IP PBX has emerged as an integral part of enterprise communications and key facilitator of digital transformation in all types of businesses. However, the benefits are accompanied by multitude of risks. IP PBX systems have been the easy targets of cybercriminals and hackers thanks to the open protocol that lets anybody to gain access to the system with just the login credentials.
The PBX fraud, also known as toll fraud, is growing at 29% per year as per Communications Fraud Control Association (CFCA). The harm resulting from such incidents is incomprehensible both in terms of financial loss and damage to reputation. It’s not just the enterprises who are hit by this scam; in fact, the telcos that serve the enterprise communications networks also bear responsibility for such scams.
Fortunately the industry is getting ready to deal with the IP PBX related frauds effectively. In one such innovation, Oculeus, a provider of telecom fraud protection solution, has come up with an automated real-time telecoms fraud protection service for enterprises. Oculeus-Protect, the latest offering from the company, is built on the capabilities of machine learning and behavioral analytics, which can help enterprises and telcos predict the nature of calls, enabling them to take preventive actions in the likelihood of calls being fraudulent.
For example, in a typical fraud scenario, a fraudster gains access to a PBX system through phishing or by exploiting the PBX vulnerability and then generates repeated calls to expensive, long-distance numbers. In yet another method, the fraudsters sell the PBX access to third parties, such as call centers, which then use the PBX to bypass the calls to long distances. Oculeus-Protect continuously monitors the traffic pattern to analyze such calls using different strategies. Anomaly detection is one of the ways by which the system identifies the unusual pattern in the calls. For this, it examines the calling numbers, origin of the calls, destinations and more, based on a set of pre-defined parameters. If any fraud is detected and confirmed, the system can drop the unauthorized calls immediately, so further damage can be averted.
To further empower enterprises with a proactive defense strategy, Oculeus-Protect builds a profile of the company’s calling behavior based on the location of its offices, partners and customers. The system also has the ability to flag calls based on the historical fraud data collected from multiple instances across different geographies. With these measures, the company can automatically prevent fraud calls from entering its communications network and telephony systems.
Since its launch in December 2018, Oculeus-Protect has been enabling telcos and enterprises to deal with PBX frauds effectively, said Oculeus’ CEO, Arnd Baranowski.
According to Baranowski, there has been high-level interest for the solution since its launch, especially from telcos. “Telcos are aware of the problem, although generally prefer not to discuss the risks enterprises are exposed to as most telcos do not have a solution or even strategy for protecting enterprises against PBX hacking and toll fraud.”
Enterprises, meanwhile, are not really aware of the ongoing risks that they are exposed to and individual enterprises tend only to take action after they have been hit by a toll fraud attack, Baranowski added.
With this understanding, Oculeus has designed its go-to-market strategy with telcos as their key channel partners. “The market need is clear for which we enable telcos to offer a VAS-based service for protecting PBX systems against telecoms fraud. For telcos, the addressable market is enormous and basically consists of any enterprise or organization that uses PBX devices.”
Oculeus has already started working with an initial set of telcos to offer telecom fraud protection service (as VAS) based on Oculeus-Protect to their enterprise customers.
Oculeus foresees significant opportunity in the telco fraud prevention segment. At present, the company works on a revenue-sharing partnership with telcos wherein it designs a custom solution for the telco which is then integrated into their network and OSS/BSS systems. While Oculeus takes care of the installation and maintenance, the telco manages the promotion of its service to its target markets and the relationships with its customers.
The business model revolves around three pillars. By allowing telcos to launch the fraud prevention solution as a VAS, Oculeus helps a telco increase ARPU, while also improving its overall telecoms fraud management practices. Enterprise customers, on the other hand, saves millions of dollars every month that otherwise would be lost to fraudsters. Oculeus, the technology provider, earns a share of the revenue from telcos.
Thus the telco is not just a customer for Oculeus, but rather a sales channel partner with significant market reach, Baranowski said.
Technology Research Institute (TRI), a market research firm focusing the telecoms industry, recently highlighted Oculeus-Protect as “major milestone in the fraud fight” and described it as the “first commercially available cloud-based fraud protection service for stopping fraud at enterprise PBXs”. TRI also identified that Oculeus-Protect is far more versatile than alternative approaches because it can block fraudulent calls even before they are connected and it requires zero administration to operate.
The recognition also coincides with the release of TRI report titled, “Telecoms Fraud & Business Assurance Solutions, Services & Strategies 2019,” that estimates that PBX fraud, specifically the injection of fraudulent telecoms traffic through PBX systems, causes approximately $8 billion a year in financial damage to enterprises alone.