There are no exceptions to this rule, says Bill Bishop, director of retail operations at Alaska Communications Systems. “Even federal or state law enforcement officers cannot obtain information from our customer service representatives;
they must go through a formal process to request that information.”
Carriers have also taken steps to limit the availability of customer information to company employees. The only people who can access phone records are those who need the information to provide assistance or services to customers. “Passwords to get into those files are all protected within the company, and the people who have access to them have to be approved by different levels of management within those departments,” notes Ann Breen, vice president of customer services at Suncom Wireless. Passwords are changed regularly to provide another layer of protection
Court actions deter pretexters
Wireless carriers are actively pursuing pretexters through the court system as well. “We’ve brought seven lawsuits against more than 30 corporate and individual defendants,” says Tom Meiss, Associate General Counsel at Cingular. “We’ve already obtained permanent injunctions against almost every one of the defendants we’ve sued.”
“A pretexting issue came to our attention somewhere around February or March 2005,” explains Michael Holden, senior counsel at Verizon Wireless. A customer had alerted them that his call records, obtained without his consent, had been used in a court case. “We determined that the records were obtained through pretexting phone calls to customer service through a company called Source Resources. In July 2005, we filed suit against them.” Verizon Wireless succeeded in obtaining an injunction against Source Resources, and then went on to file similar suits against other data broker companies such as Global Information Group and First Source. (It most recently took action against the investigative firms involved in the HP case.)
Other national companies—including Sprint Nextel and T-Mobile—have also initiated civil lawsuits against companies involved in the practice. Because of the industry’s concerted efforts in pursuing legal action, many of these data brokers have been forced to close up shop.
Enhancing defenses through training
The court cases have yielded other benefits. As part of a court settlement, Sprint Nextel interviewed the principals of a company that engaged in pretexting and gained valuable information as to their methods. Using this information, the company made changes to its procedures, and it will continue to make systems
enhancements and changes to processes in the future. T-Mobile also altered some of its internal procedures as a result of consultations with former data brokers to better learn about how they operated.
