Telephone industry analysts estimate that telephone fraud in the United States costs businesses and residences as much as $4 billion per year. Whether you're installing a new phone system or just want to take full advantage of your present system, you should protect your agency from costly phone fraud.
While computer hackers may break into telephone systems for thrills, other criminals make a living at it. These lawbreakers often sell their services to 'retailers' who offer stolen phone-access numbers to drug traffickers or illegal immigrants. This underground service can translate into expensive calls to far-off destinations in a brief time. The major long-distance carriers all offer protection packages that vary in cost. These carriers provide users with 24-hour toll fraud monitoring, training, and liability limits.
Experts recommend these basic proactive measures to protect your agency against phone fraud:
1. Adopt a prevention program. Use the security measures that your system provides. Change passwords and/or access codes frequently.
2. Most thieves are interested in making international calls, so block calls to countries where your organization isn't involved. That means no one- from the president on down to the cleaning crew-can make the calls. With this option, hackers might call in, but they won't receive authorization to call Peru, for instance.
3. Eliminate the use of direct inward system access (DISA) or remote access, which enables outside producers to access an outbound line with an 800 number. Issue phone credit cards instead.
4. Review call-accounting reports to identify fraudulent usage. Check for repeated failed password attempts. Look for long calls, calls after certain hours, and other patterns.
5. Secure your voice mailbox and auto-answer attendant system to prevent an inbound caller from getting an outside line via these automated devices. Every month or so, change passwords to access mailboxes.
6. Discuss security measures with your long-distance phone company for ways to decrease your vulnerability. The phone company may have informational materials for your staff.
7. Educate your employees, starting with your switchboard operator. He or she shouldn't transfer incoming calls to an outside operator. Outside producers should make sure no one is listening or watching when they read or key in their calling-card number. Phone companies say they will never call a customer for verification of a personal identification number (PIN), so employees shouldn't give it out to any caller.
8. Consider insurance. Yes, even insurance agencies may need coverage for toll fraud.
If you have a PBX system:
9. Conduct a monthly security audit on your PBX system. Check authorization codes.
10. Consider buying a PBX protection package. It can help you monitor potentially fraudulent activity, such as repeated searches for a dial tone, and can limit your liability for unauthorized calls. You may be eligible for a discount on toll-fraud insurance if you have a PBX security package.