I'm posting this to the forum both to get a feature request going as well as crowd source some ideas.
We recently had an unknown person join a recurring RingCentral Meeting and use the "invite by phone" feature to make some very expensive international calls. The RingCentrals Fraud department was awesome in catching it, turning off international calling for the meeting organizers account and alerting us via email (Go RC!). But now we're trying to figure out how to prevent this in the future. Our obvious first step was to remove international calling (which we had on by default) to at least stop international charges, but that doesn't stop domestic US calls.
I think this situation revealed a pretty genius way to exploit RC Meetings. The base URL is the same—all you have to do is increment through meeting numbers until you find a valid one and BAM free international or long distance calling all on someone else's dime!
The current meeting features of turning off "join before host" or "add password" would stop this, but also add some complexity that our internal users or external clients may find frustrating. For example we've often had a meeting scheduled a couple weeks out and the meeting organizer get sick or something. A substitute host will try to start the meeting only to be confronted with "waiting for host to start meeting" message and then have to quickly find a way to get a new meeting invite out to the participants list. After this happened with several client facing meetings our IT department recommended ALL meetings have "join before host" enabled. Likewise, I'm nervous that adding a password to all meetings will generate as much confusion and late meeting starts when someone has a meeting link, but not the password. Then there is trying to enforce this across our 800+ user base... Yep.
The best idea we have so far is to request a feature to turn off the "invite" button within the meeting interface for participants and make it only available to hosts as well as the ability to set it globally and make exceptions for some users. This would stop bad actors from racking up international charges on our account and keep joining the meetings simple. Anyone else have a better idea?