Fraudulent Use Policy
UNAUTHORIZED AND FRAUDULENT USE OF SERVICES
Unauthorized and Fraudulent Use. The Company shall not be liable for any damages (including usage charges) that the Customer may incur as a result of the unauthorized use of its communications equipment. The unauthorized use of the Customerís communications equipment includes, but is not limited to, the placement of calls from the Customerís premises and the placement of calls through Customer-controlled or Customer-provisioned equipment that are transmitted or carried over the Companyís network services without the authorization of the Customer. The Customer shall be fully liable for all such charges. Although Carrier has been successful in identifying fraudulent calling to limit its customersí exposure to fraud resulting from the operation of customer-provided equipment, systems, facilities or services which are interconnected to Carrierís services, Carrier is subject to certain limitations, and therefore Carrier does not make any claims or assurances relative to its ability to identify or provide notice to its customers of fraudulent or unauthorized use. It is the responsibility of Customer to secure all Customer-provided equipment. Customer remains liable for all charges resulting from the unauthorized or fraudulent use of such systems. Upon request, Carrier will provide assistance to Customer to identify, correct, and minimize the misuses or abuse through timely reconfiguration and restriction of service that is provided by Carrier. At Customerís request, Carrier shall selectively block and take other actions which are reasonably under Carrierís control in order to limit or prevent unauthorized calling resulting from the operation of Customer-provided systems, equipment, facilities, or services. Upon request, Carrier shall assist Customer 1) in the referral of all relevant information to State or Federal officials for the purposes of prosecuting those individuals responsible for the abuse or misuse of a Customerís service, and 2) in the preparation and submission of relevant information under Carrierís control in all legal actions which Customer may bring against third parties responsible for the abuse or misuse of the Customerís service.
UNAUTHORIZED AND FRAUDULENT
USE OF SERVICES PBX Voicemail Fraud. A PBX is a private switch that serves extensions in a business and provides access to the public switched network. If your PBX system is not maintained and secured, it can be an easy target for criminals to hack into your PBX system thereby leaving you exposed to the liability resulting from the unauthorized or fraudulent use of the network Services. Please incorporate the following defensive measures to alleviate much of the exposure from PBX and Voice Mail Fraud:
- Run periodic security audits to check for loopholes in the PBX (have PBX vendor do this if possible).
- Disable DISA (Direct Inward System Access) if possible. If not possible, use maximum number of digits for DISA code.
- Eliminate remote access to your PBX and disable access system. Have authorized personnel use calling cards instead, if practical.
- Do not allow unlimited attempts to enter system. Program PBX to terminate access after third invalid attempt.
- Shred directories or anything listing PBX access numbers.
- Never divulge system information unless you know to whom you are giving it.
- Secure remote maintenance port and use call back modem or alphanumeric passwords.
- Tailor access to the PBX to conform to business needs.
- Eliminate trunk to trunk transfer capability.
- Restrict 0+, 0- and 10-10-XXX dialing out of PBX.
- Restrict all calls to 900, 976, 950 and 411.
- Change passwords frequently.
- Delete/change all default passwords.
- Restrict after-hours calling capability: DISA, International, Caribbean and Toll calls.
- Analyze call detail activity daily (use SMDRs).
- Consider allowing only attendant-assisted international calling.
- Restrict Toll Free dialing from areas where there is no business requirement.
- Frequently audit and change all active codes.
- Deactivate unassigned voice mailboxes and DISA codes.
- Make sure that system administration and maintenance port phone numbers and randomly selected, unlisted and that they deviate from normal sequence of other business numbers.
- Do not allow phone lines to be ìforwardedî to off-premises numbers.
- Use random generation and maximum length for authorization codes.
- Deactivate all unassigned authorization codes.
- Use multiple levels of security on maintenance ports (if available).
- Ensure that ìNight Bellî or attendant service does not default to dial tone when left unattended.
- Do not use ìalphaî passwords that spell common words or names.
- Do not allow generic or group authorization codes.
- Immediately deactivate passwords and authorization codes to known terminated employees.
- Consider implementing a project account codes, i.e. an additional numeric password that adds a second level of security.
- Restrict all possible means of out-dial (through-dial) capability in your voice mail system.
- Frequently change default codes/passwords on voice mailboxes.
- Employ class-of-service screening to areas to which there is no business need to call.
XCLUTEL is not responsible for any unauthorized or fraudulent use of the network Services. Any claims of fraud shall not constitute valid justification for dispute of an Invoice. It is the responsibility of Customer to secure all Customer-provided equipment. Customer remains liable for all charges resulting from the unauthorized or fraudulent use of such systems. Carrier will provide assistance to Customer upon request in its efforts to identify, correct, and minimize the misuse or abuse through timely reconfiguration and restriction of service that is provided by Carrier. At Customerís request, Carrier shall selectively block and take other actions which are reasonably under Carrierís control in order to limit or prevent unauthorized calling resulting from the operation of Customer-provided systems, equipment, facilities, or services.