First, we enlightened you with awareness by defining what VoIP fraud is. Then, we frightened you with six common ways to suffer a VoIP attack. And most recently, we hoped to make you proactive by sharing 10 ways to prevent VoIP fraud attacks. Lastly, in our series of fraud awareness, we aim to help keep your costs down, by giving you the top eight ways to reduce VoIP fraud damages.
1. DON’T ALLOW ALL ROUTES TO ALL USERS -- Limit high price/fraud areas (e.g. International) to customers that actually need that service. Not all of your customers are going to need International termination. If your customer is looking for a US-48 Domestic termination rate deck, do not give them one with US-Extended coverage or even worse International dialing plans. Only if they request these destination should they receive them.
2. BLOCK PREMIUM-RATE NUMBERS (1-900) – Do not offer certain high cost/fraud toll destinations. Blocking premium rate numbers is easy and essential. You have to save your customer from themselves. Only if they ask, should they get these numbers.
3. DON’T ROUTE NUMBERS WITHOUT A DEFINED RATE -- Block any calls from which you don’t have a cost from your vendor. Block all routes that don’t have defined rates. Sounds obvious, right? Many providers don’t do this until they’ve received their underlying carrier (ULC) invoice.
4. LIMIT THE NUMBER OF SIMULTANEOUS CALLS -- Find out how many calls a customer would ever realistically make at one time and set a maximum number of channels or concurrent calls your system can handle. A good way to decide how many channels you need is to monitor your average channel usage over a month or two and limit your equipment to that average. This will prevent call flooding in the event that the customer is compromised.
5. DROP CALLS AFTER A CERTAIN PERIOD OF TIME -- Set up a maximum call time limit. This goes hand in hand with limiting the number of channels. This will prevent fraudulent calls from lasting multiple hours and will help mitigate your exposure in these events. Limiting the duration of calls can also reduce the severity of attacks. Terminating fraudulent calls after four hours is much better than terminating these calls after days.
7. CONSIDER GEO-IP RESTRICTIONS FOR CUSTOMERS -- If you don’t sell service in China, it would be a good idea to block all IPs from that country to minimize possible fraud sources. Simply put, block known fraudulent countries from sending or receiving traffic.
8. BUILD AN ALERT SYSTEM FOR UNUSUAL PATTERNS -- Build a system that monitors your traffic and notifies you if traffic patterns seem abnormal. The sooner the breach is detected the sooner that breach can be closed and the less dollars you will lose. Having automated reports or more advanced unusual traffic pattern detection is always a good addition.
There you have it, folks. By now, you should be well-versed on the subject of VoIP fraud! We plan to switch gears for our next series of posts, focusing on number porting, so stay tuned for those!