By: Mark Waterman, System Designer
Are you getting charged for expensive long distance calls but you’re not sure where they are coming from? Where is the security breach? If you can’t answer these questions, then you may be experiencing Toll Fraud.
There are two major areas of concern:
Unauthorized Access- And/or use of your telecommunications equipment from both, internal or external sources, is often referred to as Toll Fraud. Simply, toll fraud happens by means of hacking into the system or utilizing an internal extension, calls can be directed off-net, while racking up long distance charges, which your company is responsible for.
Unexpected Toll Charges- This happens when users have access to certain numbers that will result in charges much higher than your normal local and long distance rates.
Although there is no way of protecting your phone system 100% from incurring unexpected toll charges, there are known steps that can be taken to minimize your exposure. Check your system with these recommended Best Practices regarding system security:
Toll Fraud Prevention Recommendations
- Secure access to your system, physically as well as electronically.
- One of the biggest concerns is having access to programming of the system. The system should be in a locked and environmentally conditioned room.
- If your system resides on your network, the system should be protected by appropriate firewalls and adhere to network security best practice policies.
- Review administered logins & password settings.
- Minimum of seven characters long with combination of alpha and numeric characters.
- Review of Class of Restrictions (COS) settings.
- Limit the ability of the users to transfer or forward calls off-net.
- Review Trunk to Trunk Transfer settings.
- Limit the ability of users to transfer a connected call off-net using another trunk for an outside number.
Unexpected Toll Charges
- Review of Class of Service (COR) settings.
- Block the ability to dial “0” to eliminate calls to outside operator for transfer to unauthorized numbers.
- Restrict users from dialing information numbers such as 411, 1-XXX-555-1212, XXX-555-1212, 555-1212.
- Limit, if not totally disallow, calls to international numbers beginning with 011 or 012.
- Preclude numbers that are now part of the North American Dial Plan (1-XXX-XXX-XXXX), that are numbers to many Caribbean Islands and foreign countries. These calls are billed at international rates much higher than the expected Local or Long distance charges. This list is too large to post here, free copies are available upon request: fill out the contact us page on our website for more info.
- Review Facility Restriction Levels (FRL).
- Utilize the Facility Restriction Level to assign users different levels of access to outgoing call types. The FRL ranges from 0 to 7, with 1 having the least amount of permissions and 7 the most amount of permissions.
- Review Remote Access Settings
- It is recommended to disable Direct Trunk Access Dialing to avoid users from by passing the ARS (Automatic Route Selection) table, which would override the restricted numbers.
Help to ensure your system is safe by investigating these items on your own. However, don’t be afraid to bring in the pros, your system’s security is one of our primary concerns.