple calls simultaneously, and over a period of several weeks blowing out the value of charging of the customers account by 1000% in one month - e.g. from $10k to $120k - so in a single week there is 3 times the normal charges).

I understand that Telecom actively monitor for this and advise a customer within a few days of it starting (i.e. unusual activity or excessive extraordinary charges being incurred); and that in many cases Telecom actually waive the costs to the customer... (much the same as how Credit Card Companies operate with Credit Card Fraud).

But apparently other Telco's do not - Does a customer (especially a Small/Medium Business) have recourse to the Telco over this (and do Telecom always do as described above) - As the customer has no way to monitor their activity until they get the bill at the end of the month they are totally reliant on the Telco's vigilance and pro-activeness to protect them?

Also is there a specific authority to talk to about this type of fraud (other than reporting to the police) - I'm investigating with a couple of consumer rights organisations but when it's a company that is the victim what are it's rights?

Many TIA for any further enlightenment/guidance/thoughts on this issue...

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6
16532 posts

Uber Geek
+1 received by user: 1417

Trusted
Vodafone NZ

  Reply # 295453 2-Feb-2010 16:45 Send private message

Its not a telco issue any warning is good will





3558 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

  Reply # 295456 2-Feb-2010 16:53 Send private message

Just what I was going to say John :), you do understand that the carriers have to pay for the calls ?, is it their responsibility for a poorly secured/configured PABX,

I feel for a customer that this happens to but also know that there is a cost and sometime large costs for the Telco to wear and it always appears as though the customer always wants the Telco to wear these costs, straight away by the look of this they are looking for something to get out of it and looking to punish the Telco.

Some Telco's will have monitoring on some commercial accounts ,some will have credit limits so as to limit any libility from this type of thing happening, best idea is to try and work with the Telco to reduce the bill maybe ask them to look at cost only , but by the looks of this they are just wanting an out




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



97 posts

Master Geek


  Reply # 295458 2-Feb-2010 16:55 Send private message

I would expect any unusual activity on a phone account to be raised by a Telco with it's customer - exactly as a Credit Card Company does - the principle is identical and there is a responsibility on the Telco to act in the best interests of, and on behalf of, their customer... If a customer has no way to see activity on their account until a week or more after a billing period has ended it is unreasonable for the Telco to not take responsibility for notifying the customer of unusual activity... We are not talking about 1-2 fraudulent calls here - we are talking about ongoing extreme and unusual activity 24 hours a day for many weeks incurring 12 months worth of typical charging in just a month...

What you are saying is tantamount to Toyota USA saying 'tough luck about the accelerators, not our problem, you bought the car'... (i.e. we'll take your money but won't take any responsibility). In the example I give the fact the calls originated from PBX fraud is irrelevant, as to some extent is who pays afterwards, its awareness of the unusual and excessive activity on the account that I am raising the spectre of responsibility over...

627 posts

Ultimate Geek

Trusted

  Reply # 295459 2-Feb-2010 17:05 Send private message

1. It is absolutely the customer's problem[1] if their PBX is compromised and used to make calls.  They have an agreement with the telco to pay for calls originating from their trunks.  This is similar when someone's PC is used as a spam origination point due to a trojan -- the ISP is within their contractual rights (usually) to disconnect the customer even if they themselves were not actively spamming.  Same if a trojan puts you over your data cap...
2. Customers can view their call stats, either from the PBX itself or from online billing information from many telcos, before the monthly bill comes.
3. The telcos should be monitoring for this sort of problem, but only from a credit control perspective: if the bill jumps from $10K to $120K suddenly, there is a very good chance they're not going to recover that $120K... That said many telcos in my experience will work with the affected customer to reduce/waive the charges, although as pointed out they too have incurred costs in carrying those calls.

[1] If the PBX is maintained by a service company or under a support contract, it would be reasonable for the customer to place the blame on them.

291 posts

Ultimate Geek

Trusted
Subscriber

  Reply # 295464 2-Feb-2010 17:17 Send private message

I have had a very similar thing happen to me.
It was a painful experience to go through, and I can empathise with you on that front.


But, it is absolutely not the Telco's responsibility.


This problem really only arises (or more specifically, can be exploited) when a PBX is not configured properly. I.e it has an insecure dial plan.


