long distance – POTs and PANs

We have gotten so used to the cost of long distance calls dropping in the US that many people don’t realize that it is still very expensive to call some other places in the world.

In the US we are now used to unlimited long distance plans, and so most of us don’t think about the cost of long distance. We all still pay for it—for example, that’s one of the costs built into your cellphone bill. I imagine that there are younger people who have no appreciation that we were once very careful about making long distance calls.

I remember in the early 80s when AT&T announced a ‘reduced’ long distance plan that had a flat rate of 12 cents per minute. Before that plan, costs varied by distance called and it was not unusual to call some places in the US that were as much as 50 cents per minute. Long distance rates also varied by time of day and people would wait until midnight to call relatives to get the nighttime rates.

But over the years the FCC has deliberately taken steps to reduce long distance rates since they figured that might be the one thing they could do that would most boost the US economy. And it worked.

At the same time that the US made a deliberate effort to reduce costs many other countries did the same. Thirty years ago it was almost universally expensive to call other countries. Part of this was due to lack of facilities; there were only a few trans-oceanic cables that were capable of carrying voice – and they were generally full all of the time with calls. But today it’s almost as cheap to call places like Canada and a lot of Europe as it is to call in the US. And there are now many calling plans that include a number of foreign countries.

But this is not true everywhere. There are still a lot of places around the world that are very expensive to call. The rates I quote are from Comcast’s latest international long distance rates, but the rates charged by others carriers are similar. Even today it costs $2.90 per minute to call Afghanistan. A few years ago that was over $5 per minute. Surprisingly, it’s less than half that rate at $1.20 per minute to call Antarctica.

It costs a lot more in general to call islands. Most of the Caribbean is between $0.40 and $1.20 per minute (although the US Virgin Islands are at US rates). The pacific islands in Micronesia are generally around $1 per minute.

In general there are two reasons why rates are so high in some places. For some islands, the cost of the calling reflects the expensive cost of the facilities needed to complete the calls. Such calls these days are often completed over satellite since there are still places not connected to the world by undersea fibers. But the other big cost component is government tariff rates, charged as a moneymaker for the local governments. This is why you see calls to North Korea costing $3.28 per minute, calls to Laos costing $2.43, and calls to Myanmar costing $2.17.

In most cases these expensive rates are bypassed using voice over IP across the Internet, and so people that live in places with expensive rates usually bypass those costs and use the Internet to talk to family overseas. In many countries that is a risk and you can be prosecuted for bypassing the tariff rates. I remember when VoIP was new there were entrepreneurs in Jamaica who set up calling over the Internet and then dumped the calls into the local network. It seemed that the Jamaican government would arrest a few VoIP vendors every week, but new ones always sprung up to take their places. Now only the most repressive countries still try to police this while most have bowed to the reality of VoIP.

I remember working with many clients in the 70s and 80s and one thing I always looked at was their long distance revenues. Even the smallest telcos would have a few residential customers that made over $1,000 per month in long distance calls and many others who spent hundreds of dollars per month. I remember when parents would groan if one of their kids got a boyfriend or girlfriend who was long distance. We’ve come a long way from those days, and unless you have a reason to call a handful of expensive countries or islands a lot, long distance is now one of those things that you don’t give a second thought about.

I’ve been helping clients get into and stay in the long distance business since the 80’s when long distance was a new line of business for many telcos. I remember when the industry was new that it was a challenge. If you were a rural LEC you had to convince the RBOC who owned the regional tandem switch to help you set up a trunk group to get to a long distance company. And they were reluctant and slow to respond. So a company had to fight to get into the long distance business.

But over time it got easier and fairly routine and most rural telephone companies added long distance as a product line. It worked pretty well until the time in the early 90’s when calling cards became the rage and customers all wanted them. With a calling card a customer could make a long distance call from any other phone and bill it to their own home phone number.

So companies in the long distance business started giving out calling cards, and eventually they gave a calling card to every customer. This generated a lot of new traffic, and since this was back in the day when it still was not unusual to pay 10¢ to 15¢ per minute for long distance it also drove a lot of new revenue. But within a few years after calling cards were introduced calling card fraud followed. Calling card fraud was pretty straight forward. There were people who would try to find a valid calling card number that they would then send to places like the Middle East where street vendors would hawk cheap minutes. And dozens or even hundreds of people would use the calling card until somebody figured out that fraud was going on and cut off the card.

When the fraud first started the losses got huge because nobody was looking for it. But over time the carriers that sold the long distance began monitoring for unusual usage and policies were established such as making the cards only good for domestic calling, and over time the big calling card fraud got under control, but never quite stopped.

Over the years since then I have run across cases of fraud, but it has been a random thing here and there and not widespread like the calling card fraud had once been. The companies that sold wholesale long distance got more sophisticated and monitored usage closely and for the most part the industry stopped worrying about fraud.

But recently I have seen cases of significant fraud happening again to my clients. Within recent months I have had two clients hit for over $25,000 in fraud in a single month, which in both cases was as much as they had been paying for wholesale long distance for most of a year. So for these companies this was a really big deal and it effectively doubled their cost of buying long distance for the year.

And both of these companies were buying long distance from ‘big name’ carriers and not from some small VoIP provider. I must tell you that I was surprised. Not surprised that fraud could still happen, but surprised that the big company selling the long distance did not have a fraud monitoring process in place to stop it. It’s not that hard to monitor for fraud at the large carrier level. If they process the long distance in real-time it is not hard to set some flags to look for unusual usage. When my clients decided to buy wholesale long distance from these vendors they were assured that those carriers had fraud monitoring. It turns out to not to be true.

The fraud in both of these cases was allowed due to faulty connections between my clients and their customer. In one case if was my client’s own connection that was not secure. They had installed an IAD (Integrated Access Device) at a business customer in order to supply voice and data from their fiber connection. The IAD was not properly configured and had very weak passwords and was not configured to only accept commands from my client.

The second case was similar in that another client had a connection to a customer PBX. And of course, being a full service provider, they made the connection for the customer to his PBX. As it turns out there was a backdoor connection available into the PBX into the internet, which means that the PBX could have a connection from somewhere other than my client.

Neither of those problems automatically leads to fraud, but there is a new set of bad guys in the world. They use computer worms to test against millions of phone numbers looking for phone numbers connected to PBXs or IADs. Once they find such a device they use normal hacking techniques like cracking easy passwords to gain access to the device. They then sell calling in the same way as was done in the old days of calling card fraud. In one of these cases the calling went to the Middle East and in the other went to INTELSAT calling to satellite phones – both very expensive calling. My suspicion is that these bad guys are not selling these minutes on the street like in the past, but instead hawking cheap minutes to International VoIP minute sellers who have no idea where these minutes come from.

Certainly my clients had some liability in their loss since they contributed to the customer connection being made in an insecure manner. But they also ought to be able to rely on their underlying long distance provider to protect them against a flurry of suspicious calls. The biggest worry about this new kind of fraud is that it pumps a large volume of calling to expensive places in a short period of time. So it can cost a telco a large amount of money in a hurry.

So my caution to companies that sell long distance is to beware. It has been a while since fraud was of this level of concern, but it’s back again. There are two steps you can take to protect yourself. First, make absolutely certain that the company you are buying long distance from has good fraud detection and policies. You want a carrier who will not only find the fraud but who will cut off the calling before they even contact you. But second, the responsibility rests with you to use good network practices to make sure it is hard for somebody to hack the connections to your customers. If you want to know more about how to protect yourself contact Derrel Duplechin of CCG at (337) 654-7490.

Share this:

Share this: