800 Redirect

Posted: 12/1997

800 Redirect

A Re-emerging Fraud Scam

By Jim Marsh, Senior Manager, Fraud Control, MCI

Imagine a business with a very active 800 service. Calls are coming in; people are
busy; orders are being taken; and customers are being serviced. Now imagine that same
business with no calls coming, people sitting around, no revenue being generated and
customers fuming. A fiber cut? Network outage? Phone system down? None of the above. Just
a little bit of the old-fashioned, scam-you-out-of-your-shorts routine via 800 redirect.

800 redirect is nothing more than what it is supposed to be: the redirection of the
termination for an 800 number. All providers of 800 service offer it. Call it tailored
call coverage, time-of-day routing or geographic routing. Rerouting the termination of an
800 number is standard operating procedure for many businesses. What is not standard,
however, is the redirection of the termination point by someone who is not associated with
the business.

Who would do this? What would be the motivation? How is this accomplished? What is the
impact? How can it be stopped or exposure reduced?

In most instances reported by several telecom fraud groups, the redirected terminations
are to chat or entertainment lines, which would result in long distance charges on the
originator’s own phone bill if dialed direct. People who access these entertainment lines
often do not want to spend their own cash calling these lines, as they like to chat or
listen for long periods of time. But, they are more than willing to spend other people’s
cash.

There also is the issue of exposure. Although not proven in any case as yet, the
redirection of an 800 number can expose large groups of people to a particular
application. Even a pay-per-call application is a form of advertisement. As with all
advertisements, the effectiveness is based on the number of impressions obtained. The more
impressions obtained, the more likely the pay-per-call number will be called. The real
advantage in this scenario is the lack of advertising expense for the information
provider.

In addition, telecommunication fraud organizations are cracking down on abuses to known
entertainment lines via calling cards, operator service products and other direct
connections. As always, however, other avenues to gain access appear.

The Federal Trade Commission has received numerous complaints from consumers who say
the 800 numbers they dial are going directly to entertainment lines. The twist in these
complaints is those customers are attempting to call a legitimate business. These
complaints are different than past complaints by consumers who call an 800 number
advertised by an entertainment line and then are asked for a form of payment, either by
credit card or by requesting the caller dial a 900 or international number.

In this re-emerging twist, consumers are automatically routed to domestic lines. The
caller is informed of the number to dial direct, and after a series of disclosure
statements–which include instructions for anyone under 18 to hang up–the service offers
several options, including billing options such as a credit card, online check or valid
phone card. The ability to perpetrate further fraudulent activity on consumers is evident
in these areas as well.

There are two ways 800-redirect fraud occurs. The first is the basic subscription fraud
method in which bogus accounts are created through a telecom service center. In opening a
new telecom account for an 800 number, the fraudster will provide bogus information to the
telecom service representative, including verfication or callback numbers. These bogus
verifications can be made through cloned cellular phones, compromised voice mailboxes or
fax machines located in areas such as commercial mail centers.

Detecting this type of subscription fraud can be nearly impossible. The extent of the
fraud is dependent upon the sophistication of the telecom company being abused and its
detection methods.

The other method is the redirection of a valid business’s 800 number in which the
fraudster contacts a telecom service center and assumes the identity of a valid customer.
The fraudster has obtained the correct carrier for an 800 number by calling one of the
many 800 numbers that provide the responsible carrier and trouble number associated with
an 800 number, as well as the name and address for a company. The fraudster may even have
set up the scam by contacting the valid business and assuming an identify of, say, a fraud
control analyst, calling to inform the company of a possible fraud event, then inquiring
and obtaining the name of the person responsible for telecom issues.

The fraudster has the information necessary to assume a valid identity. In this fashion
he can, if asked by the telecom company service center, identify himself as the telecom
manager of that company. At many telecom service centers, when a customer requests a
service change –regardless of type of change–little or no verification is necessary. The
service representative is only too happy to assist the customer. There is the assumption
that only a customer would call and make a change.

Often small- to medium-sized businesses are the ones targeted for 800 redirect, because
few of these companies have dedicated telecom account teams. Telecom account teams,
generally have more in-depth knowledge of the business and are familiar with the person
who is responsible for all changes. A general service center, on the other hand, deals
with many different businesses on a regular basis and may not know the intricacies of a
business or its telecom manager.

The impact of 800 redirect on an established business can be devastating. The business
is not receiving expected calls and, most likely, is losing revenue. Its customers are
exposed to a service they are not expecting, which could be a bad reflection on that
business, causing long-term revenue loss by losing customers. However, the real impact is
on the telecom company.

There aren’t many telecommunications companies that would admit willingly to their
customers that, although they promote a high-quality level of service, anyone would be
able to make changes to their customers’ service. Not only is the telecom company in an
embarrassing position that could result in lost customers, it will have to provide credit
to its customers for the fraudulent activity. In almost all other fraud situations, the
telecom company is able to require the business to accept liability. In 800 redirect,
however, the telecom company is responsible.

Successfully stopping 800 redirect takes a two-pronged strategy. First, telecom
companies should require more in-depth verification of account changes. One person or
party should be responsible for making all changes within a company, as well as a code
word or phrase requirement that provides further verification of the person making the
changes. This is a hard sell in most sales and service organizations. But most sales and
service managers will admit that financial transactions require a certain level of
security. Therefore, any transaction that changes an account should be considered a
financial transaction, due to the possible loss of revenue by both the customer and the
telecom company.

Second, telecom companies should enhance their detection of 800 redirect. There are two
types of detection: a review of redirected 800 numbers (do they terminate to previously
known locations for the account or to known entertainment lines?) and a cumulative review
of traffic and its approximate cost. In many cases of 800 redirect, the volume and cost of
the calls rapidly exceed average daily volumes, which can provide an alert for review.
Quick verification of the 800 number can result in drastically reduced losses on both
subscription fraud accounts and valid businesses. This action provides a proactive
approach and hopefully eliminates the possibility of the customer calling you.

PHONE+ invites you to air your views. Call us at (480) 990-1101 or
e-mail [email protected].