Did You Get an Important Message From Rogers With Your Phone Bill?

It looks like recent activism about telecom fraud is having some effect. If you’re a Rogers telecom customer you probably got a letter entitled “An Important Message from Rogers” with your bill this month. Subtitled “Helping to protect your business from telecommunications fraud,” the letter certainly starts out on a positive note. We’re in the business of telecom expense management and cost reduction services, so the fraud issue – and resolving it so that our clients avoid paying fraudulent charges – is very important to us. Let’s see how Rogers is helping us. (Get the letter and read along if you have it!)

The first three paragraphs summarize the issue. Most cases of telecom fraud involve a third party breaching your phone system to use expensive, unauthorized services, such as offshore pay-per-call operations. They say the most effective defense is “knowledge.” The end user is responsible for monitoring authorization codes and “equipment.” (Why the quotes? Read on.) Rogers will “attempt” to monitor its network traffic.

What does Rogers recommend? The advice is superficially useful. Change your passwords. Educate your staff. Restrict long distance calling. That’s all good. If Rogers believes so strongly in this, why don’t they provide more secure default settings, or a setup checklist with a stronger security focus? Simply put: They have no economic motive to help. Thanks to a lack of regulation Rogers passes most fraud costs on to the consumer, so either way, the carrier gets paid. That’s what we wrote the CRTC about recently. See our CEO talk about the issue on video here (Youtube).

The letter really starts to get odd when it recommends that you “Monitor continuously” – something most end users cannot actually do in any meaningful sense. The average consumer learns about usage patterns through monthly billing. They have no form of real time or daily access to traffic or billing, so unless the fraud stretches across multiple months there is no way to detect activity at “the earliest stages,” as the letter puts it. Fraudsters who want to take you to the cleaners know they’ll get caught, so they often hit your lines for a brief, intense burst of billable activity before moving on.

Who can monitor usage patterns quickly enough to matter? If you answered “Rogers,” you’re correct – except that the letter takes pains to let you know that Rogers won’t commit to that – it will only “attempt” to monitor its network. Rogers also believes that your responsibility for “equipment” – hardware – includes all of the intangible information that passes through it. This is kind of like saying that when the phone rings, you pick it up and someone hits you with a harassing phone call, it’s your fault for picking up the phone.

In short, the letter has some good advice, some advice you probably can’t, and clarifies the ways in which Rogers won’t help you, making this a decidedly mixed communication from the Canadian telecom giant.

The truth is that once you’ve taken reasonable security precautions, there’s a point at which the provider should use best practices to maintain network security. The government should provide carriers with an incentive to do so and protect consumers, because end users are not “responsible” for fraud. Criminals are.