Passing themselves off as hackers, executives from Mer Communication Systems (see "Phone-Fraud Detector," [Article link]) took to Manhattan streets to "research" the techniques of toll-call thieves. Among their findings: most hackers aren't professionals but students dabbling in the scheme for fun and pocket money. Here are some precautions to take:

1. Remind traveling employees with authorization-system codes of the importance of keeping those codes secret, and change the codes frequently. Use the maximum number of digits to frustrate hackers' automatic code-generating devices.

2. Deactivate remote maintenance ports (RMATs), connections that allow service personnel to monitor and fix your system without a trip to the office. Thieves can gain access through an RMAT.

3. Unless you're a multinational concern, block access to overseas calling. At least lock out the most popular fraud destinations: the Caribbean, Egypt, Pakistan, India, the former Soviet Union, El Salvador, China, Colombia, Mexico, and Ghana.

4. Make sure your voice- mail system is a closed loop and doesn't allow manipulation to get an outside dial tone. Some 40% of toll fraud is accomplished through vulnerable voice-mail systems.

5. Assign a separate access code to each employee. That will make it easier to pinpoint a break-in and change the one penetrated code.

6. Shut down "900," fee-per-minute, lines and "700," conference-call, systems.

7. Limit miscreants' attempts to gain access to your phone system. PBX software can automatically terminate an incoming call after the third time it's attempted or route it to your switchboard.

8. Deactivate remote-access features after hours and on weekends (unless such action would adversely affect operations). Employees who need continued access can be issued telephone credit cards, for which toll-fraud liability is limited to $50 per card.

9. Consider insurance that indemnifies losses caused by hackers. It's expensive, but it could save your business.

* * *