One of the biggest topics floating around in the VoIP industry today is the overwhelming number of VoIP fraud cases. These are instances that happen domestically and internationally and are detrimental to the organizations involved.
Fraud can happen a few different ways; by hacking into a switch, through administrative interfaces and direct shell accesses, through business transactions, and even through your own customers. Once you understand the root of these issues, you can assess your current security measures to track down any weak areas within your organization. While some of these areas require a higher level of attention and expertise, there a few standard best practice solutions you can follow that are quick, but efficient.
Let’s first discuss what steps you can take to protect your account from hackers and fraud. At VoIP Innovations we’ve outlined certain tips that may seem elementary, but are actually the initial steps that can start protecting your organization right away. Most, if not all providers and resellers have some form of a BackOffice program where users can monitor and manage their accounts. The VoIP Innovations Industry Leading BackOffice is also designed to do just that and it is part of our mission to inform every customer about the importance of maintaining a secure account.
The first step you can take in securing your account is to remove old employee logins. This is especially important for those companies who may have a high turnover rate for employees or move them around often. The next step is to change your password on a routine basis. If you are always updating your passwords then there are less chances that the password will get into the wrong hands. This next tip is one that might seem less obvious but it still makes a different. Keep your contacts up-to-date. When we have updated contacts associated with an account, it is easier for us to reach you if we see a problem or you need to contact us about questions with your account. Along with these standard recommendations, we also offer our customers a CPNI (Customer Proprietary Network Information) code that is generally used when a customer can’t access their account.
Now that we’ve tackled the basics of protecting your company against hackers and fraud, let’s focus more how hackers can get into your systems and what you can do to avoid it. As mentioned before, hackers will attack your switch and your administrative interfaces and direct shell accesses. Hackers are not the only thing you need to worry about though, because your business transactions and your customers are open to fraud as well.
Problem: When a hacker figures out the username and password of a user/extension on your switch.
What you can do:
- Use a randomly generated password. It becomes much harder for a hacker to simply guess the password if it is randomly generated.
- Use an IP based authentication. Just like with the randomly generated password, it’s very hard for hackers to guess the IP address.
- Review Registration Logs. If you see suspicious activity, you can block the IP address until you figure out what is causing it.
Problem: When you have a weak administrative interface and shell access.
What you can do:
- Block any and all outside traffic. To do this, you can use either an interface binding or firewall/ACL. If you need to access the interface from home or the road, consider setting up a VPN (Virtual Private Network) or block everything and only allow specific IP addresses that you use frequently.
- Have a secure username and password. Include uppercase, lowercase, numbers and symbols in a memorable order because you’ll need to use it frequently.
Problem: Customers will sign up for a service and then abuse their privileges by filing chargebacks or never paying.
What you can do:
- Consider offering prepaid services.
- Run credit checks on customers who ask for terms.
- Check the VoIP Fraud List for customers who have any outstanding debt.
Problem: Customers aren’t taking the proper steps in protecting their own accounts.
What you can do:
- KNOW WHAT’S NORMAL.
- Restrict international calls. If your customers calls one side of the world, they don’t need routes to the other side.
- Monitor traffic at all times. Develop a system that will send notifications or alert the proper people when there are irregularities. You can even just create a simple list that compiles the number of minutes your customers used in a day.
What we have offered here is a way for resellers and customers alike to protect themselves against hackers and fraud and these tips can serve as a checklist when reevaluating your security strategy. The key to maintaining a secure system is to get familiar with what’s normal for you and constantly monitoring everything.
Another piece of advice we have for you is to make sure that only people who need access should have access to secured accounts. This is a vital piece of information because if passwords get into the wrong hands you could have a serious situation. The last helpful hint we can offer you, is to not forget about hackers over the weekend. It’s well known that hackers usually strike during the weekends and the fraudulent activity isn’t noticed until sometime on Monday, when it’s usually too late. It’s extremely important that you protect yourself and your business from hackers and fraud. If you don’t take all the necessary precautions, you could be hit with astronomical fees and headaches that could have all been avoided.
by: Natalie Decario, Communications Specialist at VoIP Innovations, https://www.voipinnovations.com/ – an Inc. 5000 company that specializes in providing the largest DID and termination VoIP footprints in North America. Their network includes over 500,000 DIDs in stock in over 8,500 rate centers in the US and Canada. Recently, VoIP Innovations expanded their footprint to include DIDs in over 60 countries and now offers A-Z termination.