[asterisk-biz] ANI

Trixter aka Bret McDanel trixter at 0xdecafbad.com
Thu May 15 07:26:45 CDT 2008 

On Thu, 2008-05-15 at 12:36 +0300, Justin Case wrote:
> Good to know if I want to get back at an ex ;)
> 
> On Fri, May 9, 2008 at 6:18 PM, Miles Scruggs <asterisk at wideideas.com>
> wrote:
>         This belief is limited to your experience with PRIs.  When you
>         obtain
>         SIP termination services from ATT, Verizon, or Level 3.  They
>         have no
>         way of verifying what ANI/CID you are sending.  It doesn't
>         matter if
>         you are calling 800s or not, they bill it back to the CID that
>         you
>         pass (not to say that your carrier won't bill you as well
>         since they
>         see the calls go through their switches, but they more than
>         likely
>         won't see the reciprocal billing from the receiving LEC).
>          Want a
>         proof of concept?  Setup an account with a small terminating
>         provider
>         like Junction networks, send all your calls out with the ANI
>         of your
>         cell phone. Last step will be to recoil in horror next time
>         you open
>         your cell phone bill. I'm not saying they can't track you
>         down, or
>         trace abuse back to you, since everything is logged, but very
>         little
>         verification happens.
>         
>         If you are sending thousands of calls per day to a trunk that
>         is
>         outbound only, from thousands of different parties, you don't
>         have to
>         delve into to much logic to see the obvious result.



I do think it would be somewhat questionable to take the customer at
their word for which number to bill to, and certainly it would be toll
fraud (by tariff definition as well as statute, the most probable one
would be 18 USC 1029) to bill calls to someone without their prior
authorization (or the way the statute is worded if you had prior
authorization but they revoked it and forgot to tell you, tough luck its
a jail you are going, bad bad statutes that way, in the case of SIP it
could also violate 18 USC 1030 (the hacking statute but it applies to
"exceeding authorized access" which is defined as violating a TOS (AOL
case in or about 1999 - I think the caption was "In Re: America Online")
or in this case potentially billing to people without permission).

I still do question what you have said, only because I know that ANI/CID
can be sent (verified by calling numbers that distinguish and give a
considerable amount of info) and yet the itsp gets charged (in this case
I used numbers I did have control of), even using those carriers, if it
didnt there would be hundreds of thousands if not millions of dollars a
month in wrongful billing (aggregate across carriers that let you
specify) and someone somewhere would have screamed about this in the
past.  

I just see way too much chaos available, and surely someone sometime has
to have goofed and done this (or did it intentionally not realizing the
effect). They would have noticed after the fact, which would have caused
problems, and ultimately news stories about some fraudster doing this to
call nigeria and what not.

If the billing data is sent to Amdocs it may be they are the ones that
are screwing it up (amdocs generates most of the phone bills for at
least the US, so they know who you called, how long you talked, when,
etc - foreign company too).  Amdocs like other companies that process
bills (you think mastercard or your bank really prepares the bill that
gets mailed to you?  think again - and these companies have
"accidentally" lost many many records in the past, one got caught data
mining in violation of their contract) get data in aggregate from the
people that pay them to sift through your records, er I mean print the
bill and stuff envelopes.  If they merged everything into one large
database using ANI as the unique reference that could cause what you
described.


Additionally, reciprocal compensation from the receiving LEC would only
be available if by "receiving LEC" you mean the telco where the call
terminates, and if its an intralata call.  interlata and interstate have
to go through an IXC (at least somewhere, its an FCC rule for certified
carriers) and the IXC is who bills and pays and not the receiving LEC.
The exception is a tollfree and then its usually the IXC although you
can route it LEc->LEC in the same lata (and generally get a cheaper rate
that way, hey there are only 209 latas its not that many contracts when
you consider how large some of the bigger ones are, you do have to have
a number in each of the 209 latas though).  

Even if you were to do that for your "high traffic" areas, to get the
cost lower for those (eg NYC, LA, Chi) by adding in routes via your
resporg (who may be a 3rd party to everything else) a call center could
see a reduction in the cost of their phone service.  

As far as I know this is perfectly legal and valid to do so long as the
carriers involved are aware that this is what you are doing.  Someone at
one point suggested doing this by using a 3rd party resporg and not
informing everyone this is what was happening basically to trick
carriers and hope they never bill you.  They said something about $50/mo
unlimited flat rate tollfree once upon a time.  That would be illegal,
it would also be illegal to take advantage of some provider who at least
at one time didnt track tollfrees so if you used a 3rd party resporg to
route to a DID off this carrier, often referred to as 2 letters (I wont
say who), then its a free tollfree.  Yeah its their fault for having a
stupid billing system, just like its someones fault for leaving the keys
in their car at the quikimart, but its your fault for abusing it.  
> 
-- 
Trixter http://www.0xdecafbad.com     Bret McDanel
Belfast +44 28 9099 6461        US +1 516 687 5200
http://www.trxtel.com the phone company that pays you!

More information about the asterisk-biz mailing list