Orcon blocks calls in bid to combat fraud
Orcon has begun blocking all calls made by its 60,000 phone customers to 28 countries, including Serbia, Morocco and Nigeria.
The Auckland-based telecommunications firm took the unprecedented step after fraudsters broke into the phone systems (PABXs) of three of its business customers and racked up $35,000 of calls during a single weekend last month.
Customers who attempt to call numbers in any of the blacklisted countries will hear an engaged tone, though that will soon be swapped for a recorded message explaining the block.
Orcon customers can call the company to get individual numbers in those countries "whitelisted" (unblocked). The 28 countries mostly comprise exotic, rarely called destinations in Africa and eastern Europe.
Wholesale and regulatory manager David Clarke estimated Orcon had lost $100,000 to PABX frauds since Christmas and decided "enough was enough" after the triple-whammy on the weekend of October 5.
"They hit some very small businesses for whom that would have been devastating," Clarke said.
Orcon had decided to let the three businesses off the bills run up by the fraudsters, although it was not obliged to do so, he said.
"Businesses need to be aware this stuff can bite them and their carrier is not necessarily going to help them out. I am sick of tons of money going offshore."
PABX fraud has been a bane on the industry for more than 20 years and can affect any telecommunications firm. It last hit the headlines in 2010 when a phone system belonging to a TelstraClear customer was hacked and used to rack up calls worth $30,000.
The Telecommunications Industry Group, whose members included Telecom and Vodafone, estimated then that annual losses amounted to hundreds of thousands of dollars.
Although it is usually businesses that are affected, in one case a child downloaded PABX software to his family's computer and was scammed out of $5000. Clarke said Orcon had decided to block calls from homes as well as businesses to the blacklisted countries to be on the safe side.
Only about 40 customers had contacted Orcon asking it to "whitelist" numbers in the blocked countries, Clarke said. That was not unexpected as calls
to the 28 countries were expensive, costing up to $20 a minute, so most people used Skype or calling cards instead, he said.
Telecom spokesman Richard Llewellyn said PABX frauds were an "industry-wide issue" but it did not plan to follow Orcon's lead.
Telecom had put up information on its website explaining how customers could reduce the chances of having their phone systems hacked and encouraging them to manage the risks, he said.
Chris Hails, a consultant at cyber-security organisation NetSafe, said it had not been aware of any recent spike in PABX frauds but it endorsed Orcon's approach.
"We are always keen when a company acts off its own bat to protect its customers," he said.
Clarke said PABX fraud could be easily avoided if companies ensured their phone systems were installed with a proper Pin number.
The fraud usually occurs because companies have failed to change the default Pin number supplied with their PABX, which is commonly set as "0000" or "1234".
The criminals carrying out the frauds could be anywhere in world but Clarke estimated about three-quarters of the frauds were done from India and many of the remainder from China. "I have been approached by half-a-dozen Indian companies in the past couple of years wanting support to perpetrate fraud," he said.
The 28 countries Orcon had blacklisted were those where high fees apply to terminate phone calls, and not necessarily the countries where frauds were ultimately being run from.
It only costs about a cent-a-minute to terminate calls in most western countries, which meant fraudsters had little to gain from using hacked PABXs to route calls to common destinations, Clarke said.
Telecommunications companies in Europe are bandying together to tackle the problem by refusing to pay "termination fees" on fraudulent calls to phone companies in the countries blacklisted by Orcon, which would in turn mean fraudsters would not be paid.
But Clarke said New Zealand operators lacked the clout to take that approach.
- © Fairfax NZ News