|
How to Outfox PBX Fraud Be alert to the overt signs of PBX abuse: repeated calls of short duration, unexplained increases in incoming or outgoing calls, sudden increases in 800 usage or changes in after-hours calling patterns. If practical, eliminate remote access to your PBX and replace it with telephone credit cards for authorized personnel. If you eliminate remote access, make sure the system is disabled when not in use. If eliminating remote access isn't an option, try implementing these suggestions to minimize your risk to toll fraud: If possible, limit the number of employees who use remote access. Use an unpublished number for remote access lines instead of 800 numbers. A delayed electronic call response can provide added security. Your PBX should be programmed to wait at least five rings before answering a call. A steady tone used as a remote access prompt leaves your system vulnerable to perpetrators' automatic dialing programs. Use a voice recording or silent prompt instead of a tone. Tailor access to your PBX to conform to the needs of your business. Block access to international and long-distance numbers your company does not call. If this isn't practical, consider using "time-of-day" routing features to restrict international calls to day-time hours only. Whenever possible, limit remote PBX access to local calling during normal business hours. Be sure to restrict access after hours and on weekends. Delete all authorization codes that were programmed into your PBX for testing or servicing. Assign codes on a need-to-know basis. Advise employees to treat codes as they would credit card numbers. Never print codes on billing records. Assign the longest possible authorization numbers your PBX can handle. Select codes at random -- don't use telephone extension numbers, employee ID numbers, social security numbers, addresses or other common numerical sequences. Audit and frequently change all active codes in your PBX. Cancel unassigned access codes, especially those used by former employees. Consider implementing a barrier code system, an additional numeric password that adds a second level of security. Don't allow unlimited attempts to enter your system. Program your PBX to disallow access after the third invalid access or barrier code attempt. Carefully review all billing information to identify unauthorized calling patterns. Frequent reviews can save lots of money. Investigate toll fraud monitoring options that may be available from your local exchange company or interexchange carrier. Directories and business cards that list PBX access numbers should be shredded before being placed in the trash. Never give out technical information about your system to callers unless you're certain who's on the other end of the line. Educate employees about the dangers of phone fraud and what they can do to help prevent it.