Security Of Your System: Preventing Toll Fraud - Avaya MERLIN MAGIX Maintenance And Troubleshooting Manual

Maintenance and Troubleshooting
Security of Your System: Preventing Toll
Fraud
As a customer of a new telephone system, you should be aware that there is an increasing
problem of telephone toll fraud. Telephone toll fraud can occur in many forms, despite the
numerous efforts of telephone companies and telephone equipment manufacturers to control it.
Some individuals use electronic devices to prevent or falsify records of these calls. Others charge
calls to someone else's number by illegally using lost or stolen calling cards, billing innocent
parties, clipping on to someone else's line, and breaking into someone else's telephone
equipment physically or electronically. In certain instances, unauthorized individuals make
connections to the telephone network through the use of the Remote Access features of your
system.
The Remote Access features of your system, if you choose to use them, permit off-premises
callers to access the system from a remote telephone by using a telephone number with or without
a barrier code. The system returns an acknowledgment, signaling the user to key in his or her
barrier code, which is selected and administered by the System Manager. After the barrier code is
accepted, the system returns dial tone to the user. Barrier codes are, by default, restricted from
making outside calls.
The Remote Access feature, as designed, helps the customer, through proper administration, to
minimize the ability of unauthorized persons to gain access to the network. Most commonly,
telephone numbers and codes are compromised when overheard in a public location, through theft
of a wallet or purse containing access information, or through carelessness (for example, writing
codes on a piece of paper and improperly discarding it). Additionally, hackers may use a computer
to dial an access code and then publish the information to other hackers. Enormous charges can
be run up quickly. It is the customer's responsibility to take the appropriate steps to properly
implement the features, evaluate and administer the various restriction levels, protect access
codes, and distribute access codes only to individuals who have been fully advised of the sensitive
nature of the access information.
Common carriers are required by law to collect their tariffed charges. While these charges are
fraudulent charges made by persons with criminal intent, applicable tariffs state that the customer
of record is responsible for payment of all long-distance or other network charges. Avaya cannot
be responsible for such charges and will not make any allowance or give any credit for charges
that result from unauthorized access.
To minimize the risk of unauthorized access to your communications system:
Use an unpublished Remote Access number.
I
Assign access codes randomly to users on a need-to-have basis, keeping a log of all
I
authorized users and assigning one code to each person.
Use random-sequence access codes, which are less likely to be broken.
I
Use the longest-length access codes the system will allow.
I
Deactivate all unassigned codes promptly.
I
Ensure that Remote Access users are aware of their responsibility to keep the telephone
I
number and any access codes secure.

Security of Your System: Preventing Toll Fraud

A-8
6