Gartner Blog Network

Profiting From Fraud Is Not Good Business, Protecting Your Customers Is

by Greg Young  |  November 27, 2009  |  2 Comments

Business and security can conflict.  The stereotype of security hindering innovation is sometimes true.  However in the case of telephone toll fraud, it is the a reverse-double-whammy where security can stop the business side from doing things that are bad for business in the long term.

Take the case reported here, and imagine yourself as a small business using about $250 worth of telephone per month.  Then you get a bill for say $60,000.  Toll fraud? Yup.  Are you responsible for keeping your phone equipment safe?  The phone companies in the geographic reported on say yes unless you use their equipment. 

Credit card companies have advanced the technology of unusual-use detection to impressive levels.  Most of us who have had to take the phone from the checkout clerk and answer some questions posed by the credit card company appreciates the efforts to protect them.  But with toll fraud I’m suggesting even near-cave-man levels of detection; things like if this month’s toll has reached double that of last month’s bill, phone or email the customer.  The full recovery rate on those $60k bills must be near 1%, and any other partial recovery must be wiped out with lost opportunity business (the stuff that doesn’t show up on spreadsheets) from a lot of bad will and bad news traveling fast.  I expect that whatever extra money is made by convincing a small customer to switch to your equipment doesn’t cover the bad experience and loss of confidence in the whole market in this age of Skype.

Are customers responsible for protect themselves?  Yes.  Is it good business to help protect them from catastrophic levels of risk?  I think so.

This kind of business case where customers are hung out to dry when some basic measures could protect them has no legs. 

Greg Young| Research Vice President | Gartner
Network Security
Browse my published research


Greg Young
Research VP
6 years at Gartner
22 years IT security

Greg Young is a research vice president in Gartner and the lead analyst for network security. Mr. Young has experience in IT security in product companies, and in both the private and public sectors. He spent his military career in technology security… Read Full Bio

Thoughts on Profiting From Fraud Is Not Good Business, Protecting Your Customers Is

  1. Rick Jordan says:


    You used credit card fraud detection as an analogy for the case of toll fraud prevention. Wouldn’t enterprise data network security be a better analogy to answering the question of who should bear responsibiltiy/costs of preventing toll fraud?

    Enterprises generally do not rely on their Internet service providers to bear the costs of securing their data networks from attacks via the public Internet. Why should connections to the public phone network be treated differently?

  2. Greg Young says:

    Hi Rick:

    I stayed away from the ISP example since you generally have a capped level of bandwidth (within some bounds). Many ISPs will notify when you exceed, for example, download limits and they commonly provide free AV and anti-malware.


Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.