International Dialing Policy
Purpose of this policy
The purpose of this document is to outline the rules that govern the International Call Service rendered to clients. We will
also, outline the reasons for certain protection measures that are in place to protect client interests.
The international calling service allows users of the iConnect enterprise VoIP solution to make calls to anywhere in the world, from both local and international sources. This service is unfortunately susceptible to various forms of abuse and fraud. The abuse takes the form of unauthorized use of the service to call international premium rated numbers. In this way, fraudsters and/or hackers make money from generating calls to these numbers thus receiving kickbacks.
This fraud is extremely difficult to prosecute due to the cross-border nature and poor regulations in many obscure countries. It is also often difficult to identify the original source of the fraud due to the masking and VPN techniques used by perpetrators.
In order to protect our customers, the following rules apply. Most of these rules are industry best practices and don’t only apply to iConnect.
- The default setting for new customers is for international calls to be completely barred. Many clients using the VoIP services do not require international calling and this is the most effective prevention method.
- Clients who require international dialing can log a request with the support desk via email. This email will provide a record of the request and the client is aware of the risks involved. The request needs to be for only specific countries. This greatly limits the surface area of attack. Most customers only do business in selected countries and it removes the risk of fraudulent calls going to other unknown countries.
- All customers will have a feature that scans all dialed international numbers if the same number is dialed more than 10 times in a 30minute window a security protocol will initiate similar to CAPTCHA. First, the security protocol will read out a unique code via voice prompt and ask the user to input the unique code in order to complete the dial-out process. If the code is not entered or if its pressed incorrectly the call attempt will fail.
- Clients who Need all international destinations opened can do so by justifying why they need it. Also via email to the support desk. Examples would be travel agencies, bed, and breakfasts, etc. Internally this requires an additional step of approval by Core networks.
- A general blacklist of high-risk destinations will always apply. If ever it is found a call is blocked by the blacklist – the specific number can be logged to the support desk to open up.
- It is also possible to only allow specific phones to make international calls – this provides a great method to reduce the risk of fraud.
Everyday new and creative vulnerabilities are found in networking systems. Hackers and malicious parties will always try to exploit these vulnerabilities for personal gain. iConnect will continuously work towards finding and securing any such vulnerabilities.
iConnect deploys a number of additional protection mechanisms to ensure the most secure service for our clients. Some examples of these are:
- The above international barring facility & Policy. Strict procedures internally to adhere to the above.
- Voice and data network segregation and firewalling – making it much more difficult to compromise devices.
- Standardised system deployments with auto-provisioning – practically eliminating the potential for human error.
- Network scanners for rogue and potentially unsafe devices on the networks and LAN within reach.
- Default credential checkers and scanners for approved devices.
- Pre-approval of devices to ensure the correct security measures are possible.
- Various trending and monitoring scripts that autoblock suspicious traffic. For example, if a customer account suddenly makes several international calls at three in the morning, those numbers will be barred automatically.
- And more Protocol layer protection on IP and SIP headers etc.
Surface area of attack, what is it?
Firewalling and Barring help reduce the surface area of attacks. Malicious users will try to make calls to destinations that are not commonly used. In basic security principles, you block everything and only open what you need (ports or countries to dial). In other words, doing the default blocking and only opening what is required greatly reduces the chances of a successful attack.
Networking and Telephony security are ever-evolving and nothing is 100% guaranteed. Even smartphones get hacked and fraudulent calls get made. That being said, iConnect has put various layers of protection in place to ensure our customers can easily use the services they need – and be safe from fraud at the same time. iConnect has successfully eliminated all incidents where customers adhere to the required policies as above.