Wednesday, February 12, 2014

Lync as a PBX Replacement Series - Toll Fraud

Others in the series...

PBX Network Topology
http://blog.ucomsgeek.com/2014/02/pbx-replacement-series-pbx-network.html

PBX Dial Plan
http://blog.ucomsgeek.com/2014/02/pbx-replacement-series-pbx-dial-plan.html

Analogs
http://blog.ucomsgeek.com/2014/02/pbx-replacement-series-analogs.html

Overview
Since I have started working on Microsoft based Unified Communications, I hardly ever hear any talk about Toll Fraud. Granted, things have changed as far as telecommunications costs, but there are still other problems that can crop up with regard to Toll Fraud.

When we are considering replacing a PBX, the Toll Fraud prevention the PBX has in place will be gone. Lync should be configured to prevent users from using the system inappropriately. It is important to note that some of the ways I'll point out that Toll Fraud can be committed are not necessarily considered Toll Fraud by every business so it is best to really have a heart to heart with your customer about the subject.

Toll Fraud
900, 976, and 809
Most people in the United States are aware of 900 and 976 Premium numbers that can rack up costs for the caller (mostly sex talk lines). But not a lot of people are aware of 809 scams. The numbers look like Canadian or US telephone numbers, but turn out to be costly, overpriced international calls which bypass consumer protection laws. Some advertise phone sex or other typically premium content. Other ways these scams work, is by leaving an unsolicited messages on voice mail or making bogus claims of being a relative in a family emergency to trick users into calling the international numbers, then attempting to keep the victim on the line as long as possible in order to incur the cost of an expensive international call. Ask yourself this... if you were to get an 809 number on your phone would you call it back? Most people do... and this is how they scam people.

Call Forwarding
This is when a phone within a business is set to call forward to a Long Distance or International number. These days Long Distance is so cheap that you don't hear about this much anymore, but call forwarding to an International number can still be costly. Once a phone is forwarded a person can call that phone and voila they have made a call on someone else's dime. It doesn't even need to be a phone with a DID if you have an Auto Attendant they can use to transfer to that Non-DID phone.

Personal Calls
Most businesses don't care if you make a personal call while at work. However, I'm willing to bet they might care if you made a personal International call on their dime. I really don't have anyone Internationally I want to call on a regular basis, but I have friends that have family and friends overseas. In general, a business will restrict the types of calls a user can make based on their job function and then do periodic audits of phone bills to see if anything sticks out.

411 Calls
Calls to 411 are used for directory assistance. This is one of those grey areas, that some businesses allow their users to dial. The reason why some businesses restrict this is because there is a per call charge of $1.25 for this service. Sometimes this slips through because phone systems need to allow for 911 and other municipal services on 311. Good to investigate what the current phone system allows and then have a conversation with your customer.


Why do we care about Toll Fraud?
As installers of communications systems, we should take great care in making sure the system is functioning properly. That means also making sure the system prevents users from using it ways that are not appropriate.

.Net Regular Expressions
With regard to Lync Server we have a lot of tools to prevent and monitor Toll Fraud.

To start with across the board blocking of numbers can be done at the routing level within Lync Server. For instance the following .Net Regular Expression blocks 900, 976, and 809 numbers, but allows all other area codes to pass whether they are valid or not. If you need to add other numbers it should be self explanatory on how to do that. If you need help with Regular Expressions you can read my blog post.

^\+1(?!(900|976|809))

Call Forwarding and Simultaneous Ring Restrictions
As far as Call Forwarding goes Lync Server 2013 provides a separate ability to restrict Call Forwarding and Simultaneous Ring vs the users ability to dial the PSTN directly. By default it is set to use the users assigned PSTN Usages, but you have the option to restrict to Lync users/endpoints only or Route using custom PSTN Usages. This would be an excellent opportunity to have a conversation with your customer on how they want this setup because this may add more Voice Policies to your deployment if they want users to be able to dial Long Distance but have separate policies restricting the call forwarding and simultaneous ring for different groups of users. Here is what the area in Voice Policies looks like...



Authorization Codes
Some companies use authorization codes to prevent fraud of someone walking up to a phone and dialing a Long Distance or International number. You might run in to a PBX that has Authorization codes, and even though there are third party developed solutions on Lync to handle this, there is nothing built in to the Lync product with this functionality. Many businesses choose to have a carrier handle Authorization codes for them and then in turn creates a report every month of who made what calls and for how long.

I'd also like to point out that some PBX Authorization codes implemented require the user to dial an authorization code before the phone number. You might have caught this while you were collecting data for the PBX Dial Plan, and have been scratching your head how to get Lync to handle this. I haven't seen a way to handle this across SIP. Your customer will need to remove these restrictions from calls coming from Lync and allow the Lync system to control what a user dials with Voice Policies, PSTN Usages, and Routes.

Voice Policies, PSTN Usages, Routes, and Trunk Configurations...
Now you might be asking what are PSTN Usages at this point. If so that probably means that calls are flowing to the PBX wide open with no restrictions (which is fairly common). I plan to do a whole PBX Replacement Series write up on Class of Service or Call Restrictions, but I'll try to boil down the basics in this post.

Going to Masters was the single hardest thing I've ever done. I wouldn't have missed a single moment of it. Everyone there was top notch and I made some great friends. Everyone came with their specialties and mine happened to be voice. Some of the class struggled in this area, which isn't good because there is one week of information on just the Enterprise Voice part of Lync Server. Doug Lawty was the instructor for most of this week and if you ever get a chance to sit in one of his sessions at Lync Conference you should.

Anyway... my point is that doing Enterprise Voice right, in Lync Server, is not trivial. Understanding Voice Policies, PSTN Usages, Routes, Trunk Configurations and how they all interact with each other can be daunting, especially if you haven't seen an example before. So... with that... the best way I can show you how this stuff works together is by showing you visually.


Got it memorized? The way to read this is to start on the far left and work your way right. The far left is User Voice Policies. That is right... USER. I never use Voice Policies assigned at the Lync Site level. Why you ask? Because you will always run in to that situation where you need to be more granular per office, per floor or even per department and you might as well start out that way.

Anyway pick a green box like DEN-LongDistance, notice the pretty yellow/orange lines that move to the right. Those are leading you to PSTN Usages. PSTN Usages are how you control which routes that Voice Policy has access to. Each PSTN Usage can have Multiple routes assigned to it. Multiple routes can be assigned to Multiple PSTN Usages. Oh, and PSTN Usages can be assigned to multiple routes (evidence of all the pretty colors). So this is why people get really confused and why the picture is important. Don't think the above example is the only way to do this... it is just how I prefer to do it.

If a User Voice Policies doesn't have a usage assigned that allows access to a route assigned, there is no way for the user to get to that route. Are you starting to see how we can restrict what a user is able to dial?

When I build all this out I actually start with my routes. Then I create a User Voice Policy and Create the PSTN Usages within that Voice Policy as I go. Start with the most restrictive Voice Policy because once you build a PSTN Usage you can use it later for other Voice Policies (i.e. DEN-911-Usage).

Like I said I'm going to do a whole blog post dedicated to this area, so don't want to give away all the fun just yet. Hopefully the above visual will help you until then.

I didn't intend to have this post the end all for all types of Toll Fraud. What my real goal was in this blog post was to get you thinking about Toll Fraud in a Lync Server environment. If you have any questions feel free to add a comment I'll do my best to answer.

No comments:

Post a Comment