Here are the top eight ways to reduce VoIP fraud damages:
1. DON’T ALLOW ALL ROUTES TO ALL USERS — Limit high price/fraud areas (e.g. International) to customers that actually need that service. Not all of your customers are going to need International termination. If your customer is looking for a US-48 Domestic termination rate deck, do not give them one with US-Extended coverage or even worse International dialing plans. Only if they request these destination should they receive them.
2. BLOCK PREMIUM-RATE NUMBERS (1-900) – Do not offer certain high cost/fraud toll destinations. Blocking premium rate numbers is easy and essential. You have to save your customer from themselves. Only if they ask, should they get these numbers.
3. DON’T ROUTE NUMBERS WITHOUT A DEFINED RATE — Block any calls from which you don’t have a cost from your vendor. Block all routes that don’t have defined rates. Sounds obvious, right? Many providers don’t do this until they’ve received their underlying carrier (ULC) invoice.
4. LIMIT THE NUMBER OF SIMULTANEOUS CALLS — Find out how many calls a customer would ever realistically make at one time and set a maximum number of channels or concurrent calls your system can handle. A good way to decide how many channels you need is to monitor your average channel usage over a month or two and limit your equipment to that average. This will prevent call flooding in the event that the customer is compromised.
5. DROP CALLS AFTER A CERTAIN PERIOD OF TIME — Set up a maximum call time limit. This goes hand in hand with limiting the number of channels. This will prevent fraudulent calls from lasting multiple hours and will help mitigate your exposure in these events. Limiting the duration of calls can also reduce the severity of attacks. Terminating fraudulent calls after four hours is much better than terminating these calls after days.
6. PREFER PREPAID FOR POSTPAID USE QUOTAS — Always set up prepaid billing or postpaid with quotas that will allow you to terminate service in the event of a break in. This will stop your customer from running up a large “tab”. Allowing unproven customers to post pay may simply be asking for trouble. Once those minutes are used you can never get them back, so getting paid for them upfront is the only way to go. The only exception is for customers with whom you have a solid relationship.
7. CONSIDER GEO-IP RESTRICTIONS FOR CUSTOMERS — If you don’t sell service in China, it would be a good idea to block all IPs from that country to minimize possible fraud sources. Simply put, block known fraudulent countries from sending or receiving traffic.
8. BUILD AN ALERT SYSTEM FOR UNUSUAL PATTERNS — Build a system that monitors your traffic and notifies you if traffic patterns seem abnormal. The sooner the breach is detected the sooner that breach can be closed and the less dollars you will lose. Having automated reports or more advanced unusual traffic pattern detection is always a good addition.