Categories
Bad Stuff Business ofcom scams security voip

VoIP Fraud — Technological Conventionality Achieved

VoIP has reached the mainstream. We know because the fraudsters are coming after us.

Trefor.net welcomes VoIP Week guest contributor Colin Duffy, CEO of Voipfone and ITSPA Council member.

VoIP merges two of the largest industries in the world: Telecommunications ($5.0 trillion) and the Internet ($4.2 trillion). It is big business.

Estimates of VoIP market size vary, though they are universally large. For instance, Infotenetics Research estimates the global residential and business VoIP market to be worth $64bn in 2014, growing to $88bn in 2018. Visiongain, on another hand, puts the 2018 value at $76bn. WhichVoIP (Bragg) has it as $82.7bn by 2017, and also claims that VoIP calls account for 34% of global voice traffic – 172bn call minutes. And then there is the United States Federal Communications Commission, which estimates that “In December 2011, there were 107 million end-user switched access lines in service [..in the USA and..] 37 million interconnected VoIP subscriptions.

And with opportunity comes the thief:

ICT Recent Scenarios: VoIP Week: Colin Duffy
(Corporate ICT)

 

(You have to love that New Scotland Yard hack…..)

But it’s not confined to big organisations; perhaps a little closer to home:

“A family-run business says it has ‘nowhere left to turn’ after hackers rigged its telephone system to call premium rate phone numbers — racking up a bill of nearly £6,000. ‘We reported it to the police, but we were told there was very little likelihood of them catching anyone so they wouldn’t be able to investigate’, she added.”                               

— Lancashire Telegraph

The Communications Fraud Control Association publishes a global fraud loss survey, and in 2013 they estimated that the global telecommunication industry loss to fraud was an enormous $46.3bn, which included:

  • VoIP hacking ($3.6bn),
  • PBX hacking ($4.4bn),
  • Premium Rate Services Fraud ($4.7bn),
  • Subscription Fraud ($5.2bn)
  • International Revenue Share Fraud ($1.8).

Over 90% of the telephone companies included in the CFCA’s survey reported that fraud within their company had increased or stayed the same since the last report.

Globally, the top emerging fraud type was identified as Internet Revenue Sharing Fraud, with Premium Rate Service Fraud (both international and domestic) also in the top five. Of the top five emerging fraud methods, PBX Hacking was the most important with VoIP Hacking at number three.

Who’s doing all this is a big and interesting topic, but here’s a starter:

Top Ten Countries where fraud
TERMINATES

Top Ten Countries where fraud
ORIGINATES

*Latvia
Gambia
*Somalia
Guinea
Cuba
East Timor
Lithuania
Taiwan
*UK
USA
India
*UK
Brazil
Philippines
*Latvia
Pakistan
*Somalia
Spain
Bulgaria

CFCA, Global Fraud Loss Survey, 2013

What can be done?

Earlier this year a customer of Voiceflex was hacked to the tune of £35,000 when over 10,000 calls were sent to a Polish Premium Service number over a period of 36 hours. The customer refused to pay, which resulted in a court case that the telco lost. Now the industry is looking to its terms and conditions for protection, but it’s clear that this isn’t enough – the cause needs addressing.

The best approach would be to cut off the money supply – if Telcos could withhold payments for known fraudulent calls, the activity would end. But this solution requires changes to inter-operator agreements and cross-jurisdiction interventions.

“We are currently in discussions with our fellow EU regulators about steps that may be taken to address cross-border [Dial Through] fraud and misuse. It is important that companies using VoIP systems take steps to ensure both the physical and technical security of their equipment in order to avoid becoming an ‘easy target’ for this type of criminal activity […..] We are approaching the NICC and relevant trade associations to ensure their advice is updated to help businesses better protect themselves against newer types of dial-through fraud that have emerged as technology has developed.”

— Ofcom 2013

For once I agree with Ofcom. The industry needs to work harder at target-hardening. We need to be making this industry safer for our customers.

There’s a lot to be done but a good start is to read and apply the guidance issued by ITSPA – the UK trade organisation for Internet Telcos.

