Hero Fraud Control and Prevention

2020-07-29 02:29

Fraud is a major problem affected the VOIP market and at Hero we take fraud very seriously and have many techniques and options available to customers to mitigate and avoid fraud affecting their devices and accounts which are summarised below.

Connectivity Control

  • Hero have 'NAT' handling techniques which mean that VOIP clients and SIP trunks can operate behind routers and firewalls without the need for setting up 'port forwarding' on customer network devices.  We never recommend that users do port forwarding rules as this can expose their VOIP device to the public internet  and it will be only a matter of time before hackers are attacking your systems and looking for ways to compromise your systems.  If you think you need port forwarding in place for your VOIP device to work then please speak to our Team first as it is likely that you don't need to do this and there will be a better solution.
  • You can also run a SIP trunk to Hero using a 'Registered SIP trunk' meaning that you do not need to setup 'SIP peering' to IP addresses etc.  Almost all PBX systems today can operate in registration mode and do not need static IP peering to work
  • Hero support 'TLS' to encrypt all SIP traffic to our platforms.  We recommend using TLS on your VOIP device or PBX if this is supported as this will encrypt all communications including authentication information with our systems.  Encrypting the SIP traffic also stops 'SIP ALG (Application Layer Gateways)' and other firewall features from 'interfering' with the SIP traffic - and more often than not messing things up for your VOIP traffic.  If TLS is support for your SIP transport then enable it!
  • Hero also support SRTP (Secure RTP) if you also wish to encrypt all of your voice data as well - not all devices support this but it's recommended that you enable this if possible as well to encyrpt all of your VOIP data
  • Hero have 'Access Control Lists' available to customers in the 'Profiles' section of our web portal which allow customers to 'lock down' which IP addresses or subnets are permitted to connect to our network on their account.  If the customer has a static IP address and VOIP devices that do not 'move around' the internet - then we recommend that an access control list is applied to the customers account 
  • Hero's VOIP platforms are under attack 24x7 by hackers so we have many techniques to block attacks within a matter of seconds on our own platforms.  If we see password hacking attacks or 'known' patterns of logins to our systems coming from SIP hacking tools we can immediately block all traffic from those IP addresses.  Our systems block hundreds of such attacks every week to keep customer accounts safe.
  • All of Hero's applications and phones will automatically come pre-configure to use secure encrypted traffic to our network.  Our Microsoft Teams SBC platforms are also only permitted to talk to Microsoft's SBCs world-wide and traffic is not permitted from any other sources.
  • Hero keep on top of security vulnerabilities with our Operating Systems and Platforms so any vulnerable software is patched immediately if this was to become a potential risk to our platforms

Call Analysis

  • Hero have smart heuristics to monitor calling activity on all of our customer's accounts and if we see unusual calling behaviour on an account then we will put a temporary block on overseas calling until the issue is investigated and resolved.  
  • Hero also categorise countries into different risk bands and apply rules to control the amount of calls that are allowed to those destinations on a per hour and daily basis - the number of 'acceptable' calls to a destination will depend largely on the risk level of that destination.  We also look at historical data for customer accounts to see what is 'normal calling behaviour'.
  • Our systems are running 24 hours a day and ready within seconds to block unusual calling behaviour on an account - so regardless of whether the activity occurs in the middle of the night our systems will pick up the activity and put protections in place to block those calls.
  • Hero also maintain a list of 'Blacklisted' destinations and prefixes which are well known to be used by hackers - so these calls will never be allowed through the network.  We also block incoming calls from known numbers and ranges that have historically been used by hackers
  • Hero also look at the source of attacks and can apply different rules for example if the calls originate from outside New Zealand and Australia and apply a higher 'risk' factor to those connections.

Call Control

  • Hero customers have several options available on their accounts to control the type of calls that can be made on their account.  Firstly customers can apply PIN codes to their outgoing calls so that a PIN is required before making a call to that destination.  The user can choose to apply a PIN to:
    • All Calls
    • All Toll Calls
    • All overseas calls
    • All overseas calls except for Australia
    • All overseas calls to 'expensive' destinations
  • Users can also choose to simply block all overseas calls on their account or all 'expensive' overseas calls (typically over 30 cents per minute)
  • Users can also apply 'Access Control Lists' to their profile so that calls can only be made from specific IP addresses or subnets

Call Spend Control

  • Hero Retail customers operate on a prepaid basis - so once there is no money on the account then calls will not be allowed to proceed.  This provides a good barrier to fraud automatically as the fraud will be cut off quickly if funds are not available on the account.
  • Hero customers can apply 'maximum topup amounts' and 'maximum weekly topup amounts' to their auto topup settings so this will limit the amount that can be spent on calls on any account as well
  • Hero also apply (by default) an hourly and daily spend limit on ALL of our accounts so if an account exceeds a certain amount of spend in a given hour or day we will automatically cut off further spending on the account.  This limits any damage related to a fraud attack on a customer's systems.

If you have any further questions about our security and fraud prevention strategies then please contact the Support Team with your questions.

Average rating: 5 (1 Vote)

You cannot comment on this entry