From time to time the TIO receives complaints from small businesses that have received large telephone bills as a result having their telephone system (known as PABX) hacked.
PABX hacking occurs when the passwords of a telephone system are breached, and the hackers fraudulently sell international calls through the business’s phones. The hackers profit from the activity, while the small business owner’s telephone bill spirals into the tens of thousands of dollars over days or even weeks.
The business often doesn’t become aware of being hacked until they receive a large bill. The cost isn’t simply on them – frequently telecommunications providers are left in the lurch, as they have to pay the wholesale costs of the international phone calls.
When we receive this type of complaint, we may have to decide who is liable for what portion of the charges. On one hand, a phone system security is considered to be the consumer’s responsibility as they own the PABX equipment. On the other hand, providers have an obligation to ensure that any line of credit invoiced remains reasonable.
For example, the consumer should ensure that passwords on the PABX system are changed regularly while the service provider should monitor and alert a consumer when it detects any unusual activity. Co-operation between a small business consumer and their provider is important to decrease the risk of being hacked.
Generally it will not be fair for a consumer who has been the victim of PABX hacking to pay the full account. Depending on the circumstances of a complaint, some victims of hacking may be expected to cover the wholesale costs of a service provider.
To reduce your exposure to PABX hacking, it could be worth asking the following questions of your service provider:
- Can I place a hard cap on my account?
- What can I do to make a PABX system is more secure?
- Can I bar international calls, or can I be given a dialler code?