Firms must wise up to telco fraud

Comment: The Government's proposed legislation to increase the powers of ComReg to investigate overcharging by telecoms companies…

Comment: The Government's proposed legislation to increase the powers of ComReg to investigate overcharging by telecoms companies is to be applauded. Overcharging by both fixed and mobile operators is more prevalent than most people think and high-volume business users are especially vulnerable.

The draft Electronic Communications (Miscellaneous Provisions) Bill 2005 imposes penalties of up to €5,000 for fixed-line or mobile telcos that overcharge customers. For the first time, ComReg will be given the power to investigate cases of overcharging.

The public consultation period ended last week for the draft legislation, which proposes fines for other offences of up to € 4 million or 10 per cent of company turnover. But chief executives should be aware that potential overcharging by providers is not the only telecoms worry for Irish business. Fraud - whether at the hands of staff, or outside hackers - is costing Irish companies millions.

The Garda Bureau of Fraud Investigation estimates telecoms fraud has cost Irish business several million in recent years. Worldwide, it's a € 60 billion problem annually. In 2002, hackers gained access to the Department of Social Welfare phone system and racked up € 300,000 worth of calls in a single weekend.

READ MORE

In the most sophisticated cases, outsiders hook into a business's PBX phone system and then route overseas or premium-rate calls through the company. The person making the call pays nothing (or perhaps local rates). Often the first a company knows about it is when they receive their telephone bill at the end of the month - if they notice it at all.

We are all familiar with the numerous telephone companies selling cheap call cards for destinations such as Australia or India. While most of these companies are extremely reputable, some may not be. It is possible that when somebody calls their family in India, the call may actually have been rerouted through your business's telephone system and you are footing the bill.

The hacker need not be based locally, either. A determined telephone hacker from overseas can be just as successful as one in Ireland.

All companies need to treat their PBX systems the same way they would their computer networks. No smart business would ever leave its networks unchecked or without adequate security measures and it is an unfortunate sign of the times that we must now do the same with our phone systems.

While IT and telecoms security is often managed by IT departments, the issue should really demand chief executive-level attention, given the financial risks many companies can be exposed to. Unfortunately, the cost and resource difficulties of self-detection often mean the problem is ignored at management level.

The other main source of telephone fraud is your own staff. Most companies are happy to overlook the odd personal call during lunch hours, but costs can easily mount if the system is abused.

One common method is to divert an office phone to the number of a relative or friend overseas and then contact them at night or at weekends by calling the office phone (and enjoying local rates). A simple technique, but many companies leave themselves open to it.

Other workplace phone scams can be rife. Fraud detection is often the toughest part, especially if your business requires staff to make a lot of legitimate calls.

There are, of course, steps that businesses can take to help protect themselves, ranging from gatekeeper-type software to help block hackers, to phone-usage reports that highlight unusual spikes in call activity.

But few businesses have the time or resources to monitor their own telecoms activity minutely. And it is exactly this situation that fraudsters exploit. Given the financial risks involved, telecoms fraud is an issue all businesses must face - whether they make 10 calls a week or 10,000.

ComReg estimates the average monthly bill on fixed and mobile calls is €1,100 for SMEs and €6,000 for larger corporates. Companies can and should use benchmarking mechanisms to verify telecoms charges, rather than signing off "because the bill was similar to last month's".

The proposed Electronic Communications (Miscellaneous Provisions) Bill 2005 certainly applies more pressure on the telcos not to overcharge customers, but Irish business still faces numerous other telecoms cost threats, both internal and external.

Business managers need to know that they are being charged the correct cost for calls made and whether those calls were legitimate.

Shaun Hayden is chief operating officer at telecoms firm MinuteBuyer.