How does Telnyx help detect fraud?

Currently, Telnyx detects fraud by using a statistical model to detect outliers in the minutes of use data within a certain time frame.

To do this, we aggregate the minutes of use (MoU) for each account during a specified period of time. Then, we calculate the standard deviation of each data point and compare that to the mean MoU for each account. If the MoU is more than a certain number of standard deviations away from the mean, an alert is logged in our cache and a support representative will respond accordingly.

We apply similar models for our other services as well and are constantly looking to iterate and enhance the models so our customers know we're always looking out for them!

How does Telnyx help prevent/minimize fraud?

To prevent fraud, we suggest starting with the basics so you can ensure a number of measures to protect your account.

  1. Secure your account passwords.

  2. Review access logs on a regular basis.

  3. Restrict web access to your PBX/VoIP system.

On the Telnyx Mission Control Portal, we take one step further and provide you with the ability to apply channel limit settings on your connections and outbound profiles settings.

Connections

Inbound Settings:


Expert Settings

Using an extra layer of authentication will make it more difficult for hackers to take over your traffic.

You can use a Tech Prefix on your connection in order to segment traffic if you use the same IP address for multiple clients.

Using multiple outbound profiles for each connection can allow you to have more granular control for the subsequent outbound profile settings.

Outbound Settings:

Outbound Profiles


Not only do we have channel limits but we have further settings on the outbound profile. Depending on the service plan you use, you'll see a max daily spend limit, a max destination rate limit and the ability to blacklist certain countries along with setting how many concurrent calls can be active at any time.


And for international service plans, you'll see the ability to allow or disallow regions or certain countries within those regions.


Best Practice that helps to secure your Telnyx Account.

  • Update password

    Updating your Telnyx account password every 30,60 or 90 days helps you secure your account in case of any password leaks. This practice is also important as it restricts access to Telnyx portal for former employees. The employees within a company are not static, but always fluctuating. Some employees will leave the company, and new ones will take their place. Forcing password changes can ensure that former employees can no longer still access company systems.

  • Rotate API Keys

    Rotating your API keys means, deleting the old keys and generating new keys if you are extensively using our endpoints. This is more of an issue where one API key may be shared by multiple applications or teams. Just like password change, policy organizations should also implement API key update policy where the old (existing) API key should be purged and a new key should be generated as it's free of cost.

  • Update SIP Connections credentials

    The connection credentials should be updated similarly to periodic portal password updates. This could be a tedious task in case of updating passwords for many credential-based connections, however, this can be automated by updating the connection settings via API requests.

  • Set 2FA Authentication

    2FA is essential to web security because it immediately neutralizes the risks associated with compromised passwords. If a password is hacked, guessed, or even phished, that’s no longer enough to give an intruder access: without approval at the second factor, a password alone is useless.

    2FA also does something that’s key to maintaining a strong security posture: it actively involves users in the process of remaining secure and creates an environment where users are knowledgeable participants in their own digital safety.

    2FA can be enabled on your account here

How do I report abuse for Telnyx numbers?

You can report abuse to us here.



What about robocalls, spoofing and STIR/SHAKEN?

https://telnyx.com/resources/what-is-spoofing-and-why-does-it-matter

https://telnyx.com/resources/solving-the-robocalling-problem-part-i-why-we-need-stir-shaken

https://telnyx.com/resources/solving-the-robocalling-problem-part-ii-phone-network-limitations

https://telnyx.com/resources/solving-the-robocalling-problem-part-iii-the-roadmap-to-stir-shaken

What else is Telnyx doing? 

Our resource center covers more detail about latest trends and topics.

Here is some further recommended reading below:

https://telnyx.com/resources/how-telnyx-shuts-down-call-fraud-phone-scams

https://telnyx.com/resources/how-to-improve-fraud-protection-in-the-mission-control-portal

https://telnyx.com/resources/telnyx-client-services



Did this answer your question?