NYSE: IDT
facebook
Products

Discover how our products can revolutionize the way you communicate and collaborate.

Voice

Explore our advanced voice solutions designed to optimize your communication workflows.

Diverse range of DID number solutions designed to enhance your communication capabilities.

Experience unparalleled communication efficiency with our advanced SIP Trunking Solutions.

Cutting-edge technology to proactively detect and neutralize spam flags on your DID Numbers.

Messaging

Wherever your audience is, our platform ensures seamless messaging across diverse channels.

Build customer journeys by fostering interactive conversations, all within the framework of your app. 

Connect with your audience in a simple and effective way through our cutting-edge SMS platform. 

BYOC

Harness the power of IDT as your chosen carrier while leveraging your platform’s advanced features and services.

Integrate Twilio with our robust carrier routing platform to achieve unparalleled Voice termination system.

Experience reliable and high-quality communication services while leveraging the advanced capabilities of Genesys. 

Integrate IDT with the collaborative strength of MS Teams, unlocking efficient and feature-rich communication. 

Experience the power of our carrier network seamlessly connected to Plivo through our cutting-edge BYOC solution. 

Tools

Experience the power of our online voice tools, designed to simplify communication management. 

Ensure the authenticity and integrity of outbound calls with our STIR/SHAKEN Verification Check tool. 

User-friendly tool to verify the reputation of your business number, ensuring that it remains trusted. 

Compare and gain insights into outbound call expenses, optimize budget, and make informed decisions. 

Easily estimate and compare the costs associated with different DID numbers providers. 

Compare inbound VoIP rates among top CPaaS providers and optimize your inbound call costs. 

Generate custom SMS templates. 

Learn

Empower yourself with the resources you need to thrive in the dynamic landscape of communication.

Articles covering a wide range of topics.

Get answers to common queries.

Find instructions to make the most of our products.

Discover telecom insights and trends.

Find definitions of popular telecom terms.

Explore how our solutions have helped businesses.

Latest telecom trends, innovations, and market insights.

Company

A global telecom partner built to meet your needs. 

Discover the story behind our commitment to delivering innovative solutions to connect people and businesses worldwide. 

Learn about our robust network infrastructure that spans across the globe, ensuring reliable and secure connectivity. 

Got a question, feedback, or need assistance? Our dedicated team is here to help!

Find partners or sign up for partnership programs.

NYSE: IDT
Learn / Blog

Voice Termination – Protecting your Voice Traffic

|
|  4 min
In this article

Attacks against VoIP are on the rise and it is important that businesses know how to defend themselves, while also staying in compliance with regulators wanting proof that system security obeys the ever-changing regulations.

What are the threats?

Many businesses still lack even basic encryption protection against problems such as VoIP denial of service, eavesdropping attacks and toll fraud, according to industry experts. This is an issue that needs to be tackled urgently because of the risk that this may render them non-compliant with the burgeoning regulatory framework, including HIPPA (Health Insurance Portability & Accountability Act), PCI (Payment card standards), and the Sarbanes Oxley Act which are revised so often they are something of a moving target.

This issue has come to the forefront in recent years due to events involving product safety recalls, financial fraud and, sadly, disasters in environmental health & safety. US regulators and bodies in other jurisdictions have stepped up the fight by tightening their legislative control. Generally speaking, these regulations seek to protect personal information that could lead to instances of identity theft, compromised bank accounts, corporate phone toll fraud or the fraudulent usage of credit cards.

While VoIP is seldom directly addressed in these revised regulations, the rules still apply to this technology in many cases. For example, PCI standards lay down the requirement for the use of security and cryptography such as SSL/TLS / IPSEC in order to safeguard cardholder data while it is transmitted over public, open networks.

This means that VoIP calls which go across the open internet and include credit card details must be encrypted. Even though this would not apply to VoIP calls carried out on internal networks, experts fear that businesses may be obliged to validate that these calls as being encrypted. Depending on the language used in the regulations, this could be construed to refer to VoIP.

As an example, HIPAA has said that businesses need to take steps to make electronically managed health information secure. This may not be immediately associated with VoIP calls but it could impact recorded calls or digital voice mail storage, both of which are a part of most VoIP systems. In the same way, if an interactive voice system is used in navigating to protected information, then its use must be both monitored and documented.

Conversely, the US Federal Deposit Insurance Corporation (FDIC) now publishes specific guidelines for VoIP which seeks to protect any customer data which travels in IP voice-networks under the Graham Leach Billey regulations. The risks that are associated with the use of VoIP must be evaluated along with other periodic business risk assessments according to this advice. Any weaknesses must be corrected as soon as they are identified and another nine recommendations are listed for organisations to comply with.

One example of a real threat to security is described by a VoIP industry insider as follows. A client who suspected that eavesdropping was taking place decided to plant falsified information within VoIP calls to observe whether it was later referred to by the parties he suspected were listening. It transpired that the VoIP calls had been tapped by a third party which had access to the corporate network. There is another example often cited where the video communications of a CEO were illicitly accessed.

Voice termination – the future

Some business leaders try to educate themselves in order to keep in step with the regulations but this is notoriously difficult to do. Many others overlook VoIP completely, considering it to be ‘just’ an invulnerable phone system. As regulations become more complex, businesses will be forced to address their VoIP compliance head-on, possibly by investing in internal structures to monitor and implement them or by paying for the services of a third party expert.

The tasks can quickly become overwhelming for an average sized IT department, who as well as complying with the regulators’ demands and producing compliance reports every quarter, may also have security verification demanded as part of other contracts. Businesses that routinely record their VoIP calls will need to consider the regulations in terms of storing them, in the event that conversations should be illicitly accessed.

It is a good idea to respond to details of published attacks by comparing the systems involved with your own in order to scrutinise defences. Could you have stopped a similar attack occurring? If the answer is no, it will be necessary to take further action. However, the opportunity to learn from others’ misfortunes is limited because there is no incentive for companies to disclose if they have suffered a breach.

Here at IDT we are a businesses that can take advantage of the services of consultants and other specialists and have a proven track record in deploying VoIP solutions.

Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Tags

Meet our wholesale voice routing

Fulfill all your voice calling needs with our category leading wholesale A-Z Voice Termination.
Try IDT Express for a $25 Credit

Get $25 Free Trial Credit

Get IDT Express articles in your inbox

The best source of information in the telecom industry. Join us.

    Most Popular

    toll-free-forwarding-illustration
    |
    |  7 min
    Introduction to Toll-Free Forwarding In today’s fast-paced business landscape where...
    caller-id-thumbnail
    |
    |  7 min
    Introduction to Caller ID Reputation Caller ID reputation is a...
    sms-data-privacy-under-gdpr
    |
    |  6 min
    The European Union’s General Data Protection Regulation (GDPR) has permanently...