How to Use Geo Permissions to Control Toll Fraud
- 21 Sep 2023
Toll fraud is a type of telecommunications fraud in which unauthorized individuals or entities gain access to a private telecommunication system to make long distance, international, or premium rate calls without the knowledge or consent of the system owner. The motive is financial gain — criminals profit from the charges generated by these calls when they’re directed toward premium-rate numbers controlled by the fraudsters.
Business victims of toll fraud can face high phone bills. The Communications Fraud Control Association (CFCA) reports that in 2021, toll fraud caused $6.69 in global losses.
Plivo can help protect your account from fraud by restricting the set of countries your account can call. If, for example, you intend to place calls to numbers in North America only, you can disable call routes to all other continents.
To manage geo permissions, navigate to Voice > Geo Permissions on the Plivo console.
Here you’ll see a list of all countries. You can filter the list by selecting specific geographic regions or countries.
Geo permission configurations are applied immediately to all calls initiated via Plivo APIs and Dial XML.
Calling premium numbers
You can also use geo permissions to block premium rate numbers — phone numbers that cost callers more than normal numbers. Area code 900 numbers in the US, for example, are premium rate numbers. Part of the premium charge is paid to the service provider, and that makes premium rate numbers easy to exploit for anyone whose numbers come from shady operators. These numbers can be exploited via traffic pumping, a type of toll fraud in which bad actors artificially inflate traffic to their premium rate numbers. When done across countries, this type of toll fraud is known as International Revenue Share Fraud (ISRF).
Most businesses never need to call premium rate numbers, so by default Plivo blocks calls to all phone numbers with high-risk prefixes as a way to prevent unwanted charges.
Plivo has identified thousands of premium rate and high-risk prefixes. You can export a list of these prefixes from the Voice > Geo Permissions > High-Risk Permissions screen of the Plivo console. Plivo regularly updates this list based on factors such as the rates associated with the premium numbers, call patterns, and third-party trends.
If you have a legitimate need to make calls to premium rate or high-risk numbers, you can request activation of high-risk permissions for your account or a particular subaccount by contacting our support team and providing them with details of your use case.
Strategies to prevent toll fraud
You can take several steps to make it harder for criminals to take advantage of your account and your phone numbers for toll fraud. In addition to use geo permissions:
- On the Voice page of the Plivo console, keep an eye on the usage summary to identify unexpectedly high call volumes.
- In your applications, limit the number of calls going out to a destination number based on your use case. For example, suppose you’re sending out one-time passwords (OTP) for two-factor authentication. Most OTP use cases set a duration for which the OTP is valid. During this time, you can block calls triggered toward the destination number. For more generic use cases you can write logic to not make more than n calls per minute or per day. Calling limitation is use case-dependent, and you’re likely to be the best judge of how to implement it.
- Secure your authentication IDs and tokens. Don’t push code that includes authentication information to public repositories. For mobile applications, follow the best practices recommended by the mobile OS.
Winning the battle against toll fraud
By using the tools Plivo provides and following best practices, you can fight toll fraud and avoid illegitimate charges.