Avoid fraud with proactive protection

Posted on May 21, 2013 by

Recently, a friend emailed me this article about a real estate agent, who typically spends $300/month on her phones, that had been sent over $600,000 in bills from AT&T due to fraudulent activity on her account. Ouch. Apparently, interweb pirates forced their way into her telephone system and used it to route 2,000 calls to a couple of unusual destinations over her AT&T service. The majority of the 6ooK was
racked up in less than 24hours.

Most of us would read the news story and put our faith behind AT&T to take pity on the poor, innocent small business owner. The email seemed like one of those “Be afraid, be very afraid!” fear mongering urban legend forwards I get from my Great Aunt Lucy after bingo night with the Gossip Sisters. But the danger is, in fact, as real as Aunt Lu’s gambling habit.

AT&T isn’t hearing the old, “the pirates stole my credentials” excuse. And neither is Johnny Law. Legal precedent is full of examples of the courts ruling against the fraud victim in terms of who’s responsible.

The threat isn’t going away anytime soon. Survey results released by the Communications Fraud Control Association (CFCA) in 2011 listed “Compromised PBX/Voicemail Systems” as the industry’s number one fraud loss category, with an annual thrashing of $4.96billion. What’s more, the study ranked the United States as one of the top five fraud originating countries in the world.

The friend asked if it was something that would have been avoided had the customer been using Flowroute. (I’m prone to advising a switch when my friends complain about their telephone service.) As a new(ish) guy around here, my immediate answer was, “maybe.” Then, “sort of.” Then I went to check with Mo, Director of Operations, to make sure I was right.

Here’s what I learned.

Flowroute was actually born out of a telecommunications security company started by our founders in 2006. Fraud protection is a cornerstone of our platform design. The proprietary algorithm that safeguards our customers’ accounts was designed and built by CTO, Jordan Levy himself.

We know the web pirates’ ways. We’ve seen their maps. So our defenses are strategically set to sink any attempts to sail off with our clients’ credit.

There is no way any provider can secure your network. Keeping your credentials and account access secure is your job. But what we can do is help protect your account against attack even if fraudsters get inside.

Most users don’t consider the access to the global telephone network their service provider provides to be vulnerable to identity theft, because they don’t consider it to be an extension of credit. But it is. You have an agreement with your provider to pay them back on a monthly basis for the services they lend or buy on your behalf every time you make a call. When your line dials in, they don’t ask for the password. It’s easier for them to assume your network access is secure and route the calls in a timely manner, just like their advertising promised they would.

Prepaid accounts (the only option for Flowroute customers) protect you from the horrors of unlimited network access in the hands of telefraud enthusiasts. When your credit runs out, your account shuts down, and your bill does not run away to the moon (and back).

OK, so just don’t put $600,000 credit on your account and you’re good. But what about the credit you do put on your account? The answer comes in a shopping trip.

Over the weekend, I went shopping with my wife. She’s pregnant. We used our VISA card at a maternity store for the first time ever. 30 minutes later, my card required a call to Visa to process my next purchase because unusual purchase activity had prompted the system to put a hold on my account.

It was annoying, but I was grateful to know the protection is there. And it reminded me of what Mo had said about how we built our platform to actively monitor call behaviors on customer accounts. The Flowroute system is aware of your typical per minute usage and will shut down and cut off suspicious activity the minute suspicions are raised. Which, if it was actually you drastically changing your calling habits, would be frustrating, but if not, it’s a warm fuzzy security blanket.

That takes care of runaway credit thievery. But fraudsters are sophisticated, and attack with force. Thousands of calls at once. The few seconds it takes our system to declaw their attack could still cost you a chunk of credit.

Account level controls allow you to build up your defenses by creating strict whitelists for destinations you know you will be calling, setting an outbound rate maximum, and even disabling your SIP credentials for outbound calls. We provide these tools because, well, we hope you have our back too.

Earlier, I referred to the victimized realtor as innocent. But she did do something wrong. She trusted her phone service to a provider that wasn’t interested in working as a team against fraud threat. The fact is, she’s not alone. Just about every business is exposing themselves by doing business with a telephone service provider that doesn’t shield them from fraud. It’s the $600,000 time bomb ticking away right under your bottom line.

Businesses need to take responsibility for their service. And part of that means protecting customers. Like VISA, and other forward thinking organizations, we’ve found success in taking a proactive approach to fraud prevention. Because we believe your account is yours. And so is your credit.

Now you know how falling victim to telephone fraud is like getting pregnant, you’re responsible for the consequences, and it’s preventable.