Skip to main content
Risk Management Bulletin


By May 1, 2012No Comments

Industry analysts estimate that telephone fraud costs American businesses and residences as much as $4 billion per year. Whether you’re installing a new phone system or just want to take full advantage of your present system, you need to protect your business against this threat.

Although hackers might break into telephone systems for thrills, other criminals make a living at it. These lawbreakers often sell their services to “retailers,” who offer stolen phone-access numbers to drug traffickers or illegal immigrants. This scam can translate into expensive calls to distant destinations in a brief time. The major long-distance carriers all offer protection packages that provide users with 24-hour toll fraud monitoring, training, and liability limits.

Experts recommend these basic proactive measures to protect your business against phone fraud:

  1. Adopt a prevention program. Use the security measures your system provides; change passwords and/or access codes frequently.
  2. Because most thieves are interested in making international calls, block calls to countries where you don’t do business. This means that no one — from the president on down to the cleaning crew — can make the calls. Taking this precaution means that, although hackers might call in, they won’t receive authorization to call Peru, for instance.
  3. Eliminate direct inward system access (DISA) or remote access, which allows outside producers to access an outbound line with an 800 number. Issue phone credit cards instead.
  4. Review call-accounting reports to identify fraudulent usage. Check for repeated failed password attempts. Look for long calls, calls after certain hours, and other suspicious activities.
  5. Secure your voice mailbox and auto-answer attendant system to prevent an inbound caller from getting an outside line through these automated devices. Change passwords to access mailboxes every month or so.
  6. Discuss security measures with your long-distance phone company for ways to decrease your vulnerability. The company might have informational materials for your staff.
  7. Educate employees, starting with your switchboard operator, not to transfer incoming calls to an outside operator. Outside producers should make sure that no one is listening or watching when they read or key in their calling-card number. Phone companies will never call a customer for verification of a personal identification number (PIN) — which means that employees shouldn’t give it out to any caller.
  8. If you have a PBX system, conduct a monthly security audit on the system, and check authorization codes.
  9. Consider buying a PBX protection package, which can help you monitor potentially fraudulent activity, such as repeated searches for a dial tone, and can limit your liability for unauthorized calls. If you have this package, you might be eligible for a discount on toll-fraud insurance.
  10. Consider insurance coverage for toll fraud.