What Is Toll Fraud and How Can You Prevent It From Happening to Your Business?
When you think about your business’s network and security, the telephone is often overlooked as a viable target. That can be a costly mistake, as one of the most common forms of attack on a telephone network is international revenue sharing fraud (IRSF), also known as toll fraud.
Toll Fraud: A Growing Problem
The Communications Fraud Control Association (CFCA) reports that in 2021, fraud caused $39.89 billion in global losses, corresponding to 2.22% of the total global telecom revenue. Toll fraud was the leading cause, accounting for $6.69 billion in losses. And the losses continue to mount year over year due to the increased adoption of VoIP and communications APIs. Read on to learn more about toll fraud and how Vonage is taking steps to protect your business from becoming another victim.
What Is Toll Fraud?
Toll fraud is when someone gains access to your phone system to make artificially generated high-volume calls to premium international numbers. This is accomplished by fraudsters discovering two-factor authentication (2FA) deployments with access to a telecommunications network.
These fraudsters then make calls to expensive rate numbers and take a cut of the revenue generated from these calls, usually being sold through overseas calling cards or low-cost call tariffs. Many businesses only discover that they have fallen victim to toll fraud after the intrusion has taken place and the costly telephone bill arrives.
How Does Toll Fraud Work?
Any company with a voice application can be a target and vulnerable to toll fraud. It most commonly occurs in three ways:
Account Abuse: Any service you build and offer to your users, particularly if you offer some kind of free trial experience, is at risk of toll fraud. These fraudsters will create a large number of fake accounts in order to generate call traffic to premium rate numbers.
Voice Verification Code Spamming: When implementing 2FA, it’s a best practice to provide an option to send a code via a phone call in case your user is on a landline or is having trouble receiving SMS. Fraudsters are actively looking for these flows, which often allow calling to anywhere in the world. The fraudsters launch scripted attacks in order to generate a high volume of calls through this voice verification function.
SMS Verification Code Spamming: Same as the voice spamming, fraudsters will generate a large number of fake verification texts usings SMS. This is usually not as lucrative unless they send fake traffic to high-priced SMS destinations, such as Algeria.
How Can You Prevent Toll Fraud?
The best strategy to protect yourself and your business from toll fraud is to establish a combination of security measures to limit a fraudster’s access to your calling capability. Here are three of the most important steps:
Account Security: Use a phone number and email 2FA verification process to gain confidence that they are a real person and eliminate bot intrusion.
Geo Permissions: Restrict calling to international destinations as much as possible, while disabling countries where 2FA is not used. Since toll fraud terminates in locales with expensive calling rates, you can limit your exposure by only allowing calling to major locales.
Rate Limits: Fraudsters will attack your systems quickly and when you least expect it. By limiting calls per minute, calls per 60 minutes, and calls per 24 hours, call duration, and concurrent calls, you reduce the fraudsters ability to create a high volume of traffic over a short period of time. The exact limits depend on the risk you are willing to take, but we recommend that you only open up your services once you’ve sufficiently verified your customer.
Vonage has a number of capabilities available to help protect you from toll fraud. The most important step is enabling a proper 2FA tool, such as the Verify API. This global API will determine the identity of a user by validating once by logging in, followed by validating a second time from their mobile device using SMS or voice.
The anti-fraud service within the Verify API is a logic engine that blocks suspicious traffic based on the traffic profile of each account. This feature keeps you from becoming a victim of toll fraud by stopping it in its tracks. Once fraud has been detected, automated notifications are automatically sent to the customer, where they have a number of options on how to proceed next.
In addition, you can validate phone numbers around the world to ensure they are legitimate by using the Number Insight API. It utilizes real-time data to check if a phone number is active, whether the handset is turned-on, and determines what carrier and country it is registered to. Using these two easy-to-implement APIs can greatly reduce your exposure to fraudulent activity.
Unfortunately, we live in a world where attacks by fraudsters are becoming more and more commonplace. They are constantly evolving their tactics to get around your safeguards and are capable of causing immeasurable damage. Companies need to evolve as well, always staying one step ahead of the fraudsters using the latest security technology. Vonage’s Verify API is a great tool to help your business block fraudsters and provide the peace of mind that you are protected.
Learn more about Vonage Verify and how you can prevent toll fraud and other problems.