Quick Answer: Toll fraud costs UK businesses £38.95bn/year globally. VoIP-specific threats include SIP trunking hijack (unauthorized international calling), credential theft (weak passwords), brute-force attacks on SIP ports, and toll bypass. Resellers can monetise security through: (1) authentication hardening (MFA, IP whitelisting), (2) SBC security features (DDoS protection, rate limiting), (3) call pattern monitoring (anomaly detection), and (4) compliance add-ons (call recording for fraud audit). Security add-ons command 40-60% margins and improve customer retention (security-aware customers stick longer).
Threat and Control Mapping: Security Risks and Mitigation Strategies
This table maps VoIP security threats to controls. Identify which controls your customers currently lack and position security packages accordingly.
| Threat Type | Attack Vector | Business Impact | Control / Mitigation | Reseller Implementation Cost | Reseller Margin Opportunity | Customer ROI |
|---|---|---|---|---|---|---|
| SIP Trunking Hijack / Toll Fraud | Attacker gains access to SIP trunk credentials (via credential theft, weak password, exposed API key). Dials expensive premium numbers, international calls. Fraudster shares or resells trunk capacity. | £5,000-£50,000+ bill for unauthorized calls in days. Reputation damage if customer’s number used for spamming. Service blacklist by carrier. | SIP credential management: strong passwords (20+ characters, rotation every 90 days). Rate limiting (max calls per hour per user). IP whitelisting (only allow known office IPs + approved VPN). SIP ALG inspection (detect anomalous call patterns). | £200-£500 implementation (configuration). £50-£100/month SaaS SIP firewall service. | £50-£150/month per customer. Margin: 60-70% if bundled with service. | Prevent fraud loss: £50k+. Cost of security: £600-£1,800/year. ROI: 27x-83x first year. |
| Credential Theft (Password Compromise) | Attacker obtains user credentials via phishing, credential stuffing (using breached password database), keylogger, or social engineering. Logs into VoIP user account and makes calls. | £500-£5,000 fraud calls before detected (hours to days). Reputational damage. Data exfiltration (call logs reveal business patterns). | Multi-factor authentication (MFA): require second factor (TOTP, SMS, hardware key) for login. Credential vault management. Password policy enforcement (no reuse, complexity). Login anomaly detection (alert on odd locations, times). | £500-£1,500 MFA implementation + user onboarding. £20-£50/month SaaS MFA service. | £5-£15/user/month for MFA add-on. Margin: 60% if bundled. | Prevent credential compromise losses: £5k-£50k+. Cost: £240-£600/year. ROI: 8x-200x depending on fraud risk. |
| Brute-Force SIP Attack (Port Scanning, Credential Guessing) | Attacker scans for open SIP ports (5060, 5061). Attempts to guess user credentials (admin/admin, user/password, etc.). Once access gained, makes unauthorized calls or collects user data. | Service disruption. Unauthorized calling charges. Data breach (call logs, voicemail, user directory exposed). | SBC firewall rules: disable SIP on public internet (use VPN or IP whitelist for remote users). Rate limiting on SIP (max login attempts per IP: 5 per minute, then block 30 minutes). Intrusion detection and prevention (IDS/IPS). Change default credentials on all devices. | £500-£2,000 SBC/firewall hardening. Ongoing monitoring: £100-£300/month. | £100-£300/month SBC security management service. Margin: 50-65%. | Prevent compromise and fraud: £10k-£100k+. Cost: £1,200-£3,600/year. ROI: 3x-80x. |