I’m taking a close personal interest in VoIP fraud and security, and I invite anyone who has more information or who wishes to discuss this in more detail to contact me at colin@voipfone.co.uk email

A naive user asked me, ‘why can’t you just make safe telephones?’ Well, why can’t we?

Categories
broadband Business business applications internet net neutrality peering voip

Net Neutrality and Telephony

Net neutrality and VoIP telephony – thorny issues the industry needs to negotiate

Trefor.net welcomes “VoIP Week” contributor Rob Pickering, CEO of ipcortex.

Most folks who work in the VoIP industry have at some point been subject to a casual horror story from a new acquaintance about evil VoIP and how they tried it once and that it nearly brought their business to its knees. My heart sinks whenever I realise that this is the direction in which the conversation is going, at which point I usually find myself wishing I’d said that I did something less controversial for a living…like writing computer networking software! I listen, though, nodding politely, already forming a conclusion — after all, it would be unlikely that the problems experienced were due to a fault in their equipment or termination provider, both of which are probably perfectly reliable. No, a lack of a suitable quality of service (QoS) between their premises and termination provider is almost always the culprit in such circumstances.

The UK service provider industry has developed lots of solutions to the QoS problem, and things are far better now than they were just five or ten years ago when the market was in its infancy. The quality and availability of last mile circuits, particularly in metropolitan areas, has massively improved with successive advancements such as LLU, FTTC, FTTP, and cost-effective, high bandwidth Ethernet IAD type circuits. There has also been a trend towards integrated providers delivering the whole service — access circuit, Internet and telephony — as a single package. Behind the scenes, this may or may not translate technically into a full end-to-end in-house QoS-managed solution, depending on the provider and sometimes the geography of the customer. It does, however, assign commercial responsibility for delivering a fit-for-purpose solution to a single party, and this can only produce a better quality outcome for the customer.

ipcortexlogo

Such an approach is certainly not universal. The US market has developed differently, for instance, and most VoIP termination providers don’t get deeply involved in provision of access circuits, instead opting to rely on decent low loss, low jitter transit or peering arrangements, and their customers’ own commodity access circuits. Often they will do a bit of automated “connection testing” as part of their signup process, however in general customers on unsuitable circuits tend to weed themselves out.  This does produce some benefits for customers, including more transparency with regard to costs, as well as a bit less lock-in as there is no commercial linkage between access and over-the-top (OTT) voice service. Today, in fact, several of those US suppliers are entering the UK market with this same business model.

Which brings us on to Net Neutrality. Whenever this subject comes up, we tend to think about its obvious effects on consumer entertainment services. The future development of the telephony industry is, however, intimately linked with this issue. Whilst the raw, per-consumer bandwidth requirements of a VoD service like Netflix is greater, the network characteristics required to deliver a reliable telephony conversation of at least ISDN quality are in some ways more onerous. Though buffering can always be used to counter horrible jitter on the underlying path for a video stream, and content caches are already used to reduce transit requirements, neither of these methods can be used to reduce the pain on a real-time voice conversation. If telephony providers can no longer get good, zero-packet loss, low jitter transit, or peering with many leading access providers, then an entire business model may very well be frozen out.

How do you think the industry will develop? Vertically integrated one-stop shops for network access and telephony, or universal OTT providers? I’d love to know your thoughts.

VoIP Week Posts:

Categories
Business voip hardware

Time of Day traffic and the Patterns of Life by Colin Duffy

This is a Time of Day telephony traffic graph – I’ve been looking at them for most of my working life. For a normal business day they pretty much always look like this:


This is how business people use telephones on a normal working day.

They generally get into the office and start making calls at about 9am, work steadily up to about midday, then have a spot of lunch. They come back at 2pm and start calling again, then everything starts tailing off about 4pm as people start thinking of home – or beer, or both.

Telephone exchanges have to be built to cope with the traffic at the busiest hour of the day so since the very earliest days of telecommunications telephone companies have been trying to reduce the height of those peaks and spread the load more evenly.

A call at a peaks adds a cost but a call either side of a peak adds a profit.

As you can see, the network is doing practically nothing after 6pm