360 VISION
03
2020
MESSAGING FRAUD THE SECRETS OF FIGHTING THE HIDDEN BEAST
w w w.h o t te l e c o m .c o m
S p o n s o r e d b y : O r a n ge I nte r na t i o na l C a r r i e r s
table of Content Messaging Fraud the next gold mine?
1
Not all messaging frauds are made equal
5
fighting the messaging fraud beast
11
fighting messaging fraud with Intelligence, partnership, people
17
about HOT TELECOM about Orange International Carriers
21
Leading the telecom transformation with Strategy & transformation Marketing & creative thinking Market insights C-Level workshops Thought provoking events
HOT TELECOM
Daring to dance to a different beat
MESSAGING FRAUD the NEXT GOLD MINE? Messaging to mobile customers was once the steady but left behind side of the business. It was something that all mobile operators offered, but was so steady in its demand that many operators didn’t even bother to measure and settle messages between each other, especially internationally. It was simply assumed that customers would generally originate as many messages as they would receive and so a “sender keeps all” approach to revenue simplified the commercial processes that would otherwise have to be established. Move on several generations and the world is completely different. For example, basic forms of communication have gradually lost their status as trustworthy and safe interactions.
1
36 0 ° V I SI O N
w w w. who l es al es o lu ti o ns .o r an ge.c o m
E-mail was perhaps the first to do so, as the free nature of e-mail delivery meant that every shady character could inundate the world with fake and sometimes dangerous messages. Voice calls were trustworthy because you knew who was calling and the cost benefit behind sending spam calls meant that they were far fewer in nature. On top of that, regulators in most countries set-up various laws and regulations to limit calling from unwelcome parties. Unfortunately, that has fallen into disrepair and now consumers are probably receiving more calls from fake originations than they do from their friends and business contacts. However, messaging has stood outside that morass and, in fact, has grown in status as the realization that the secure path to a known individual, provided by text messages, was a way to secure other transactions.
benefit from this growing business. There are two distinctive types of attacks: commercial and security frauds. RULE #1: NEVER LOSE MONEY RULE #2: DON’T FORGET RULE #1 The business opportunities behind the desire for enterprises to directly interact securely with their customers have been growing rapidly, to the extent that this relatively new business of Application to Person (A2P) messaging was, according to Mobilesquared, worth more than $17 billion in 2018, with growth expected to reach almost $27 billion in the next 3 years. Almost every online relationship with an enterprise now requests a mobile phone and permission to send messages associated with the account.
‘A2P messaging to generate $27 billion in 2021’
For example, now text messages are used more than ever before to provide confirmations of banking transactions, password reset and login attempts and to give enterprises, large and small, a way to securely interact with their customers.
This broad new category of messaging from applications to people rather than from people to people has added tremendous growth and brought much needed revenue to mobile operators. Unfortunately, as with many communication technologies, messaging is increasingly under attack from fraudsters wanting to
When there are large sums of money being paid for reliable messaging delivery, there is always a growing appetite from the companies involved to find a way to increase their profits from it, with for example, aggregators looking for routes at the lowest possible prices to deliver traffic. Additionally, as the nature of messaging evolves, a growing number of actors (brands, aggregators, hubs) are involved in the A2P chain before messages reach subscribers, which increases the risk of commercial bypass at one point in the path. This increased commercial fraud, and the lower quality termination generated by bypass, brings maybe the largest risk of all: poor customer satisfaction. With mobile
ME S S AGIN G FR AUD
2
w w w.hot tel e c o m.c o m
customers being able to benefit from a growing number of OTT messaging options, including apps developed by the enterprises themselves, and with A2P customers being highly sensitive to quality, the advent of messaging fraud and bypass could have a significant impact on customer experiences. The direct result for mobile operators is obviously loss of customer and loss of significant revenue. SECURITY IS BETTER WHEN IT’S BUILT IN, NOT BOLTED ON Although the diversion of money from legal white routes towards grey routes and SIM farms is a serious commercial issue for operators, the loss of trust in the basic mechanism that secures text messaging would be a crippling blow. With A2P messaging driving so many secure transactions, including on-line banking and stock trading, the focus of cyber criminals around the world has migrated to gaining access to, or controlling the receipt of those messages.
information, but medical details and perhaps information used to blackmail public figures is all potentially available. Not a great result, when A2P messaging has been a bright spot for several years and when mobile operators are struggling to generate new revenue. DON’T ASSUME THE MARKET IS CAPTIVE The global technology companies, Google in particular, are increasingly pushing forward with alternatives to SMS messaging that might provide an avenue for many of these security related A2P messages. They recently announced efforts to launch an RCS capability in their App that integrates messaging with the phone book and multimedia capabilities which is happening without the involvement of the operators themselves. A major security issue surrounding SMS could result in significant migration to alternative approaches such as this one.