| DDoS on SIP Trunk / Call Flooding (SIP Invite Flood) | Attacker sends thousands of SIP INVITE requests to customer’s SBC or trunk, overwhelming resources. Valid calls fail due to resource exhaustion. | Call service unavailable for hours. Emergency calls fail (compliance violation). Business disruption. Reputation damage. | SBC rate limiting and call admission control (CAC). DDoS scrubbing (offload attack traffic). Geo-IP filtering (block calls from unexpected countries). Volumetric filtering (drop suspicious traffic patterns). | £1,000-£5,000 DDoS mitigation setup. £200-£500/month SaaS DDoS protection. | £200-£500/month DDoS protection add-on. Margin: 55-70%. | Prevent service outage: £20k-£200k business loss depending on use case (contact centre at high end). Cost: £2,400-£6,000/year. ROI: 3x-80x if attack likely. |
| Toll Bypass / Rogue Routing (PBX Manipulation) | Attacker gains access to PBX dial plan. Modifies routing rules or hotdesk to route calls through customer’s SIP trunk to premium-rate numbers (1-9xx, etc.). Attacker profits; customer pays. | £1,000-£10,000+ fraud. Customer’s bill used for attacker’s profit. Regulatory scrutiny if pattern continues. | PBX access controls: restrict who can modify dial plans (admin-only). Call monitoring and alerting (alert on unusual destinations). DID (Direct Inward Dial) rules review. Restrict outbound calling to non-approved countries. Disable premium number routing (block 0891, 0871, 09xx patterns if not business-critical). | £500-£1,500 dial plan audit and hardening. £50-£150/month call monitoring service. | £50-£150/month monitoring and compliance add-on. Margin: 60-70%. | Prevent fraud: £10k-£100k+. Cost: £600-£1,800/year. ROI: 5x-150x. |
| Toll Bypass / International Dialling Fraud | Compromised user or attacker account makes thousands of calls to high-cost international numbers (premium routing schemes). Attacker takes profit. Customer pays carrier charges. | £5,000-£100,000+ fraud calls before detected. Carrier blocks account. Reputation damage. | International calling policy: disable international calling by default unless business-critical. Whitelist approved countries. Rate limiting on per-user calling (max calls/minute per user). Real-time call monitoring with anomaly detection (alert if user makes 100+ international calls in 1 hour). Call recording for audit trail. | £1,000-£3,000 policy setup and monitoring infrastructure. £100-£300/month call monitoring SaaS. | £100-£300/month international calling control and monitoring. Margin: 60-70%. | Prevent fraud: £50k-£500k. Cost: £1,200-£3,600/year. ROI: 14x-400x depending on fraud risk. |
| Wiretapping / Call Interception (MITM, Encryption Absent) | Attacker intercepts unencrypted SIP and RTP traffic (packet sniffing on same network). Listens to calls or records conversations. Violates GDPR if customer data exposed. | Privacy breach. GDPR fines: up to £20m or 4% revenue. Reputational damage. Legal liability if confidential information exposed. | SIP TLS encryption (Transport Layer Security). RTP encryption (SRTP). Require HTTPS for all API access. Network segmentation: isolate voice VLANs. Enforce firewall policies preventing packet sniffing (disable promiscuous mode on switches). | £500-£2,000 TLS certificate and SIP TLS configuration. RTP encryption: included in most platforms. Ongoing: £0 (feature-driven, not SaaS cost). | £20-£50/month encryption add-on if positioned as premium security. Margin: 70% (high margin, low cost to reseller). | Prevent wiretapping and GDPR fines: £20m+ liability. Cost: £240-£600/year. ROI: infinite (prevents catastrophic risk). |
Security Control Pricing and Monetisation
Position security as premium add-ons or tiered packages. High-margin opportunities for resellers.
