(July 2019)
Long distance telephone charges can be very expensive. Some hackers have found ways to infiltrate business and government phone systems and use them to make personal calls. The hacker gets a free call and the unsuspecting business or government entity is required to pay the telephone service provider.
This analysis is of the 08 13 edition. The only differences from the 10 10 edition are capitalizations.
This endorsement can be added to the Insurance Services Office (ISO) Commercial or Government Crime Coverage Forms or policies. It is available for any commercial entity, other than financial institutions.
The endorsement schedule has a space to enter the number of days to change a system password.
This is an endorsement to the ISO Commercial Crime or Government Crime Coverage Forms and Policies and is subject to their conditions, definitions, and exclusions. The only changes are those within this endorsement.
Long distance charges incurred because of fraudulent access to the named insured’s phone system are covered. The access must be obtained through using an account code or system password. The code or password must have been gained fraudulently or through a fraudulent manipulation.
This coverage is available only if there are protective measures on the phone system. Those measures must include a disconnect feature that ends access after three unsuccessful account code attempts and a system password that is changed regularly. An entry made on the endorsement schedule states the maximum number of days permitted between password changes.
|
Example: Murphy & Sons’ sales representatives call into its telephone system to check messages and to send messages to potential clients. A recent audit of Murphy’s telephone records indicated a 25% increase in long distance charges. This suggested that a hacker had infiltrated the system and made calls. Murphy’s claim for those calls is denied because it had never changed its system password. |
This condition is added to E. Conditions in the Coverage Form or Policy.
There is a 30-day time limitation that starts when the first fraudulent call is made. This limitation applies to all lines controlled by the same voice computer system through which the first fraudulent call came.
|
Example: Phoenix, LLC has four offices. The central billing office notices multiple unusual call activity charged to each office. The first such call occurred at office #1 on 4/1/2019, the first office #2 call wasn’t’ until 4/10/2019, Office #3’s first call wasn’t until 4/15/2019 and Office #4’s wasn’t until 4/20/19. Scenario 1: Each office has its own phone system with its own controls and passwords. Because the phone systems are separate with their own controls each office loss is a separate loss which results in each office having its own limit and its own 30-day limitation time period. Scenario 2: Each office is connected through a single phone
system with calls routed to each office through the PBX. Because of the
single PBX location, only one loss occurred and the time limitation covered
toll charges started on 4/1/2019 and ends on 4/30/2019. |
The following five definitions are added to F. Definitions in the Coverage Form or Policy:
1. Account code
An acceptable account code must be all of the following:
The reason a person uses the account code to gain access to the voice computer system is so that he or she make phone calls, use the mailbox to send messages, and similar activities.
2. System administration
Performing security functions. Examples of this are defining who is authorized to access the system; activities related to account codes or passwords; telephone call routing options, including adding or deleting lines; and other manufacturer installed options that can be activated by the system purchaser for the purchaser’s use.
3. System maintenance
The normal activities the manufacturer or vendor of a voice computer system performs. Such activities are hardware and software diagnostics and corrections and related actions.
4. System password
Similar to an account code except that it is used to access the voice computer system and perform system administration or system maintenance.
5. Voice computer system
A computer system that directs or routes telephone calls in a network of voice communications. It must be in a single location and provide various types of automated capabilities.