A2Billing, blind transfer and fraud

If you use A2Billing and allocate SIP account details to your customers you want to ensure that they are not able to do blind transfers.

The way a2billing works is that when a SIP customer makes a call the a2billing.php script is run, and the billing process started. Once the call is complete the a2billing script generates the A2Billing call record. It does not rely on the Asterisk CDR records at all.

However, if the SIP customer does a call transfer (blind transfer / SIP REFER message) while the call is in progress then it’s possible for them to make a call to a more expensive destination, which a2billing does not ‘see’. This way you can end up with very short calls to inexpensive destinations in your A2Billing CDRs, but very long expensive calls in your calls providers CDRs!

Worse is the fact that if FreePBX is also installed on the same machine it sets the default transfer context (TRANSFER_CONTEXT) to from-internal-xfer, which allows the call to happen.

The only solution I’m aware of at the moment is to add -

to /etc/asterisk/sip_custom.conf. Setting “allowtransfer=no” on the individual customer SIP account does not appear to work, at least not with Asterisk 1.8.4.

If in doubt please test and ensure that your A2Billing customers cannot do blind transfers.

Last updated by matt.

1. Part 6 – Create a customer in a2billing on Elastix
2. Using A2Billing to account for extension calls in Elastix
3. A2Billing troubleshooting – Ratecard Simulator