Very Long but very intersting article

Discussion in 'UK VOIP' started by Ian, Jul 3, 2005.

  1. Ian

    Ian Guest


    This may be of interest to some. Topical as a US supplier recently went bust
    in part due to fraud.

    It's one of the best kept secrets in the Voice over IP industry.

    The biggest problem facing VoIP providers isn't the specter of costly E911
    requirements, overzealous regulators, or even competition from a myriad of

    The biggest issue is fraud, perpetrated by scammers who take advantage of
    lax international communications standards and regulations, and make
    thousands of minutes of calls through carriers - many of them fly-by-night
    operators - in places such as Afghanistan and Lichtenstein, who charge
    exhorbitant rates for call termination, leaving the originating service
    provider with sky high bills and no one to charge for them.

    VoIP scams have already caused start-ups in the fledgling industry millions
    of dollars in losses and are blamed, in part, for the recent demise of one
    service provider.

    "It is the single largest problem facing providers," says Ravi Sakaria,
    VoicePulse CEO, "because the development cost associated with addressing the
    issue is significant enough that it could be prohibitive for the smaller

    David Epstein, the CEO of BroadVoice, agrees. "Theft of telecom services
    isn't anything new," said Epstein. "What is new is the ease with which
    perpetrators can do this."

    It is easy, and for Jeremy McNamara, founder and owner of NuFone, a small
    but popular VoIP provider specializing in service for the Asterisk
    open-source PBX system, very costly.

    "One day we were contacted by a customer who wanted a wholesale agreement
    with us for international calling," McNamara says. "For a few months the
    traffic was regular. In the beginning of April he started weaving into the
    regular traffic a Lichtenstein special services number, similar to 1-900
    numbers, where the far end carrier sets the rate."

    When the bill for terminating these calls came, NuFone had a rude awakening.
    "We were charging him $.09 a minutes and being billed $1.90 a minute. He was
    gladly paying $.09 a minute."

    This single incident will potentially cost NuFone about $450,000, although
    the company is currently disputing the charges. The company has also
    contacted the U.S. Secret Service. "We're currently waiting on a response
    from them on what the next step is," says McNamara.

    Other providers have reported cases to the FBI as well. However, the ability
    of law enforcement agencies to prosecute these crimes is limited.

    When DialPad changed its business model from a free to a pay service in
    2001, "we got an early education in how insidious the fraud problem is,"
    said Craig Walker, the company CEO (Dialpad was recently pruchased by
    Yahoo). "We learned early on that there is a risk to the viability of the

    For LiveVOIP, a small provider based in Mesa, AZ, fraud contributed to the
    company having gone belly-up earlier this month, leaving their customers
    with no service. Citing, among other factors, "mass credit card fraud" as a
    reason, the company's web site was replaced with a notice of bankruptcy (the
    notice was recently removed, though the business remains shuttered).
    LiveVoip representatives could not be reached for comment.

    Even the big players have had their bouts with scammers.

    For Vonage, fraud came as an unexpected byproduct of the company's recent
    marketing push. "At the end of 2004 into early 2005, as a result of our TV
    campaign," explains Jerry Maloney, Vonage Senior VP Finance, "people found
    us and this unintentionally opened up the floodgates." Since then, the
    company's anti-fraud team has been able to reduce the fraud losses
    significantly, according to Maloney.

    BroadVoice executives say that fraud, and its detection, is a very
    significant part of their business. "During the early part of this year, a
    significant percentage - about 10 percent - of new subscribers turned out to
    be fraudulent," reports BroadVoice's Epstein.

    There are several reasons why VoIP is more vulnerable to this type of fraud.

    The call termination scam that NuFone experienced takes advantage of the
    fact that in some countries control over the communications system is weak.
    It's relatively easy for a scammer to set up a competitive common carrier -
    VoIP doesn't require the specialized equipment of traditional telephony, so
    there's very little barrier to entry.

    More importantly, a lack of government oversite allows rates to be changed
    ad hoc, without any other carrier being aware of the changes. The cost of a
    specific call termination can be increased by huge margins, and the
    originating carrier - a BroadVoice, Vonage or VoicePulse - is left footing
    the bill having never been informed of the price increase.

    As a hypothetic example, a provider in the United States offers calls to a
    specific country at 10 cents a minute to landlines and 25 cents a minute to
    cell phones. The provider has set those rates based on the average price it
    pays to the large carriers - such as Bermuda-based Global Crossing - to
    terminate calls in that country. The large carriers protect themselves from
    unexpected price blips by including cost pass-throughs in their contracts
    with the service providers.

    Now, a scammer sets up termination service to certain numbers in that
    country, and charges, for example, $2.00 a minute. Accomplices of the
    scammer sign up with the service provider and, once set up, make a call to
    one of the numbers. On the other end, the line picks up and the caller
    simply keeps the phone off the hook for hours. In the meantime, the service
    provider is being charged $2.00 a minute for that call (plus whatever
    built-in mark-up the large carrier adds), but is still charging the caller
    10 cents a minute. It's like being in a taxi with the flag up and travelling
    continuously in a loop around the block: The losses are potentially huge and
    mount up rapidly.

    This type of situation is at the center of recent difficulties faced by
    BroadVoice when GlobalCrossing cut the company off, leaving a large number
    of BroadVoice customers without service, though officials from BroadVoice
    and Global Crossing, currently involved in a legal dispute, would neither
    confirm nor deny this.

