Toll-Free Numbers can become more expensive than you think. Traffic Pumping is a very interesting scam, but today, we are more interested in a specific subtype – called toll-free traffic pumping, because that’s the kind that impacts you!
Before we proceed, let’s spend a few moments on traditional Traffic Pumping, which affects carriers, not corporates.
Traffic Pumping
Here’s a brief view of how it works:
The Context:
When AT&T (or Verizon or someone big) lays out a mile of wire in New York, that infrastructure serves tens of thousands of customers. When some local operation in Ohio or Montana lays out 10 miles of wire, they serve maybe a few thousand customers. In short, infrastructure in remote rural areas is a lot more expensive to lay out. To enable reasonably equitable access to telecom infrastructure, the FCC and the industry have a differentiated revenue-sharing scheme. So, when you call from New York to San Francisco, the long-distance carrier (LDC) from NY to SF ends up paying a small access charge to the service provider in SF. The total amount is usually a fraction of a cent per minute of usage, but if the call is from NY to Ottumwa, Iowa, the long-distance carrier ends up paying up to 8 cents per minute to the service provider in Ottumwa.
The Groundwork
When Joe Fraudster learns of this kind of differentiated revenue sharing – he immediately figures out a scam.
- He talks with a local phone company in Ottumwa and takes a few numbers from them.
- He promises that there will be a lot of calls coming to these numbers, so they provide lots of lines and promise him a share of the revenues.
The Attack
- Joe’s minions in New York, LA, SF, and other big cities then get phone plans with unlimited free long-distance calling.
- The minions then make calls to the Ottumwa numbers, keeping the lines working for hours at a time.
- At the end of the month, the phone company from Ottumwa charges the LDC 8 cents for every minute of the calls. In some cases, the LDC has had to pay up to two million to the Ottumwa phone company, so it adds up nicely.
- Joe then gets up to 40% of the billing, a neat 800,000!
Most fraudsters have a legally correct business angle – for example, providing conference calling services or directory or porn services, so it becomes difficult to deny them the money – everything is legal, by the book, even if it stinks to high heavens.
Toll-Free Traffic Pumping and how it impacts corporates
But for us, Toll-Free Traffic Pumping is more interesting – because our customers are corporates, and they pay for this scam. I had briefly touched upon this scam in my earlier article on Toll Fraud, but this time I will delve into it a little more.
The Context:
A well-known, globally renowned, highly customer-oriented bank sets up a toll-free number (a 1-800 number). For this, it works with its local service provider – for every call coming in, the bank pays the service provider a couple of cents per minute. The idea here is to make it free and easy for customers to get in touch with the bank. And because it’s a big bank, they set up an IVR facility on the 1-800 number.
Now, here’s something to know. When you make a phone call from a number in Ottumwa to a 1-800 number in New York, the 1-800 company bills the bank, and the revenues are shared by the complete queue of carriers that connect the Ottumwa call to New York. Everyone makes a little – a fraction of a cent. For a Verizon, this may be negligible, but for a small phone company in the prairie, it all adds up to something significant.
The Groundwork
When Joe Fraudster learns that the bank has set up a toll-free number, he takes immediate action.
- He calls up the 1-800 number and fully explores the IVR system, understanding a lot of the details – the complete IVR map, the duration of silence allowed before the call is dropped, the sequence of button presses that are most ‘forgiving’ (allowing the call to continue).
- He informs his phone company in Ottumwa, Iowa that he expects lots of phone activity in Ottumwa and confirms that they will pay him his 40% share.
The Attack
- Joe’s minions in Ottumwa then call up the 1-800 number of the bank and keep pressing keys that prolong the call, often to hours. No, they don’t have humans pressing the keys – the work is all automated. The cents add up to dollars, and when there are multiple lines being used in parallel, day in and day out, the dollars add up to tens of thousands of dollars.
- At the end of the month, the bank ends up paying through its nose for calls that never served any customers – calls that just used up capacity without serving any purpose.
Nearly always, Joe’s minions spoof the Caller-ID, attempting to mask the origin of the calls, to avoid being investigated by the FCC and the FBI.
Preventing Toll-free Traffic Pumping
Toll-free Traffic Pumping is increasingly becoming a business problem – if you expose your 1-800 number, you can expect as much as 10% of your incoming calls to be fraud calls – crooks trying to mooch off you.
The short answer to solving the problem: be less forgiving.
If a caller makes even two mistakes in the IVR keypress sequence, disconnect the call.
If the automation system struggles to identify a human on the other side, disconnect the call.
But even these tricks are often not enough – you might end up losing genuine customers who may struggle with IVR systems – I know I often struggle with the right keypresses.
So, another technique can be used – before a call connects, route it to an analysis engine – applications that look at multiple aspects of a call (point of origin, signs of caller ID spoofing, and so on), and use that information to identify if the call is genuine or an attempt at fraud.
Talk with your OEM or your SI partner and see if they can provide solutions that provide this capability. Have more questions? Send me an email at securityeducation@assertion.cloud