With the use of Voice Over Internet Protocol (VoIP) by all reports rapidly expanding, several recent cases have exposed serious vulnerabilities with the service. However fraud is an everyday occurrence so I for one wouldnt base my decision solely on these events.

As per previous articles I have written and various on my About VoIP Information website, security vulnerabilities for VoIP do exist and have been and continue to be seriously examined and worked through by industry. However two recent cases act as a reminder that all holes have not been closed.

In Australia it has been reported that a very public VoIP provider Engin had its Customer Relationship Management (CRM) software cracked by a hacker who publicly exposed how to obtain details of other customers orders in a post on the broadband site Whirlpool. Engin reportedly resolved the problem the next morning before any advantage was gained.

Engin appeared very honest and forthright admitting the problem and fixes that would be put in place with blame attributed to a third party programming consultancy responsible for programming of the CRM. Despite credit card details apparently not recorded in the area that became accessible, it does highlight the ease at which confidential personal information can be accessed, not something that is usually considered a security problem related to VoIP.

In the very public case two arrests have been made in early June for breaking into a New York companies network and spoofing VoIP traffic to its service provider. Wholesale phone connections were then offered at discount rates in a pseudo-service provider manner with a resultant 100% profit margin for the fraudsters.

TMCnet Executive Editor Robert Lui reported that one security expert advised the problem could have been easily adverted. It is suggested that multiple security products are required for securing VoIP networks which to some degree is in line with the layered or defence in depth security principle ie more layers of security making it more difficult to get through.

Despite these two reported cases and significant discussion and reporting about a diverse range of security considerations and concerns, it must be remembered that fraud is part of everyday life and regardless of how many checks and balances are put in place, a determined criminal will eventually be successful. Such is the case with credit cards for example, passports and other identification documents. The message in my view to take away is review the service providers performance and virtually by the numbers game, assuming all advisable security precautions are adhered to, it would be unlucky to be a victim of hacking.