Blog

Protecting Your Business Against Toll Fraud

Written by Amy Humphreys | Nov 7, 2023 3:07:00 PM

Toll fraud, a looming risk in the world of communications, comes with a significant financial impact. Safeguarding your business against threats like toll fraud is critical. As these threats evolve, VoIP systems with robust security features and protocols can play a vital role in addressing these concerns.

 

Understanding Toll Fraud

Toll fraud is a risk that has gained increasing attention in recent years, affecting various communication methods. It involves unauthorized access to a company's communication system, leading to the illicit use of telecommunication services and substantial, unexpected charges. Toll fraud is a form of phone fraud where malicious actors exploit vulnerabilities in communication networks to make unauthorized calls at the expense of the targeted organization.

 

Domestic Toll Fraud

While toll fraud is a pervasive concern in business communications, domestic toll fraud, particularly involving specific area codes, has emerged as a pressing issue with substantial financial implications. The term "domestic toll fraud" refers to unauthorized calls made within the same country, but often targeting high-cost areas or specific regions known for premium-rate services. This type of toll fraud can significantly impact businesses, yet it often remains under the radar.

Domestic toll fraud occurs when malicious actors exploit vulnerabilities within a communication system to initiate calls, often to premium rate or high-cost numbers within the same country. They do this without the knowledge or consent of the organization that owns the communication infrastructure. These fraudulent calls can lead to unexpected and sometimes exorbitant charges billed to the business.

The financial impact of domestic toll fraud is a cause for serious concern. Unauthorized calls, especially when made in high volumes or to premium-rate numbers, can quickly accumulate significant charges. For businesses, this can lead to unexpected and sometimes crippling expenses. These charges are typically billed directly to the business, further exacerbating the financial burden. In some cases, companies have been left with phone bills running into the thousands or tens of thousands of dollars due to domestic toll fraud.

According to The Communication Fraud Control Association (CFCA), toll fraud accounted for $6.69 billion in losses in 2021.

Beyond the immediate financial implications, domestic toll fraud can also disrupt business operations. As the focus shifts to addressing the aftermath of a toll fraud incident, essential resources, time, and effort are diverted away from core business activities. This disruption can lead to productivity losses and impact customer service, harming the organization's overall operational efficiency.

International Toll Fraud

Toll fraud, also known as international revenue sharing fraud (IRSF), occurs when malicious individuals exploit your phone lines, equipment, or services to generate a large volume of fraudulent long-distance, international, or premium-rate calls, while your company bears the financial burden.

These toll fraudsters specifically target businesses with an international customer base. By gaining unauthorized access, they redirect calls to premium rate numbers in foreign countries, resulting in substantial charges that can have devastating consequences for your organization.

This type of toll fraud occurs when these individuals manage to infiltrate your phone system and make artificially generated, high-volume calls to premium international numbers. They exploit two-factor authentication (2FA) deployments to gain access to telecommunications networks.

Once these fraudsters gain entry, they make calls to expensive rate numbers and earn a share of the revenue generated from these calls. Typically, they sell this revenue through overseas calling cards or low-cost call tariffs. Unfortunately, many businesses only discover that they have fallen victim to toll fraud after the intrusion has taken place and they receive an unexpectedly hefty telephone bill.

 

Protecting Your Business From Toll Fraud

Toll fraud, a looming risk in the world of communications, can have significant financial and operational impacts on your business. While this form of toll fraud may not always be the most visible threat, its potential impact makes it crucial for organizations to implement proactive security measures. To protect your business against these threats, keep an eye out for these high-risk area codes and follow these best practices.

Here are the top area codes you should be cautious of if you don't know who's on the other line:

Domestic International
261: Cleveland, Ohio 268: Antigua and Barbuda
469: Dallas, Texas 284: British Virgin Islands
657: La Palma, California 473: Grenada, Carriacou, and Petite Martinique
332: New York City 649: Turks and Caicos Islands
347: New York City 767: Commonwealth of Dominica
646: New York City 809: British Virgin Islands
218: Northern Minnesota 829: Dominican Republic
712: Western Iowa 849: Dominican Republic
  876: Jamaica

 

The most effective strategy for preventing toll fraud is the introduction of Personal Identification Numbers (PINs) as part of your communication system's security framework. PINs serve as a protective barrier against unauthorized calls, helping organizations maintain control over their communication infrastructure. When introduced as a security measure, they can significantly reduce the risk of toll fraud and provide several key benefits:

  • Access control: PINs require users to authenticate themselves before making specific types of calls. By implementing this access control, you can prevent unauthorized individuals from initiating high-cost or premium-rate calls.
  • Customization: PINs can be tailored to meet the specific needs of your organization. You have the flexibility to establish criteria for their use, such as which numbers they can dial and under what circumstances.
  • Security layers: PINs add an additional layer of security to your communication system. This multi-tiered approach makes it more challenging for toll fraudsters to bypass security measures.
  • Monitoring and reporting: By tracking PIN usage, organizations can monitor call activity and detect any anomalies or suspicious pattern. This enables proactive measures to be taken in response to potentially fraudulent calls. 

 

Best practices to avoid toll fraud include:

  • Don't answer or return calls from numbers you don't recognize.
  • Before calling unfamiliar numbers, check to see if the area code is high-risk or international.
  • Periodically change and update PINs to enhance security. Frequent updates make it more difficult for fraudsters to guess or misuse PINs.
  • Continuously monitor call traffic, especially for signs of suspicious or unusual patterns. Any deviations from the norm should be investigated promptly.
  • Keep comprehensive records of PIN usage and the associated call activity. These records can be invaluable in the event of an incident or when implementing improvements to your security framework.
  • Minimize the risk of toll fraud by limiting international calling to major destinations and disabling countries that don't utilize 2FA. By focusing on major locales, where toll fraud is more likely to occur due to high calling rates, you can effectively reduce your exposure to fraudulent activity.
  • Always be cautious, even if a number appears authentic.

In addition to these precautions, VoIP systems with robust security features and protocols can play a vital role in addressing domestic toll fraud concerns.

 

Protect Your Business with Simplicity VoIP

Simplicity offers a range of innovative security solutions tailored to meet the unique needs of businesses. Our commitment to delivering high-quality communication services extends to ensuring the security and integrity of your business.

  1. Advanced call authentication and encryption: Simplicity VoIP employs cutting-edge encryption protocols to secure voice and data transmissions. This ensures that all communication, including calls and messages, remains confidential and protected from eavesdropping. Features like SSO and MFA work to ensure user authentication and information security.

  2. Network security measures: Our platform is housed in two Class 5 and in one Class 4 data center. Our data center environment includes robust firewalls to allow relevant traffic in/out, as well as SIEM software for intrusion detection and system monitoring. These safeguards work together to detect and mitigate potential threats in real-time, minimizing the risk of unauthorized access.

  3. STIR/SHAKEN Authentication: Simplicity VoIP's solutions are equipped with advanced   tools like STIR/SHAKEN that continuously constantly working in the background of calls to validate the calling party to reduce fraudulent robocalls and illegal telecommunications activity. This proactive approach allows us to identify potential toll fraud attempts swiftly and take immediate action to block suspicious activities.

In a world where security threats continue evolving, Simplicity VoIP will be your trusted partner in safeguarding your communication infrastructure. Our commitment to staying at the forefront of communication security ensures that your business can focus on growth and productivity, confident that your communication systems are protected against the ever-present threat of toll fraud and other security risks.