funsec mailing list archives
Re: Sri Lanka to cut phone links to 13 countries to stop scams
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 31 Oct 2005 22:23:02 +1300
aborg () mca org mt wrote: <<snip>>
I work for a regulatory authority and we've had numerous debates as to who should be liable for this problem. On the one hand, there's the consumer with a huge bill that he is unable/unwilling to pay (rightly so). On the other hand there is the telco with the "any calls you make you have to pay for" clause in their user agreement. Both are unwilling to pay but IMHO, the telcos don't do enough to help prevent this problem.
In New Zealand (don't be fooled by the .uk Email address), the two major telcos have both (voluntarily, but after a deal of public outcry) implemented a form of "filtering" whereby they note any account without a previous history of making long DDI calls to certain "expensive" offshore locations known to commonly host these dialler hijackers' target numbers and they call the account holder within a day or so of the first such charges being rung up and ask if they knew they were making calls to whereever. If the answer is "no" I think that both telcos explain that such charges have been made, how and why it happens and then waive the existing charges _if_ the account holder accepts a total ban on outgoing (DDI) calls to those countries, at least until the customer calls back, says they have fixed their dialler problems and they want to lift the dialling ban -- after that, the customer accepts responsibility for further charges for (DDI) calls to those countries. The telcos also maintain lists of numbers that they are convinced (from their complaints dep'ts and the above call monitoring) are involved in such scams and simply blacklist those specific numbers for outgoing calls. Customers who really do want to call any of the "suspect" numbers can, I believe, request to be be whitelisted from _all_ such filtering/monitoring. With a total customer base of 3-4 million between them, this is probably a (just) manageable approach, but it may not scale well in larger markets...
Having a regulator impose such a remedy forces the telco to increase his costs (through the operator assisted calling to foreign countries) and therefore take a closer look at the problem.
Surely the telco simply passes along the increased costs of operator assistance? That is why operator-assisted calls are more expensive than DDI calls to the same place, isn't it? Or is NZ just odd in having different pricing rates for DDI and operator-assisted calls? If threatened with regulatory imposition of an outright DDI ban on calls to "suspect" countries, perhaps considering the NZ Telecom and TelstraClear (NZ) approach to such calls might be worthwhile. It won't impose extra cost on those who legitimately want to call those countries, and may even produce something of a "warm, fuzzy" for your customers if you seem to be proactively prtotecting them from themselves (sadly, something more and more folk seem to want more and more these days as "modern technology" forges ahead without so much as a thought for how stupidly bad so much of it is because of how easily abusable it is...). -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3267092 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Sri Lanka to cut phone links to 13 countries to stop scams Fergie (Oct 30)
- RE: Sri Lanka to cut phone links to 13 countries to stop scams Aditya Deshmukh (Oct 30)
- Re: Sri Lanka to cut phone links to 13 countries to stop scams aborg (Oct 31)
- Re: Sri Lanka to cut phone links to 13 countries to stop scams Nick FitzGerald (Oct 31)
- Re: Sri Lanka to cut phone links to 13 countries to stop scams Richard Cox (Oct 31)