MCI Communications has a list of suggestions for minimizing the risk of toll fraud.
- Learn all the capabilities of your PBX, particularly any you may not be aware of now. The vendor who sells or services your equipment is the most logical source for this information.
- Delete all authorization codes that were programmed into your PBX for testing or initial servicing.
- Audit and change all active codes in your PBX frequently and de-activate those not authorized.
- Treat authorization codes as you would credit card numbers. Each code should be assigned individually and employees' codes kept confidential.
- Assign the longest possible authorization numbers your PBX can handle. And select codes at random; do not use telephone extension numbers, social security numbers, employee identification numbers, and the like.
- Be alert during PBX-related conversations to the possibility that the person on the other end may be an impersonator; it may be a thief trying to learn about your phone system in order to defraud you.
- Tailor access to your PBX to conform strictly with the needs of your company. Block access to international and long-distance domestic numbers that your company does not call.
- Use an unpublished number for the Remote Access Unit/Direct Inward System Access and program the PBX to wait at least five rings before responding to the call.
- Review carefully all billing information to identify unauthorized calling patterns.
- Avoid a steady tone as the prompt for inputting an authorization code. Instead, use a voice recording or not prompt, which will minimize your vulnerability to unauthorized activity.