Long Distance Fraud Again – Really?

I’ve been helping clients get into and stay in the long distance business since the 80’s when long distance was a new line of business for many telcos. I remember when the industry was new that it was a challenge. If you were a rural LEC you had to convince the RBOC who owned the regional tandem switch to help you set up a trunk group to get to a long distance company. And they were reluctant and slow to respond. So a company had to fight to get into the long distance business.

But over time it got easier and fairly routine and most rural telephone companies added long distance as a product line. It worked pretty well until the time in the early 90’s when calling cards became the rage and customers all wanted them. With a calling card a customer could make a long distance call from any other phone and bill it to their own home phone number.

So companies in the long distance business started giving out calling cards, and eventually they gave a calling card to every customer. This generated a lot of new traffic, and since this was back in the day when it still was not unusual to pay 10¢ to 15¢ per minute for long distance it also drove a lot of new revenue. But within a few years after calling cards were introduced calling card fraud followed. Calling card fraud was pretty straight forward. There were people who would try to find a valid calling card number that they would then send to places like the Middle East where street vendors would hawk cheap minutes. And dozens or even hundreds of people would use the calling card until somebody figured out that fraud was going on and cut off the card.

When the fraud first started the losses got huge because nobody was looking for it. But over time the carriers that sold the long distance began monitoring for unusual usage and policies were established such as making the cards only good for domestic calling, and over time the big calling card fraud got under control, but never quite stopped.

Over the years since then I have run across cases of fraud, but it has been a random thing here and there and not widespread like the calling card fraud had once been. The companies that sold wholesale long distance got more sophisticated and monitored usage closely and for the most part the industry stopped worrying about fraud.

But recently I have seen cases of significant fraud happening again to my clients. Within recent months I have had two clients hit for over $25,000 in fraud in a single month, which in both cases was as much as they had been paying for wholesale long distance for most of a year. So for these companies this was a really big deal and it effectively doubled their cost of buying long distance for the year.

And both of these companies were buying long distance from ‘big name’ carriers and not from some small VoIP provider. I must tell you that I was surprised. Not surprised that fraud could still happen, but surprised that the big company selling the long distance did not have a fraud monitoring process in place to stop it. It’s not that hard to monitor for fraud at the large carrier level. If they process the long distance in real-time it is not hard to set some flags to look for unusual usage. When my clients decided to buy wholesale long distance from these vendors they were assured that those carriers had fraud monitoring. It turns out to not to be true.

The fraud in both of these cases was allowed due to faulty connections between my clients and their customer. In one case if was my client’s own connection that was not secure. They had installed an IAD (Integrated Access Device) at a business customer in order to supply voice and data from their fiber connection. The IAD was not properly configured and had very weak passwords and was not configured to only accept commands from my client.

The second case was similar in that another client had a connection to a customer PBX. And of course, being a full service provider, they made the connection for the customer to his PBX. As it turns out there was a backdoor connection available into the PBX into the internet, which means that the PBX could have a connection from somewhere other than my client.

Neither of those problems automatically leads to fraud, but there is a new set of bad guys in the world. They use computer worms to test against millions of phone numbers looking for phone numbers connected to PBXs or IADs. Once they find such a device they use normal hacking techniques like cracking easy passwords to gain access to the device. They then sell calling in the same way as was done in the old days of calling card fraud. In one of these cases the calling went to the Middle East and in the other went to INTELSAT calling to satellite phones – both very expensive calling. My suspicion is that these bad guys are not selling these minutes on the street like in the past, but instead hawking cheap minutes to International VoIP minute sellers who have no idea where these minutes come from.

Certainly my clients had some liability in their loss since they contributed to the customer connection being made in an insecure manner. But they also ought to be able to rely on their underlying long distance provider to protect them against a flurry of suspicious calls. The biggest worry about this new kind of fraud is that it pumps a large volume of calling to expensive places in a short period of time. So it can cost a telco a large amount of money in a hurry.

So my caution to companies that sell long distance is to beware. It has been a while since fraud was of this level of concern, but it’s back again. There are two steps you can take to protect yourself. First, make absolutely certain that the company you are buying long distance from has good fraud detection and policies. You want a carrier who will not only find the fraud but who will cut off the calling before they even contact you. But second, the responsibility rests with you to use good network practices to make sure it is hard for somebody to hack the connections to your customers. If you want to know more about how to protect yourself contact Derrel Duplechin of CCG at (337) 654-7490.

Open Access: Europe versus the US

Europe - Satellite image - PlanetObserver

When cities build fiber networks in the US, one question they always ask is if they can make their system open access. By this, they mean that they want to build a fiber network, but they prefer not to be in the telecom business and instead would prefer to attract multiple providers to the network to use the fiber and compete for customers. The cities just want big bandwidth for their citizens and most cities would prefer to not compete in the telecom business.

Open Access works well in Europe but has been a failure in the US. Why does it work there and not work here? The main reason it works in Europe is that a number of high-quality service providers are willing to use somebody else’s network, especially a fiber network, to provide service. In Europe ISPs are willing to compete side-by-side with other ISPs even though there is no inherent advantage of one service provider versus another when they are all on the same network.

A perfect example of a European open access network that attracted competition is the one built in Amsterdam. Much of the basic infrastructure has been built by the City, although there have been some private partners recently building some additions to the network. But all parts of the network are fully open access. There are thirteen major service providers offering services on the Amsterdam fiber network – Canal Digitaal, Concepts, KPN, Fype, Online NL, Ligbrandt, Scarlet, Tele2, Telfort, UPC, Vodafone, XS4ALL, and Ziggo. In addition there are around 25 other ISPs who serve smaller niches of customers, often with specialty products such as medical monitoring or small business service.

