AT&T MERLIN LEGEND Release 2.0 System Programming Manual page 19

Customer Support Information
Security of Your System—Preventing Toll Fraud
As a customer of a new telephone system, you should be aware that there
exists an increasing problem of telephone toll fraud. Telephone toll fraud can
occur in many forms, despite the numerous efforts of telephone companies and
telephone equipment manufacturers to control it. Some individuals use
electronic devices to prevent or falsify records of these calls. Others charge
calls to someone else's number by illegally using lost or stolen calling cards,
billing innocent parties, clipping on to someone else's line, and breaking into
someone else's telephone equipment physically or electronically. In certain
instances, unauthorized individuals make connections to the telephone network
through the use of remote access features.
The Remote Access feature of your system, if you choose to use it, permits off-
premises callers to access the system from a remote telephone by using an 800
number or a
7-
acknowledgement signaling the user to key in his or her authorization code,
which is selected and administered by the system manager. After the
authorization code is accepted, the system returns dial tone to the user. If you
do not program specific egress restrictions, the user
call normally dialed
premises network call is originated at, and will be billed from the system
location.
The Remote Access feature, as designed, helps the customer, through proper
administration, to minimize the ability of unauthorized persons to gain access to
the network. Most commonly, phone numbers and codes are compromised
when overheard in a public location, through theft of a wallet or purse
containing access information, or through carelessness (writing codes on a
piece of paper and improperly discarding it). Additionally, hackers may use a
computer to dial an access code and then publish the information to other
hackers. Enormous charges can be run up quickly. It is the customer's
responsibility to take the appropriate steps to properly implement the features,
evaluate and administer the various restriction levels, protect access codes,
and distribute access codes only to individuals who have been fully advised of
the sensitive nature of the access information.
Common carriers are required by law to collect their tariffed charges. While
these charges are fraudulent charges made by persons with criminal intent,
applicable tariffs state that the customer of record is responsible for payment of
all long-distance or other network charges. AT&T cannot be responsible for
such charges and will not make any allowance or give any credit for charges
that result from unauthorized access.
To minimize the risk of unauthorized access to your communications system:
Use a nonpublished Remote Access number.
Assign authorization codes randomly to users on a need-to-have basis,
keeping a log of ALL authorized users and assigning one code to one
person.
or 10-digit telephone number. The system returns an
from a telephone associated with the system. Such an off-
will be able to place any
Customer Support Information
xvii