Did You Get an Important Message From Rogers With Your Phone Bill?

It looks like recent activism about telecom fraud is having some effect. If you’re a Rogers telecom customer you probably got a letter entitled “An Important Message from Rogers” with your bill this month. Subtitled “Helping to protect your business from telecommunications fraud,” the letter certainly starts out on a positive note. We’re in the business of telecom expense management and cost reduction services, so the fraud issue – and resolving it so that our clients avoid paying fraudulent charges – is very important to us. Let’s see how Rogers is helping us. (Get the letter and read along if you have it!)

The first three paragraphs summarize the issue. Most cases of telecom fraud involve a third party breaching your phone system to use expensive, unauthorized services, such as offshore pay-per-call operations. They say the most effective defense is “knowledge.” The end user is responsible for monitoring authorization codes and “equipment.” (Why the quotes? Read on.) Rogers will “attempt” to monitor its network traffic.

What does Rogers recommend? The advice is superficially useful. Change your passwords. Educate your staff. Restrict long distance calling. That’s all good. If Rogers believes so strongly in this, why don’t they provide more secure default settings, or a setup checklist with a stronger security focus? Simply put: They have no economic motive to help. Thanks to a lack of regulation Rogers passes most fraud costs on to the consumer, so either way, the carrier gets paid. That’s what we wrote the CRTC about recently. See our CEO talk about the issue on video here (Youtube).

The letter really starts to get odd when it recommends that you “Monitor continuously” – something most end users cannot actually do in any meaningful sense. The average consumer learns about usage patterns through monthly billing. They have no form of real time or daily access to traffic or billing, so unless the fraud stretches across multiple months there is no way to detect activity at “the earliest stages,” as the letter puts it. Fraudsters who want to take you to the cleaners know they’ll get caught, so they often hit your lines for a brief, intense burst of billable activity before moving on.

Who can monitor usage patterns quickly enough to matter? If you answered “Rogers,” you’re correct – except that the letter takes pains to let you know that Rogers won’t commit to that – it will only “attempt” to monitor its network. Rogers also believes that your responsibility for “equipment” – hardware – includes all of the intangible information that passes through it. This is kind of like saying that when the phone rings, you pick it up and someone hits you with a harassing phone call, it’s your fault for picking up the phone.

In short, the letter has some good advice, some advice you probably can’t, and clarifies the ways in which Rogers won’t help you, making this a decidedly mixed communication from the Canadian telecom giant.

The truth is that once you’ve taken reasonable security precautions, there’s a point at which the provider should use best practices to maintain network security. The government should provide carriers with an incentive to do so and protect consumers, because end users are not “responsible” for fraud. Criminals are.

An Open Letter to the CRTC: Telecommunications Security and Cost Liability

NOTE: On September 21, 2009, GILL Technologies President George Gill sent the letter below to John Traversy, the Executive Director of Telecommunications at the CRTC, concerning the onerous costs end users bear over telehacking-related charges. We believe it is part of our role as a telecom expense management firm to help protect clients from all unnecessary charges, including those stemming from third party fraud, an issue we’ve covered in the past.

We hope regulators will take appropriate steps to foster a safe, responsible telecom environment. To minimize your own risks, please remember to take appropriate end-user precautions. Change default login information and block unnecessary services whenever possible.

Mr. Traversy and the Commission,

For nearly a decade, GILL Technologies has worked in close partnership with major carriers, including Rogers, Bell and Telus. Thus, it is with great concern that I note recent events that underline the need for CRTC regulations protecting end users from fraudulent charges.

On January 2009, Burlington, ON law firm Martin and Hillyer suffered a $207,000 bill from Bell due to voice mail hacking from abroad. In August, boutique telecom wholesaler Telepath incurred over $100,000 in charges from Rogers over a similar attack

In both cases, carriers took the position that the onus lay with victims who had only a limited ability to monitor usage. In Telepath’s case, its CEO told the Canadian Press (“Stop fraudsters with limit on telephone special services charges, CRTC urged,” Julian Beltrame, Canadian Press, August 20th, 2009) that he did in fact contact Rogers. Allegedly, the carrier did not respond promptly.

Beyond basic, user-centric precautions such as strong passwords, responsibility for secure telecommunications obviously rests with carriers. Under the current regime, carriers suffer a conflict of interest where preventing fraud denies them charges to levy against end users. In other words, the CRTC’s failure to regulate in this area rewards carriers for inadequate security. Currently, there’s no difference between a dollar earned on third party fraud and one earned through legitimate services.

The current system doesn’t work. Informal resolution mechanisms waste time and money. In many cases, they don’t adequately protect end users. Therefore, I call on the CRTC to:

  1. Regulate carrier security practices, as carriers currently have no economic motive to implement best practices.
  2. Establish reasonable limits on end user and reseller liabilities for fraudulent charges.
  3. Implement a dispute resolution system that investigates and fairly distributes fraudulent charges based on each party’s actual responsibilities.

I believe it is not only necessary but practical to better regulate the fallout of fraud in Canadian telecom. I sincerely hope that the CRTC will provide a regulatory solution with an equitable, forward-looking ethos.

Thank you,

George Gill

President, GILL Technologies

Cc:  Dean Del Mastro, Member of Parliament for Peterborough