A few of these service providers are large incumbent providers that had monopolies in their own countries before the formation of the European Union. For example, KPN is the incumbent provider for the Netherlands. Vodafone was an incumbent provider in Germany.

It’s easy to contrast this with the US. There have been a number of cities that have built open access networks in the US and who then tried to lure ISPs to serve in the networks. Some of the open access networks include Tacoma, Provo, Utopia (small towns in Utah), Chelan PUD and a number of other smaller PUDs in Washington state. In none of these cases did a large or incumbent cable provider or telephone company agree to bring service to these fiber networks. In every case the cities that built the networks had to scramble to find local ISPs who were willing to tackle the business. And in almost all cases the Cities had to give a lot of help to these local ISPs in the early days to help them succeed. The ISPs that have operated on US open access networks are generally small, local and under-capitalized. None of the US competitors are of the size or strength of the competitors in Europe.

Why do the big telcos and cable companies in Europe step up and compete against each other while the ones in the US do not? On the European side of the equation, the competitive attitude goes back to the beginning of the European Union. The European Union built slowly since the early 1970’s, but it took on most of its current membership by the early 1990’s. In the mid-90’s there were various treaties signed which opened the borders between European nations, both physically and in terms of commerce. Before that time almost every European country had a monopoly telecom provider. But when the gates were opened to competition, a few of them crossed borders to compete and soon everybody jumped into the competitive fray.

But in the US I can’t find one example of an incumbent cable company competing against another incumbent cable provider. And the large telephone companies barely compete against each other. They fight hard for things like the contract to serve the US government, but overall they barely compete in each other’s territory. And even in most of the US where there are two providers, a telco and cable company, for the most part both parties charge high prices and do not compete heavily with each other. The system in the US is referred to in economic terms as an oligopoly, where a few large providers have divvied up the market to mutual benefit. While there is competition, it is nothing like the real competition seen in Europe.

But I must grant that it probably would be difficult for a large US telephone or cable company to provide service on somebody else’s network. These companies are highly decentralized and it often requires groups from many states to come together to provide service to a new customer. The processes used by the large incumbents are so specific to the way they do things on their network that it might just be too costly for them to modify those processes to serve on a different network.

But whatever the reasons, Europe enjoys tremendous competition for customers, particularly where somebody has built a fiber network. But in the US no such competition exists, other than in metro areas where CLECs still vigorously compete for large business customers in highrises.

Who is Going to Pay for the IP Network?

Peninsular Telephone Company

Peninsular Telephone Company (Photo credit: Nick Suan)

Small telcos and most CLECs are waiting to see what will come from the changes due to converting to an all IP network for telephony. Today the telephony voice network utilizes TDM (time division multiplexing) technology that was originally developed for copper but that has been upgraded to use fiber. But the FCC has said that this old network is going to have to be upgraded to all-IP, meaning that voice will be carried by Ethernet similar to the way that data is transmitted.

I don’t think anybody is arguing that this kind of shift makes sense. IP trunking is far more efficient in terms of carrying more calls in the same amount of bandwidth. And a lot of companies have already implemented some IP trunking.

The important issue for small telcos and CLECs is how this transition is going to change their costs. In order to understand the possible change, let’s look at how voice traffic gets to and from small telcos and CLECs today.

  • Independent telephone companies connect with larger companies and neighboring companies by physical interconnection at mutual meetpoints. Historically, most of the meetpoints are located at the physical border between two neighboring telephone companies with each company owning the fiber and electronics in their own territory. And each telco is responsible for the costs of their portion of the network. Historically local calls have been exchanged for free in both directions and there are access charges in place for all telcos to get paid by the long distance carriers for using their network and facilities for long distance calls.
  • The rules governing CLECs were established by the Telecommunications Act of 1996. This Act laid forth the basic rule that a CLEC can interconnect with a telco network at any technically feasible point. This idea was fought hard by the large telcos who wanted CLECs to bring traffic to their tandems (regional hub offices). Once a CLEC has established a meetpoint, then it works pretty much the same as normal telco interconnection in that both parties are responsible for costs on their side of the interconnection. Sometimes local calls are interchanged for a fee and sometimes they are free (called bill and keep) and this is negotiated. The CLECs also bill access charges for carrying long distance calls.

There are a number of ways that IP trunking could be implemented, and each of them has financial consequences for small telcos and CLECs:

  • The IP network could be built to mimic the current PSTN. The routes would be roughly the same but the rules of interconnection would stay the same. But with IP trunking the network would be more efficient.
  • The large telcos could establish regional hubs and expect everybody else to somehow get their traffic to those locations. This would be a radical change for small telcos who would have to build or lease fiber from their rural location to the nearest regional hub. For CLECs this would completely undo the rules established by the Telecommunications Act of 1996 and would put all of the cost to get to the hubs onto them.
  • In the most extreme IP network there would be only a few large hubs to cover the whole US. This would be the most efficient in terms of the hubs, but it would require all telcos and CLECs to spend a lot of money to get their voice traffic to and from the hub.

Since I have been working in the industry the RBOCs (now AT&T and Verizon) have tried several times to put the burden and the cost of transporting calls onto the small telcos. But regulators have always stepped in to stop this because they realize that it would greatly jack up the cost of doing business in rural areas. I certainly hope that as we move to a more efficient network that we don’t end up breaking a system that is working well.

The downside to any plan that shifts cost to small telcos is that the cost of providing local and long distance service will increase in rural areas. The consequence of changing the CLEC rules will be less competition. The current interconnection and compensation rules have served the country well. Every caller benefits by having affordable rates to call to and from rural areas. And there is no doubt that higher communications cost would be a major hindrance to creating and keeping jobs in rural areas.