    The growth of identity theft also plays a role in the VoIP fraud problem.
    Although NuFone's scammer used a valid credit card to sign up, many scammers
    use stolen credit card numbers to sign up for service. Because all the
    information is valid - it's been stolen recently and hasn't been reported,
    what scammers call "fresh" - the application is accepted. And stolen credit
    card numbers are easy to get - all you need is an online connection the
    ability to join IRC chat rooms like "#ccz" and "#ccards."

    Another scam that VoIP providers have seen involves Western Union, as Lance
    James explains. James is CTO of Secure Science Corp., a company that
    specializes in fraud detection, tracking and prevention.

    The scammers place a money transfer order to themselves with Western Union
    using a stolen credit card and faking - called spoofing - the callback
    number that appears on Western Union's caller ID. For small amounts - under
    $300 - Western Union doesn't call back to check with the purchaser if the
    callback number matches that on the credit card. Because the amounts are
    small, thieves make repeated calls.

    Although phone number spoofing is not new, it is much easier with the open
    standards of IP, according to James. And you don't have to be a technical
    expert, either. There are services like SPOOFTEL ( that
    will do it for you.

    Another factor in the fraud picture is the nature of the technology. The
    openness that is an important benefit of building on IP also creates

    "It's similar to e-mail," says Secure Science's James. "SIP to SIP
    communications are like an e-mail address."

    "The potential is the same with any open protocol for someone with in-depth
    knowledge to take advantage of the architecture," says Roger Farnsworth,
    Cisco Marketing Manager for Secure IP Communications for Voice.

    "VoIP providers are moving into uncharted waters, Cell and GSM phones have
    to register the phone," Farnsworth says. "VoIP is working from a different
    paradigm - for example, BYOD (Bring Your Own Device) services. How do you
    register users and devices, authenticate users and ensure legitimate

    "It's difficult to do security [for VoIP] because of its inherent
    complexity," explains Internet veteran Karl Auerbach, former ICANN Director
    and CTO of Internetworking Labs, a VoIP interoperability testing company.
    "The design of VoIP protocols tries to cover as bases as possible,
    implementers have to deal with all these possibilities."

    The burden of addressing the fraud problem falls to providers - not the
    credit card companies. Credit card companies seldom initiate fraud
    investigations, according to Detective Mike Blanc of the Santa Clara, CA,
    Police Department High Tech Crimes unit. "They treat it as a cost of doing
    business," Blanc says.

    In fact, it could be said that fraud is not a cost but a profit center for
    the credit card companies because merchants are charged additional fees for
    fraudulent transactions. And the fees escalate with the level of fraud.

    To protect themselves, VoIP providers have developed their own tools for
    screening out fraud. Many providers monitor call patterns constantly and
    block calls to suspicious exchanges. Some have taken it further, like
    NuFone, which has limited international calling for new accounts and blocks
    all calls to countries that are associated with high rates of fraud like

    VoicePulse has developed a screening system that "scores" an order based on
    many different criteria. As a result, "We are detecting 95 percent of
    fraudulent orders," says VoicePulse's Sakaria. He adds that "the number of
    attempts has not decreased."

    VoicePulse plans to offer its security software as a standalone product
    which will be available in the fourth quarter of this year, according to

    Despite the fact that VoIP providers are becoming smarter about preventing
    fraud, the problem appears to be permanent.

    "It's a cost of doing business and a significant one," says Sakaria. "I've
    been saying all along that the cost of entry [into the VoIP business] is low
    but the cost of staying in business is high."
    Ian, Jul 3, 2005
    1. Advertisements

  2. Ian

    news Guest


    Far too long to read, if it is worth it. Can you tell us what the article
    is about in a few lines and what it has to do with this group. Then i will
    decide whether to look at it.
    news, Jul 4, 2005
    1. Advertisements

  3. its about how some VoIP providers are being taken to the cleaners by
    users making calls to premium rate lines and the like. Some of it is
    wholesalers who don't understand the international market offerring
    inclusive calls or flat rates then resellers / users / fraudsters
    calling high cost numbers, by the time the bill arrives at the
    provider the user/reseller is long gone.

    Phil Thompson, Jul 4, 2005

  4. Exactly.
    I rather lost the will to live about 50% of the way through it but I
    agree with your summary, Phil.

    It's the same old story - people/businesses without a clue about
    Telecomms think that their internet expertise is sufficient knowledge
    for them to set themsleves up as a Telco.

    Maybe I'm being a tad harsh, but I'm inclined to say "serves them
    David Quinton, Jul 4, 2005
  5. Ian

    Don Carter Guest

    First it was Double Glazing, then it was Kitchens, then it was Mobile
    phones and now it's VOIP that the fly by night cowboys are trying to
    make a killing out of. Bet all the sales people are the same for all
    Don Carter, Jul 4, 2005
  6. Ian

    Ian Guest

    I think you have misread it. Its the companys being conned by users and call
    termination companies working the con together in countries with none or
    little control of their telecoms markets. Not voip companies conning users.

    Ian, Jul 4, 2005
  7. Ian

    Al Guest

    Instead of copying out the complete book and pasting it into your
    post, why not simply post a link to the article and give a synopsis of
    the main points in it?
    Al, Jul 5, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.