PBX hacking makes comeback

When starting my career in the telecom fraud arena 12 years ago around mid-2000, PBX hacking was one of the first fraud types I learned about.
It was mysterious, and had a James Bond quality about it…"They would call late at night… use several codes to hack in… call continuously for hours to a destination far away, on an island…"
Indeed, it was just like in all the action movies.
Fast forward to the present, over a decade later, and PBX hacking is here again - big time! How did that happen?
PBX's of all shapes and sizes have been sold in the millions over the past years. PBX’s are an attractive product sold not only to large corporate companies, but also to SOHO (Small Office Home Office) companies and even private residents.
This fact has not gone unnoticed by fraudsters and hackers around the world who are constantly on the look-out for new, creative and original methods to increase their revenues.
In a market where competition is fierce, reputations are everything and customers have no qualms about switching from one operator to another, PBX hacking has become a plague and a huge headache for carriers and, more specifically, fraud managers.
Just last year, the Communications Fraud Control Association (CFCA) ranked PBX hacking as the number one fraud type globally, inflicting over $4.5 billion (€3.4 billion) in damages every year. This is partly due to the shifting trends of telecom service provision.
In the past two to three years more and more operators, both fixed line and mobile, have shifted towards what is commonly known as "unlimited plans". Simply put – customers pay a small monthly fee and get unlimited usage of both calls and SMS, often even international calls.
This is a revolution in the Telco arena and also a "game changer" for fraud management. If everything is unlimited and everyone has unlimited call volumes, how will fraud managers be able to convince management that they must continue their constant hunt for fraudsters? I mean, if everything is unlimited, what's the point of seeking out "abnormal" behavior?
It’s a major dilemma that fraud officers face today, many of whom have approached me for advice on this issue over the past two years.
"How can we stay important and essential in the organization? How can we become innovative enough to stay relevant?" These are the questions fraud managers have been asking. And this brings us back to the PBX hacking phenomena.
CSPs, PBX owners and fraud managers are still annoyed at the state of PBX hacking. Customers are complaining and churn is becoming a major factor. So, why not create a mechanism for CSPs that will detect PBX hacking and post alerts, and offer it to the PBX owners themselves as a service?
Yes, CSP fraud prevention units are capable of being transformed from preventive and investigative units into revenue generating ones. They are capable of contributing more to the company's offering and bottom line which is what management really cares about these days!
This is the latest trend and future of PBX and enterprise fraud. Tier-1 and Tier-2 mobile operators will be able to sell fraud prevention services directly to their enterprise customers, giving them the ability generate revenue while allowing PBX owners to monitor their own call activity in real-time.
Fraud units that used to only detect and investigate, often operating secretively, can be transformed into departments that are totally integrated with the corporation to fight the competition, create differentiators and generate revenues.
Tal Eisner is the Senior Director of Product Strategy at cVidya networks and a communications fraud specialist. He has been working in the telecom fraud sector for over 12 years at the largest telecom providers in Israel. In 2012 Tal was appointed as Co-chairperson of TM Forum's Fraud Management Group.