More on Voicemail Fraud

Following up on our last article about voicemail fraud, users should be aware that Bell Canada has taken the position that the onus is on the victim to pay fraudulent charges. This comes in the wake of several serious voicemail hacks, including one that cost one Oakville, Ontario-based company over $60,000. In this case, Bell detected the situation and cut off long distance access . . . then sent the company the bill. After some wrangling, Bell agreed to accept a smaller amount.

Believe it or not, this is not the worst instance of fraud. One Burlington, Ontario – based company got stuck with a phone bill of over $200,000 due to the same form of fraud. In this case, Bell agreed to accept about half of that amount as a “goodwill gesture.” However, Bell has made it clear that it considers these charges the responsibility of the account holder.

Bell’s position is that account holders are responsible for using the safeguards on voicemail systems to prevent criminals from illegally accessing them. Last month, the company took out ads in major Canadian newspapers detailing this position, and in situations where it’s compromised on bills the company has said lowered charges are a favour, not an obligation.

One thing that Bell is less than forthcoming about, however is who exactly is administering these apparently vulnerable voicemail systems – namely, Bell itself. Furthermore, which of these victims failed to follow Bell’s recommendations? Which ones didn’t – and if they didn’t, did they even know what they were supposed to do? Did Bell say anything to them about what they expected users to do in the way of security administration, or is this advice post-hoc lecturing?

The fact of the matter is that full security precautions are as onerous as the attached system makes them. While using hard to guess passwords is a no-brainer, why do Bell’s services include easily exploitable default settings? Can you really expect companies that don’t have a telecom or security focus to change their passwords every 90 days? If Bell is serious about fraud prevention, why don’t they make a system that pushes security update requests and adds at least one strong, default security process to go through before users get long distance access?

The idea that the user is responsible by default is convenient for providers, but practically speaking, most businesses aren’t filled with telecom security experts. They just want to use their services in a convenient, cost-effective fashion. We can’t comment on who’s legally bound to pay these fraudulent charges (that’s for the courts) but we can say that if you’re worried about these sorts of situations, the best option is to outsource your telecom customer service to experts who understand the providers’ policies and procedures, and can argue your case from an informed position. We’ve learned from experience in the telecom expense management field that needless charges often result from customers who just can’t afford to wait on the phone for provider support, and don’t have the time, knowledge and inclination to argue for the cost reduction they deserve.