Communicate freely, we've got you secured

Toll Fraud Mitigation

Toll Fraud

Toll Fraud or IRSF (international revenue share fraud) continues to be a global scourge, now greater than credit card fraud and estimated to be costing the global business community in excess of $8bn per annum. 

Hacktivists commit this fraud by accessing the telephone lines and calling premium rate number services, their motivation stems from the lucrative profits that are generated from owning these premium rate numbers.

Unsecured access routes such as DDI numbers provide the hackers with direct access to the UC solution, thereafter they seek to exploit end user security via digital cyber tools such as war diallers.  A successful breach means the hackers have accessed dial tone, after which they generate as many calls as possible to their premium rate – revenue share numbers.

Toll Fraud attacks generally occur during the weekend when the enterprise is unmanned, the victims are usually informed on Monday morning from their service provider that their UC infrastructure has been compromised. Average incident value is $30,000 and the victims are liable.

As illustrated in the infographic below, unsecured access routes such as DDI numbers provide the hackers with direct access to the UC platform, thereafter they seek to exploit end user security credentials via digital cyber tools such as war diallers. A successful breach means the hackers have accessed dial tone, after which they generate as many calls as possible to their premium rate – revenue share numbers.

 

Utilising an Innovative Technique, UC Defence combats the threat of Toll Fraud at it Very Core:

  • Our technology consists of a back-to-back user agent
    application which has the ability to automatically inject
    traceable watermarks into every inbound call that enters the
    UC infrastructure.
  • In real-time, our application continually scans all outbound
    calls for the purpose of detecting watermarks.
  • In default mode, UC Defence will block all outbound calls containing watermarks, except
    for situations where the “called number” was previously entered within the allow/deny database