On many PBXs these days, especially IP ones, you can monitor call records yourself. So, if you really wanted to, you could fairly easily configure alerts for untoward calling volumes/patterns, on say an hourly or daily basis. Not the job of the Telco to do this though.















kind regards Andrew TD

3558 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

  Reply # 295475 2-Feb-2010 17:35 Send private message


What you are saying is tantamount to Toyota USA saying 'tough luck about the accelerators, not our problem, you bought the car'... (i.e. we'll take your money but won't take any responsibility).


Not the point I was trying to make at all, The PABX was misconfigured to allow fraudulent use, it would be like in your example the Toyota being brought new and modded by someone and then blowing up, it waouldn't be Toyota's fault was it... a rough example but the gist is the PABX has been badly configured by the customers PABX represntative.   




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

5465 posts

Uber Geek
+1 received by user: 227

Subscriber

  Reply # 295501 2-Feb-2010 19:00 Send private message

One of the easiest way to prevent toll fraud via voicemail is to make all the voicemail ports Intl barred as a minimum ..




Regards,

Old3eyes

2584 posts

Uber Geek
+1 received by user: 356

Trusted
Microsoft NZ

  Reply # 295506 2-Feb-2010 19:29 Send private message

how to the hackers make money from this?

do they get kick backs from the telco's in the overseas locations the PABX is calling?

3558 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

  Reply # 295511 2-Feb-2010 19:41 Send private message

Common trick or tricks,

Generally seen by dodgy offshore number ranges & operators, they terminate to a number which holds up the call for a period of time the carrier gets the terminating revenue, they will employ people to actively look all round the world for Mail systems to do what has probably been done here, comprise a vmail system with poor or no password access and allows call forwarding. Seen a lot from third world / developing countries.

Or a dodgy provider that sells really cheap minutes low quality calls to people , business, carriers and uses the same technique.




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

16532 posts

Uber Geek
+1 received by user: 1417

Trusted
Vodafone NZ

  Reply # 295514 2-Feb-2010 19:48 Send private message

If someone stole the petrol out of your car one night would you expect the gas station down the road to give you a tank of free gas?




3bit.com
5889 posts

Uber Geek
+1 received by user: 195

Moderator
Trusted
Subscriber

  Reply # 295602 3-Feb-2010 00:55 Send private message

Mycenius: As the customer has no way to monitor their activity until they get the bill at the end of the month they are totally reliant on the Telco's vigilance and pro-activeness to protect them?


You should never rely on the telco to alert you for unusual use.  All VoIP PBXs I've seen have some form of logging all inbound/outbound calls.

If a telco does credit you back any fradulent calls, I would count my lucky stars, then fire the staff member or company who didn't properly secure your phone system, and get someone onto it who knows what they are doing asap.





1459 posts

Uber Geek
+1 received by user: 82


  Reply # 295612 3-Feb-2010 06:40

johnr: If someone stole the petrol out of your car one night would you expect the gas station down the road to give you a tank of free gas?


This looks like you're labouring the point a bit. A more appropriate analogy would be would fuel card usage, you should monitor individual use but the card company can assist with some antifraud options.

601 posts

Ultimate Geek
+1 received by user: 5

Trusted

  Reply # 295659 3-Feb-2010 11:19 Send private message

While it isn't the Telco's fault, I think they should all track usage and look for fraud.  At the end of the day, huge fraud bills are difficult to collect.  Either the person has insurance and you have to wait for the insurance investigation, or they don't and they go bankrupt to avoid it.


Either way, it's expensive to resolve the bill.  Better to detect the problem early, and avoid it.  The customer is happy (whew, dodged a bullet, thanks Mr Telco), and the accounts receivable team is happy (whew, dodged a bullet, thanks Mr Network Monitoring!).


Fraud happens all the time - even to Telcos.


Frauds also have a really, really bad habit of going viral in a hurry, and when it does, then the network monitoring team notices because their traffic goes through the roof.


For a PBX, they probably set it up as a second dial trunk. The PBX forwards to a number which provides another dial tone for the final call leg.  The thieves then route their calling card service to it....



Someone figures out how to make a free call, they set up shop by a payphone (or a shopping mall now), and offer cheap calls for to Y country.  Say, $1, talk as long as you like.


There was a payphone fraud in Ontario in the 90's that was found, went viral and shut down inside of 24 hours - however, they lost an insane amount of money connecting calls to India, Nepal, Singapore, etc.






