The Communications Fraud Control Association (CFCA) has announced the results of its Global Telecom Fraud Survey, reporting an 18% decrease in communication fraud since 2013. CFCA attributes an increase in collaboration and coordination among carriers in identifying and stopping fraudulent activity following the 2013 report, but Angela German, Director of Marketing, VoipSec calls for the CFCA to substantiate this statement, and questions the conclusions of the report.
Comparing the 2013 and 2015 reports is not the easiest task because of variations in the questions and styles of reporting. The 2015 report shows IP PBX hacking (described as VoIP hacking in the 2013 report) move to the second most costly fraud method behind PBX hacking, which has in turn moved to the top spot. However, this year’s report has split Subscription Fraud into two different forms (application and identity), which, when combined back together, adds up to $6.08bn. Therefore, when accurately compared, the report in fact reveals an increase from the $5.22bn found in 2013. Rather than painting an inaccurately rosy picture, therefore, the trend actually indicates that the need for companies to take action and secure their telecom systems is greater than ever.
In addition, the report goes so far as to claim that since 2013 there has been an ‘increase in collaboration and coordination among carriers in identifying and stopping fraudulent activity’. This statement is worthy of further clarification, as it seems a bold claim for those within the industry who have observed the opposite.
The report also asks participants ‘what percentage of your company’s revenue base do you think is fraud?’ The use of ‘think’ when it comes to fraud is concerning because any company in the current security climate should have taken considerable action to identify any breaches, and should therefore also have a clear picture of the associated financials. This highlights the fact that actually, the report assumes companies don’t know how and when hacking is occurring.
What some organisations might be unaware of is that sadly, in the event of a security breach, the telecom provider is not responsible and will not pay out. Check the small print: the telephone network provider has no liability in such cases; it is all down to the SME. The result of this is an open door for hackers to exploit through call-jacking or toll fraud. Furthermore, an attack like this can financially cripple a smaller business within a weekend.
In the case of many IP PBX (VoIP) hacks in big companies, the fraud is taking place on a small enough but consistent scale meaning it’s likely to fall under the radar. VoIP is still a hugely compelling technology with benefits of reduced costs and business efficiency, but the report highlights that both companies and the CFCA are failing to properly consider the risk of not deploying associated security.
The fact is that, currently, the majority of businesses – particularly within the SME space – the area of VoIP security is clearly still being overlooked even with the risk of considerable financial loss. Businesses are either unaware of, or are ignoring this risk; or indeed, relying on the service provider to deliver security on their behalf.
In summary, what the report actually reveals is that far too many companies are either not fully aware of the financial risks or assume that the security available is too complex or costly.
However, this no longer holds true. The latest generation of cloud based technology can provide companies with an essential first tier of voice security through simple download and install virtual SBC. With new vendors bringing down the cost of security and offering new models for investment in VoIP security, businesses should feel at ease with deploying their own risk mitigation solution to ensure they are at all times in the best position possible to be protected.
Fundamentally, it is only by applying the same level of rigour to telecom security that has become standard practice across data networks that businesses will truly overcome VoIP hacking and fraud. Ensuring this essential action is taken will enable companies to genuinely identify and stop the fraudulent activity that the CFCA has actually proven is still prevalent.