- Contents
Interaction Administrator Help
Toll Fraud Prevention
Toll fraud is the theft of long distance service. A common type of toll fraud involves employees who use company phones in an unauthorized manner to make personal long distance calls. Because CIC is capable of performing many different telephone operations, CIC administrators should know that under certain conditions employees could use CIC features to commit toll fraud.
This topic addresses ways that CIC features could be used to commit toll fraud, and ways that CIC could be configured to prevent such abuses. This does not cover possible toll fraud activities that only a system administrator could commit (for example publishing rogue handlers), or toll fraud activities that could be performed on an ordinary telephone system (for example using stolen phone access codes).
Note: All the toll fraud activities described in this topic occur in the context of an employee calling into the company’s phone system on a corporate toll-free number.
Reply to a voice mail from a long distance caller
Description
An employee calls into the CIC’s auto attendant system via a corporate toll-free number. The employee listens to a personal voice mail message from a long distance caller. Upon playing the message, the CIC auto attendant system allows the employee to reply back to the message, which the employee chooses to do. CIC dials the long distance number, the call connects, and it is charged to the company bill.
Prevention
You can prevent this type of toll fraud by blocking the employee from initiating all long distance calls, including the ability to reply to long distance calls. In Interaction Administrator you can set Basic Security rights so that the employee does not have the option to initiate Long Distance, International, or 900 Service calls. These rights can be set for an individual user, a workgroup, or the entire company. For more information, see the Configuration Property Inheritance and User Rights.
Set the forward number to a long distance number
Description
An employee sets the user status to Available, Forward. However, the forward number the employee enters is the long distance number of a friend that the employee wants to call. Later, the employee calls his/her own extension via a corporate toll-free number. CIC automatically forwards the call to the friend’s long distance phone, the call connects, and it is charged to the company bill. For more information, see the help for the CIC clients.
Prevention
Again, the key to preventing this type of toll fraud is to block the employee from initiating long distance calls, which includes forwarding a call to a long distance number. Interaction Administrator allows you to set Basic Security rights so that the employee does not have the option to initiate Long Distance, International, or 900 Service calls. These rights can be set for an individual user, a workgroup, or the entire company. For more information, see the Configuration Property Inheritance and User Rights help.
Set the forward number to a local number and call from long distance
Description
An employee sets the user status to Available, Forward. However, the forward number the employee enters is a friend’s local phone number. Then, from a long distance number (for example while on vacation in another state) the employee calls his/her own extension using a corporate toll-free number. CIC automatically forwards the call to the friend’s local number and the call connects. For more information, see the Forward Calls help topic in Interaction Client.
This scenario is similar to the previous one. However, instead of CIC forwarding a call from a local number to a long distance number, now CIC is forwarding a call from a long distance number to a local number. In either case, the result is the same—the employee has used a company phone line to make an unauthorized long distance call.
Prevention
Preventing this type of toll fraud activity requires you to block the employee from setting the forward number to a local external number. There are several ways to do this:
-
Block the employee’s ability to configure the Interaction Client
One simple way to prevent this type of toll fraud is to block the employee from making any configuration changes to the Interaction Client, including the ability to set a forward number. In the Interaction Administrator you can set the Basic Security rights so that the employee does not have the rights to view and modify the Configuration Page on Interaction Client. You can set these rights for an individual user, a workgroup, or the entire company. For more information, see the Configuration Property Inheritance and User Rights help topics. -
Remove the "Available, Forward" status
Another simple way to prevent this type of toll fraud is to completely remove the Available, Forward status. In Interaction Administrator’s Status Messages container, you can delete this status. This solution is more extreme because removing a status can be performed only on a global level. In other words, if you remove this status for one employee, it will also be removed for the entire company. For more information, see the User Configuration help topic. -
Configure CIC so that it forwards calls only to internal numbers
A final way to prevent this type of toll fraud is to configure CIC so that all employees—both those in and out of the office—must set their forward numbers to internal extensions. Again, this prevents the forward number feature from being abused, while still allowing it to be used for work related purposes. To configure CIC so that it requires all employees to set their forward numbers to internal extensions, insert a lookup step in the SystemIVRRemoteEmployee handler. The lookup step should check to see if the forward number is a valid extension. If it is valid, the handler would allow the employee to set personal attributes; if it is not valid, the handler could play an "Invalid Number" message and permit the employee to reenter the forward number. For more information on this handler, see the SystemIVRRemoteEmployee help topic in Interaction Designer.