| Security Package Tier | Included Controls | Target Customer Type | Wholesale Cost to Reseller | Resale Price (Suggested) | Reseller Margin | Attach Rate (% of customers purchasing) | Annual Revenue Impact (100-customer base) |
|---|---|---|---|---|---|---|---|
| Foundation (Standard, No Add-On) | SIP credential password policy (12-character minimum). Basic rate limiting (50 calls per hour per user). Call logging. Annual credential rotation. | Compliant SME with risk awareness. Cost-conscious. | Included in VoIP service | Included (no add-on price) | N/A (baseline) | 100% (all customers get this) | Baseline VoIP MRR only. No security uplift. |
| Essential (Basic Security Add-On) | Strong credential policy (20-character, 90-day rotation). IP whitelisting (office network + VPN). SIP rate limiting (10 calls/min per user, anomaly detection). Call monitoring alerts (unusual patterns). Monthly security report. | SME concerned about fraud. Healthcare, finance vertical (regulatory awareness). | £20-£40/month per customer (via SBC/SIP firewall partner) | £50-£80/month per customer | 50-67% | 25-35% | Essential: 100 customers x 30% attach x £60/month x 12 = £21,600/year. Gross margin: £12,000-£15,000. |
| Professional (Fraud Prevention) | All Essential features. Multi-factor authentication (MFA) for users. International dialling controls (whitelist countries). Call pattern anomaly detection (ML-driven, detect fraud in hours). Real-time alerting. Quarterly security audit. PBX dial plan review. | Mid-market or fraud-conscious SME. Contact centre (high fraud risk). Retail with EPOS. Professional services. | £60-£100/month per customer (MFA SaaS + monitoring SaaS) | £150-£200/month per customer | 50-67% | 15-25% | Professional: 100 customers x 20% attach x £175/month x 12 = £42,000/year. Gross margin: £21,000-£28,000. |
| Advanced (Enterprise Security) | All Professional features. DDoS mitigation (SBC-integrated or SaaS). Encrypted SIP TLS and SRTP. Call recording with encryption. SIEM integration (logs sent to customer’s security centre). Dedicated security engineer (quarterly review, incident response). Compliance reporting (GDPR, HIPAA, PCI). | Enterprise or regulated industry. Healthcare, finance, legal. Multi-site organisations with high call volume. | £150-£300/month per customer (DDoS + encryption + monitoring + SAACs labour) | £400-£600/month per customer | 60-67% | 5-15% (high price; lower attach rate) | Advanced: 100 customers x 10% attach x £500/month x 12 = £60,000/year. Gross margin: £36,000-£40,000. |
Compliance Framework Mapping: Which Standards Apply to Your Customers?
Security positioning varies by industry. Use this table to identify which compliance frameworks matter to each customer segment.
| Industry / Customer Type | Applicable Compliance Framework | Key VoIP Security Requirement | Reseller Security Add-On Positioning | Price Elasticity (customer willingness to pay) |
|---|---|---|---|---|
| Healthcare (NHS, private clinics, dentists) | GDPR. Data Protection Act 2018. NHS Digital Standards. HIPAA (if US-connected). | Patient call recording encryption. Caller location GDPR-compliant. Call logs retention and deletion policy. Access controls (staff-only calling). | Call recording with encryption. Call log retention policy. MFA. Quarterly compliance audit. Margin: £100-£200/month. | High. Regulatory non-compliance fines = £10k-£20m. Security add-on cost is trivial relative to risk. 30-40% attach rate achievable. |
| Finance (Banks, wealth management, accountants) | GDPR. FCA (Financial Conduct Authority) Rules. PSD2 (Payment Services Directive). PCIDSS (if handling card data). | Call recording for compliance (retain 7 years). Secure credential management. SIP TLS encryption. Access controls. Call monitoring for suspicious activity (unusual outbound international calls = money laundering red flag). | Call recording with encryption and legal hold. SIP TLS encryption. Call monitoring and anomaly detection. Margin: £150-£250/month. | High. FCA fines for inadequate controls = £1m-£100m. Customers pay premium for compliance assurance. 40-50% attach rate achievable. |
| Legal (Law firms, in-house counsel) | GDPR. Legal Professional Privilege (LPP). Solicitors Regulation Authority (SRA) Standards. GDPR data retention rules. | Call recording encryption and access control (only authorised staff). Client confidentiality protection. Call log retention policy. SIP TLS encryption. Wiretap prevention (encrypted RTP). | Call recording with encryption and LPP protection. Secure access controls. Quarterly compliance check. Margin: £120-£200/month. | Very High. Legal liability for breached confidentiality = massive. Customers highly motivated to pay for security. 50-60% attach rate achievable. |
| Retail (Shops, restaurants, EPOS-connected) | GDPR. PCI-DSS (if handling card data via EPOS). Anti-fraud policy. | International dialling controls (prevent toll fraud via EPOS system compromise). Call monitoring for unusual activity. EPOS integration security. | International dialling whitelisting and control. Call monitoring and fraud alerts. Margin: £50-£100/month. | Medium. Fraud losses can be £5k-£50k. Security investment is ROI-positive. 20-30% attach rate achievable. |
| Contact Centre (BPO, customer service, inbound sales) | GDPR. PCI-DSS (if taking payments). Call recording compliance (bipartite consent laws vary by region). | Call recording with encryption. Customer data security (PII not exposed in logs). DDoS mitigation (contact centre depends on call delivery SLA). Fraud detection (identify internal fraud / call farming). | Call recording + encryption. DDoS mitigation. Anomaly detection for internal fraud. Margin: £200-£400/month (high-value customers). | High. Call flooding attacks = revenue loss (£1k-£100k per hour depending on contact centre size). Customers pay for uptime assurance. 40-50% attach rate. |
| SME / General Business (10-100 employees) | GDPR (basic). Anti-fraud awareness. No specific industry regulation. | Credential management. IP whitelisting. Call monitoring for fraud. Rate limiting on international calls. | Essential tier security: credentials + IP control + monitoring. Margin: £50-£80/month. Position as fraud prevention and cost control. | Medium. Fraud losses motivating (£5k-£50k potential). But cost-sensitive. 15-25% attach rate achievable with good ROI messaging. |
Frequently Asked Questions
How much VoIP fraud is actually happening in the UK?
