Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




876 posts

Ultimate Geek

Lifetime subscriber

# 21150 17-Apr-2008 10:12
Send private message


I read that Testra custommers in Aussie have been hit by phone scams and big bills.

Can the VFX system be subject to scam systems?

What protection exists?

Can a user be protected from scamming bills?

Can a user set a cap with VFX to prevent a phone bill run-away?

Cheers





Gordy


Create new topic


876 posts

Ultimate Geek

Lifetime subscriber

  # 124318 17-Apr-2008 10:42
Send private message

Read Telstra...




Gordy


BDFL - Memuneh
64657 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

# 124320 17-Apr-2008 10:47
Send private message

What kind of scams? the VFX service uses certified hardware, locked to their MAC addresses and other configuration settings. Pretty hard for the usual scammer who problably wants a fast buck on stolen calls - it would be a lot more effort than the return I guess.




 
 
 
 




876 posts

Ultimate Geek

Lifetime subscriber

  # 124350 17-Apr-2008 11:43
Send private message


Hacking into phone systems... and it is to do with cards.

Probably news media inflation...

Link to NZ Herald item:

http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10504614





Gordy


205 posts

Master Geek

Trusted
WorldxChange

  # 124358 17-Apr-2008 12:00
Send private message

Security of a customers PABX is solely up to the customer, short of applying toll bars on a customers account there is not much we can do.  We do however set a credit limit on your account at which point if the total bill amount is over this limit your number will be blocked on our system.. if you which to set this limit to a level that you are comfortable with you should be able to ring through to our helpdesk/customer service to have this set for you.

Sorry I should also point out in here.. VFX is locked down for these reasons exactly.. we control the configuration and the auth details to avoid things like this from happening, if you have VFX on your Asterisk box however it is up to you to ensure that it is protected.

Hope this helps.

Cheers

Josh




9 posts

Wannabe Geek


  # 124403 17-Apr-2008 15:21
Send private message

I spent several years consulting on voice security in the UK for the likes of the Ministry of Defence, UN, local government, law enforcement agencies and private companies.  Although my consultancy covered all aspects of voice security such as call encryption, evesdropping and war-dialling a large section of my work was around discovering, quantifying and preventing toll fraud.  This is exactly the type of scam that has been publicised in this mornings Herald.

In short the fraud is usally achieved by dialling into a pabx that is local to you and then dialling out to an international destination from the PBX.  You pay for a local call and the PBX owner pays for the second leg international call.  The facility to do this is usually called DISA (direct inward subscriber access) and used to be very popular when international calls were still considered expensive.  The legitimate use for such a facility would usually be something like 'company A does alot of business with company B in the UK.  Executives at company A need to call Compnay B a great deal in the middle of the night.  Rather than incur large toll bills on the executives home number we will use DISA.

DISA is not so popular these days as companies freely give mobile phones to their users, plus international calls have come down enormously in the last 10 years.  If DISA is required (as it can be used for other purposes) then as with all these things it needs to be configured correctly.

1. Authentication through CLI
2. password authentication should lock users out after 3 attempts
3. the lock out should reset after X minutes
4. if 3 more failed attempts are made then the lock out time should double i.e. 2 x X
5. regular daily reporting needs to be performed on that DISA number to monitor for fraud
6. thresholds should be applied to the facility so that 1,000's of calls/dollars cannot be racked up in a single night
7. staff such as operators need to educated about transferring external callers to external numbers.

Telstra and WxC are correct when they say it is the customers responsibility to ensure that their PABX is configured correctly against toll fraud.  HOWEVER, I personally believe that all telcos have the responsability to monitor circuit usage and when obvious fraud is occurring the ability to shut that circuit down.  BT resisted this for years, but once one of their competitors offered the service then everyone started to.


Incidentally, the largest fraud I ever discovered was over £1,000,000  that the customer knew nothing about as they didn't report on / check their bills. And that was a police force !!!!


cheers

db


6358 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 124465 17-Apr-2008 18:40
Send private message

Just like having a www/email/ftp server open to the world, keeping a close eye on your logs will keep you out of trouble.


3267 posts

Uber Geek

Trusted

  # 124488 17-Apr-2008 19:12
Send private message

...except that with a "simple" phone line you do not expect customers to know about even the simplest of security measures.  On credit cards they will monitor your purchases and either contact you or block unusual purchases.  I'm sure WxC has thought of this and many other things, but locking down the device and MAC address is probably the most effective/economical way of doing it.




You can never have enough Volvos!


 
 
 
 




876 posts

Ultimate Geek

Lifetime subscriber

  # 124535 17-Apr-2008 21:10
Send private message


It is good to have the experience of DribblingBadger explain the fraud mechanics.

It is reasuring to know that ordinary users of WxC have no real worries with the security measures that are in place.

Cheers

Gordy






Gordy


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36


2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17


Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46


Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51


Facebook Portal to land in New Zealand
Posted 19-Sep-2019 18:35



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.