Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
CPE-PBX Fraud Management Guide and Checklist

CPE-PBX Fraud Management Guide and Checklist

Ratings: (0)|Views: 14|Likes:
Published by AssuringBusiness
PBX Hacking and Fraud is a global concern running to billions of dollars of loss globally. The CFCA Global Fraud Loss Survey estimates $4.42bn losses annually to 2012.

Many businesses utilise telecoms equipment for their offices and customer contact channels; PBX/PABX (Private Branch Exchange), Voicemail and Interactive Voice Response (IVR) systems; collectively CPE (Customer Premises Equipment) as it’s known in the telecoms industry. But many do not realise how these systems might expose them to significant losses from telecoms fraud.

This guide and checklist helps businesses to review and protect their CPE/PBX against hacking, fraud and other all-to-common risks that can be avoided.
PBX Hacking and Fraud is a global concern running to billions of dollars of loss globally. The CFCA Global Fraud Loss Survey estimates $4.42bn losses annually to 2012.

Many businesses utilise telecoms equipment for their offices and customer contact channels; PBX/PABX (Private Branch Exchange), Voicemail and Interactive Voice Response (IVR) systems; collectively CPE (Customer Premises Equipment) as it’s known in the telecoms industry. But many do not realise how these systems might expose them to significant losses from telecoms fraud.

This guide and checklist helps businesses to review and protect their CPE/PBX against hacking, fraud and other all-to-common risks that can be avoided.

More info:

Published by: AssuringBusiness on Oct 04, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

04/25/2014

pdf

text

original

 
 
© AssuringBusiness – all rights reserved
CPE/PBX FraudManagementChecklist
An Overview of Key CPE/PBX Fraud Management Controls
 
 2
© AssuringBusiness – all rights reserved
Every business user of PBX, IVR, Voicemail and othertelecommunications equipment, products and services isexposed to telecoms fraud. There’s no need to wait for thebang. Take some immediate steps to control the risk; use thisguide and checklist to start and defuse the problem…
Problem Snapshot
Many businesses utilise telecoms equipment fortheir offices and customer contact channels, suchas PBX/PABX (Private Branch Exchange), Voicemailand Interactive Voice Response (IVR) systems;collectively CPE (Customer Premises Equipment) asit’s known in the telecoms industry.But many do not realise how these systems mightexpose them to significant losses from telecomsfraud. Fraud attacks can affect all enterprises;corporates, government and SME…in fact anyonewho utilises CPE/PBX, even home-basedconsumers. Direct costs typically run from US $10kto $100k, but can run to millions of dollars on asingle major attack.The really scary part is that, in most cases, theuser will be liable for the charges incurred;CPE/PBX users are generally held responsible for itssecurity and operation. These charges are hugewhen including fraud, and you’ll be lucky to getany waiver from your telecoms service provider.In the main, CPE/PBX frauds focus on traffickingillicit international or premium rate calls. Butdepending on the nature of the attack, the directlosses are not the only issue. Often an attack cancause business operations to grind to a halt,affecting sales and revenues. Or customers may beturned away because of IVR or voicemail hacking.There are many attack variants each with differentimpacts. Go towww.assuringbusiness.com and follow the links to
CPE Fraud Business Impact
formore detailed information of how your businessmight be attacked and affected.
This Guide & Checklist
 This document provides a very brief overview ofsome risk management steps to consider, and achecklist to help steer the way. However, it’simportant to know that every business environmentis different and so this document is merely a high-level guide to cover some of the commonchallenges and management opportunities. Everybusiness should examine its own specific risks andcontrol opportunities in detail to arrive at a planthat tackles their specific issues comprehensively.Businesses need to be informed of their risks, andactive in their risk management practices. Failureto review, plan and act on such risks can lead tosignificant economic loss, and the possibility ofcritical business disruption. Why take the risk?AssuringBusiness is here to guide and advise in allof your CPE/PBX fraud management activities, andprovide the tools to help. Drop us a line atask@assuringbusiness.comif you’d like a littlemore information on what we can do to help youdiffuse the problem.Dean SmithCEO, AssuringBusiness
Partnering in Profitability
 
 
 3
© AssuringBusiness – all rights reserved
Failure to act proactively to prevent, detect andmanage telecoms fraud can have a devastatingeconomic and operational effect.
CPE Fraud Management: Six Key Steps
1.
Review access security protocols.
Request information from the CPE supplier and/ormaintainer regarding the exact nature of security protocols deployed on the CPE/PBX,ensuring that common or easily guessed access credentials are NOT used on any channel.The business should determine whether the nature of access controls are consistent withtheir own security policies or expectations. Ideally, multi-authentication access controlsshould be deployed incorporating some form of one-time password token.2.
Configure the CPE/PBX to reduce risk.
Work with the telecoms manager and systemmaintainer to review and deploy sensible CPE configurations and options to limit risk.Consider what features the business really needs and the nature of user interfacecontrols such as PINs. Continuously review and audit this configuration to identifychanges that may present a risk.3.
Monitor usage, or seek protection.
Investigate fraud and usage monitoring options onthe CPE itself (e.g. utilising the call records and logs generated by CPE). But also checkwith the network operator/service provider – they may offer a fraud protection service,or may consider introducing one if demand is sufficient. Businesses may also considercreating their own fraud control software if they have access to the appropriate data.4.
Deploy specialist anti-fraud tools.
Consider the deployment of special fraud controlplatforms as an adjunct to the CPE, ideally to prevent fraud opportunities, or utilizing acall-accounting package that provides fraud monitoring reports. These tools take manyforms and may be available via the CPE provider or direct from specialist vendors.5.
Understand liability.
Check terms and conditions of service and supply in all aspects ofthe telecoms environment (hardware, connectivity, usage etc.) to determine liability forissues should they occur. Businesses should be aware of the risks and these may betracked in their enterprise risk management or Business Assurance plan.6.
Review telecoms service billing.
Check all service bills thoroughly to determinewhether the business has fallen victim to fraud (or other over-charging) that has notbeen detected. Pay particular attention to higher-cost services, or unusual service usagepatterns. Most network operators/service providers have standard processes formanaging enquiries or claims for fraud if the business believes it has been a victim.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->