97 posts

Master Geek


  Reply # 295672 3-Feb-2010 11:58 Send private message

maverick: 

Not the point I was trying to make at all, The PABX was misconfigured to allow fraudulent use, it would be like in your example the Toyota being brought new and modded by someone and then blowing up, it waouldn't be Toyota's fault was it... a rough example but the gist is the PABX has been badly configured by the customers PABX represntative.   

 
In the case I am referencing this is not the case - the PBX was configured as securely as possible for the model/type of PBX. There is a common misconception that all PBXs & VM systems can be configured to prevent this which isn't the case...

My philosophising is not about the actual payment of the costs (as Telco's do have costs they can't write off and such and I do not expect them to bear the costs) - it is more about the responsibility of the Telco to advise/help the customer when such activity has been ongoing for a prolonged period... The difference between a customer having to deal with a week versus say 4 weeks of such fraudulent activity...

Many of the responses here are the 'we'll take your money but not any responsibility' type of response... The fact is I know Telecom do do this for their customers (well at least some of them), and my question remains should not all Telco's, and should not they have some responsibility to alert a customer if their is unusual activity on their account? E.g. PBX gets hacked, has a month's worth of charges run up as international calls in 3 days and it continues - the customer has absolutely no way of knowing this is happening until they get their monthly account 5 weeks later, however if the Telco had advised after 1 week there was excessive and unusual activity the customer would only face a few days of fraudulent charges not 4 or 5 weeks or more?

Since not all PBXs and VMs can be secured safely in a way to guarantee this can't happen there is always the possibility of it happening (and contrary to what's been said here you'd be lucky if 25% of PBX systems are of newer types with the enhanced security & functions referenced)... Also contrary to some comments above not all PBX's & VM systems have adequate logging facility nor is it practical to access them nor reasonable to expect people to do so on a daily basis... As per Ol'3eyes comment blocking VM from International is a option, but only if the system has the functionality, and some/many don't (e.g. you can only block all outgoing calls from VM, or block all tolls, or in some cases can't block any at all).

JPollock your comments are on the track where I am coming from - If there was fraud on my Credit Card (or Farmers Card, or whatever) my Credit Card Company would advise me immediately and block the activity; if there was fraud on my Fuelcard for my car the Oil Company would do likewise; If my water usage at my home is considered unusually high the Council advise me (usually via letter to check for leaks) and if it's exceptionally high will come on site immediately to check; etc; etc...

Note: This is not about bagging the Telco's or anything - simply that I have been involved with such an incident recently and am simply rather gobsmacked to find that most Telco's (in NZ) appear to not have even the most rudimentary form of monitoring for unusual activity on their clients accounts... (regardless of how or where that activity occurs or originates).

BDFL
50002 posts

Uber Geek
+1 received by user: 4650

Administrator
Trusted
Geekzone
Subscriber

  Reply # 295673 3-Feb-2010 12:03 Send private message

I personally think this is a more serious topic than the mainstream media making noises because of bill shock for some people who roam around the world with their iPhones and don't realise they actually have to pay for it...




 1 | 2 | 3 | 4 | 5 | 6
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Got a good ol parking fine
Created by Lyderies, last reply by freitasm on 1-Nov-2014 23:06 (31 replies)
Pages... 2 3


Government Limos
Created by networkn, last reply by Bung on 31-Oct-2014 12:39 (94 replies)
Pages... 5 6 7


How good is your general Science Knowledge?
Created by Aredwood, last reply by Hobchild on 1-Nov-2014 23:24 (49 replies)
Pages... 2 3 4


Shutup and take my money (via NFC on my mobile phone)
Created by sxz, last reply by sonyxperiageek on 31-Oct-2014 22:34 (24 replies)
Pages... 2


OneDrive code giveaway - go!
Created by freitasm, last reply by PhantomNVD on 1-Nov-2014 10:31 (36 replies)
Pages... 2 3


Uber: a cheaper taxi ride?
Created by kingdragonfly, last reply by livisun on 31-Oct-2014 14:47 (34 replies)
Pages... 2 3


Sky will be 'upgrading software' of My Sky to connect to internet. What does that mean?
Created by Geektastic, last reply by TwoSeven on 1-Nov-2014 17:43 (30 replies)
Pages... 2


DDos Protection from ISP
Created by charsleysa, last reply by freitasm on 31-Oct-2014 12:11 (46 replies)
Pages... 2 3 4



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.