Preventing Fraudulent Use

When access to a dial tone is established, whether that dial tone is authorized or unauthorized, subscribers are able to dial a Trunk Access Code (TAC), Feature Access Code (FAC), or extension number. If the proper security has not been administered on the system, subscribers have the ability to make fraudulent long-distance calls.

The occurrence of fraudulent calls can be minimized by setting restrictions on the Intuity AUDIX system. These restrictions can be administered on the applicable Intuity AUDIX feature or on itself.

Intuity AUDIX Administration

To minimize the risk of unauthorized use, you can administer restrictions on the Intuity AUDIX system. The following features can be administered to restrict unauthorized calls:

• Basic Call Transfer
• Enhanced Call Transfer
• Controlled Transfer out of AUDIX

In addition to administering these features, additional security restrictions can be set on the Automated Attendant Security.

Basic Call Transfer

Basic Call Transfer allows a caller to dial any number, providing the number of digits matches the length of a valid extension. If a caller dials the first digits of a valid long-distance telephone number, the AUDIX system passes the digits on to the switch. For example, if a caller dials 91809, (where 9 is the access code, 1 is the long-distance code, and 809 is the area code), the Intuity AUDIX system validates these numbers and passes them on to the appropriate switch. The caller then enters the remaining digits of the telephone number to complete the call. There is no security mechanism to verify if the use of the system is authorized or unauthorized.

However, if you restrict calls so that they can only be transferred to administered subscribers, a caller cannot initiate a transfer to an off-premises destination unless the digits entered match an administered subscriber's mailbox identifier (for example, 91809). When setting the "subscriber" restriction, do not administer mailboxes that start with the same digits as a valid switch trunk access code. See Security Overview: Basic Call Transfer for additional information on administering Basic Call Transfer.

Enhanced Call Transfer

Enhanced Call Transfer allows compatible switches to transfer messages digitally over a data link. Subscribers who are administered with Enhanced Call Transfer can transfer calls only to other extensions in the switch dial plan. When using Enhanced Call Transfer, Intuity AUDIX verifies that the digits entered are the same as the digits administered on the Intuity AUDIX system. In addition, with Enhanced Call Transfer, the Intuity AUDIX system verifies that the digits entered match the extension number for an administered subscriber. Using Enhanced Call Transfer to verify and validate transferred calls reduces fraudulent use significantly. See Security Overview: Enhanced Call Transfer for additional information on administering Enhanced Call Transfer.

Controlled Transfer out of AUDIX

Most unauthorized long distance call attempts occur as a caller attempts to transfer out of the Intuity AUDIX system. You can control call transfers out of the Intuity AUDIX by administering the system to limit the numbers to which a caller can transfer. Intuity AUDIX provides two menus that allow you to administer call transfer restrictions. They are the Allowed Numbers Menu and the Denied Numbers Menu.

Allowed Numbers Menu

Transfers a caller out of the Intuity AUDIX system only if the pattern of the number dialed corresponds to a pattern permitted on the Allowed Numbers menu. If the number corresponds, the Intuity AUDIX system initiates the transfer.

You should restrict such transfers as described under Controlling Call Transfers. Using this menu system, you can specify extensions to which a caller can or cannot transfer a call.

Denied Numbers Menu

Callers can not transfer to extensions expressly denied on the Denied Numbers menu. For example, you can restrict call transfer to extensions beginning with 9 if dialing this number results in access to an outside line.

If a caller requests a transfer to a valid extension, the switch completes the transfer, disconnects the Intuity AUDIX system, and sends a "disconnect — successful transfer" message to the system. If the extension is not valid, the switch leaves the system connected to the caller and sends a "fail" message to the Intuity AUDIX system. Then the system plays an error message to the caller and prompts for further activity.

Transfer Restriction —
System-Parameters Features Screen

A method of setting transfer restrictions is to activate Call Transfer on the System-Parameters Features screen. If this feature is activated to allow * T transfers, the risk of toll fraud attempts can be minimized by:

• Administering permitted and denied numbers as described in Basic Messaging: Controlling Call Transfers. In this case, if the pattern of the number dialed corresponds to a pattern permitted on the Transfer Security menu system, and if that number is a valid extension number for an administered subscriber (either local or remote), transfer is allowed.
• Setting the Transfer Restriction field on the System-Parameters Features screen to subscribers.


 


Note: If the Transfer Restriction field is set to digits, the option does not minimize toll fraud. This option is administered by Avaya Technologies only as a special service to customers wanting the digits option.

Restricting call transfers to administered subscribers using the Transfer Restriction field is more secure than using the Denied Numbers menu. It virtually eliminates the fraudulent use of call transfer since the Intuity AUDIX system can verify that the specified destination is a permitted number. If digits are specified, on the other hand, the caller might find a way to access the switch and use switch features and functions to complete fraudulent long-distance calls.

 

If you assign nonresident subscribers extension numbers that start with the same digit or digits as switch trunk access codes (such as 9), you must carefully administer the restrictions using the Transfer Restriction field. (Nonresident subscribers are subscribers with a mailbox but no telephone on the switch.)

Automated Attendant Security

Automated attendants are used by many companies to augment or replace a switchboard operator. When using automated attendants, incoming calls are received and sent to a switch. From this switch, the call is routed to the appropriate destination based on signals received from the automated attendant. If the switch is not properly administered, unauthorized toll calls can be completed at the expense of the owner of the switch.

For example, in some switches, 9 is used to access a dial tone. When asked to enter an extension, the unauthorized subscriber can enter the digits 9180. If the system is not properly administered, the automated attendant passes the call back to the switch. The switch reacts to 9 as a request for a dial tone. The digits 180 become the first numbers of a 1809 call to the Dominican Republic. In another example, when dialing the digits 9011, 9 is used to access a dial tone and, the digits 011 become the first digits of an international call. The unauthorized subscriber then enters the remaining digits of the telephone number, and the call is completed. This scenario works the same way with a voice mail system.

Before you set up an automated attendant, restrict transfer out of the Intuity AUDIX system as described under Basic Messaging: Controlling Call Transfers.

Switch Administration

To minimize the risk of unauthorized use of the voice messaging system or automated attendant system, you can administer restrictions using the following methods:

• Assigning a low facilities restriction level (FRL)
• Restricting toll areas
• Blocking subscriber use of trunk access codes
• Creating restricted number lists
• Creating disallowed number lists
• Creating allowed number lists

See Security Overview: Switch Administration for detailed information pertaining to administering your switches.

http://www.avaya.com Avaya UCS Information Development