Global toll fraud is £38.95bn/year. UK carriers report increasing fraud, but exact figures vary. CFCA estimates UK specific losses at £100m-£500m/year. High-risk sectors (finance, retail, contact centres) see 5-10% loss rate. Most fraud goes undetected. Detection lag is 2-7 days, by which time significant damage done.
Should I include basic security (passwords, rate limiting) for free or charge for it?
Include basic controls in the base service. Charge for premium controls (MFA, anomaly detection, DDoS, compliance reporting). Customers expect strong passwords and rate limiting as baseline. Upsell advanced controls as security add-ons with clear ROI (prevent £50k fraud losses for £1k/year investment).
Do I need SOC 2 certification to resell secure VoIP?
Not mandatory, but highly beneficial. SOC 2 Type II certification (conducted security audit, controls testing) proves to customers that you take security seriously. Cost: £3,000-£8,000 per audit. ROI: 5-10% price premium on security-sensitive customers (healthcare, finance). Recommend if your target market is compliance-heavy.
What’s the best way to position security without sounding scary?
Frame security as “risk management” or “cost control” rather than “threat prevention.” Example: “Our fraud monitoring service identifies suspicious calling patterns and prevents unauthorized international calls. Average customer saves £8,000/year in fraud prevention and cost control.” Focus on savings, not just threats.
Can I resell third-party security tools (e.g., SIP firewall, anomaly detection)?
Yes. Partner with security vendors (Ribbon SBCs, Acme Packet, cysec for anomaly detection). Resell their SaaS tools under your brand or as partner integrations. Margin: 50-70% on SaaS partner services. This is high-margin business with low operational burden.
Sources
NCSC Cyber Security Guidance for VoIP and Cloud Services
NIST Cybersecurity Framework and VoIP Security
ICO GDPR and Data Protection for VoIP Communications
Cisco VoIP Security Best Practices
Microsoft Teams Security and Compliance
Partner Playbook: Security Add-On Sales Cycle
| Phase | Action Item | Timeline | Owner | Deliverable |
|---|---|---|---|---|
| Assessment | Conduct security risk assessment with customer. Ask about fraud incidents, regulatory requirements, call value (contact centre = high-risk). | Week 1 of customer onboarding | Sales or implementation | Security risk assessment document. Recommended security tier. |
| Proposal | Propose security add-on based on risk tier. Show ROI comparison (fraud loss prevented vs. cost). Offer free 30-day trial if uncertain. | Week 2-3 | Sales | Security proposal with ROI analysis. Price quote. |
| Enablement | If customer accepts, configure security controls (MFA, IP whitelisting, monitoring). Train customer staff on security features and alerts. | Week 3-4 | Implementation / support | Configuration complete. Training materials delivered. |
| Monitoring | Provide weekly or monthly security reports (alerts triggered, suspicious patterns detected, recommendations). Use as upsell trigger for higher tier if threats detected. | Ongoing | Support / SOC team | Monthly security report. Alerts log. |
| Renewal / Upsell | At annual renewal, pitch higher security tier if customer has experienced fraud attempts or shows regulatory change. Highlight specific incidents prevented by current tier. | Annual | Account management | Renewal proposal with upsell option. |
Resell Hosted VoIP with BT Cloud Voice
Join The Network Union Reseller Programme. Earn commission on BT Cloud Voice, broadband and leased lines with full sales and provisioning support.