For example, by manipulating elements of the messages themselves, fraudsters can deceive consumers into downloading malware or giving up secret details of their financial accounts, with a risk of losing thousands of dollars if those accounts are emptied by the fraudsters as a consequence.
So, it is clear that messaging fraud prevention is a key task for any mobile operator wanting to protect and grow its current revenue, while mitigating security risks and optimizing customer satisfaction. However, fighting messaging fraud is not as simple as it sounds.
Diversion of messages away from the true owner of the number, while more complex to carry out, brings even greater danger to the ecosystem. We are all used to an instant text message if a password on our e-mail, or other application is changed. If the message actually is routed to another phone altogether, then all the mechanisms used to secure our online lives can be voided. Not only banking
AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE
3
36 0 ° V I SI O N
The next article in this series will dig deeper into the types of fraud that are currently being attempted, but we will close this one with a broad overview of the challenges surrounding messaging fraud prevention and why it is so difficult to prevent messaging fraud.
w w w. who l es al es o lu ti o ns .o r an ge.c o m
Four main challenges can be identified: 1. History: many early relationships for P2P messaging were sender keeps all 2. Complexity: the ecosystem is particularly complex and the operators are struggling with the fraud at the end of the chain 3. Revenue opportunity: the commercial payments for A2P termination are significant and hence attractive for companies looking to improve their margins 4. Value of transactions: A2P messages are often used to confirm security and financial transactions. Accessing those systems can be highly lucrative to the fraudsters The history of messaging, as we mentioned earlier, was one of trust between mobile operators that things would balance out over time and hence less effort was needed to validate all transactions. This is still an issue in many areas and so moving towards commercially underpinned interconnects and carefully controlling which messages will be accepted into their network is important to maximizing incoming revenue. Although not dropping incoming P2P messaging is an equally important criteria.
As with much of the global telecoms industry, this is a complex ecosystem with many players from the brands through to the final customer. Some of those players are long established and trustworthy, others may be much newer in the game, and with less of a record of reliable transactions, perhaps. Mobile operators are at the end of the A2P chain and so have little control over how the message is routed from source until it hits their network. So having real-time systems and processes in place to monitor the way the messages finally reach them is critical. And, finally, some of the best minds in the business are focused on making money from this ecosystem in whatever ways they can. One thing the fraud industry is not short of is funds to pay for the latest and greatest attacks on the global infrastructure and so operators need to be partnering with companies with the best automated fraud defence solutions that they can find. Leading technologies in this area revolve around firewalling incoming messages and using deep analysis and artificial intelligence solutions to try to accurately determine if the message is valid and safe and try to some extent to stop the fraud before it happens.
ME S S AGIN G FR AUD
4
Not all messaging frauds are maDe equal As we saw in the first article of this series entitled ‘Messaging fraud – The next gold mine’, although person to person messaging (P2P) has perhaps passed its peak, application to person messages (A2P) have been growing rapidly, such that this segment of the market is forecast to generate US$27 billion over the next three years – a significant sum. With money like that on the table, the interest in taking an increased share of the A2P pie, by any means possible, has unfortunately risen in parallel. E-mail was perhaps the first to do so, as the free nature of e-mail delivery meant that every shady character could inundate the world with fake and sometimes dangerous messages.
5
36 0 ° V I SI O N
w w w. who l es al es o lu ti o ns .o r an ge.c o m
The messaging ecosystem is a complex one, with multiple stakeholders playing their role in getting the message from the systems of the enterprise or brand through the telecom infrastructure to be securely delivered to the required consumer wherever they are in the world. Sadly, each of the entities in the messaging value chain is susceptible to fraud, with some of them, unfortunately, also playing an active part in encouraging or profiting from those frauds. This series of articles is focused primarily on how mobile operators serving the end consumer can minimize fraud and so we will examine these different frauds from their perspective. Overall, we can segregate messaging frauds in three categories, based on who is impacted:
• enterprises or brands originating the messages • consumers as the recipients of the message • entities in the network - the aggregators and mobile operator(s) responsible for securely delivering the message to the appropriate device CONSUMER AND BRAND ATTACKS To some extent, both consumers and enterprises suffer, albeit in different ways, from the same types of frauds, which are those that try to entice the consumer to take actions that are not advisable or appropriate. The key frauds in this area are variants of messages that are unwanted or which pretend to represent a company that they are not. These include Spam messages, Phishing and Malware.
ME S S AGIN G FR AUD
6
w w w.hot tel e c o m.c o m
Spam: Spam messages are annoying to consumers and reduce customer satisfaction, but are typically harmless. They are usually advertising or brand building and are difficult to control for operators because it is not clear whether the consumer has opted in to receiving such messages. In most countries where there is an opt-in requirement, this is often implemented in the small print during another transaction and the status of the opt-in response is stored with the company involved. As a result, Spam is best controlled via artificial intelligence driven analysis programs (as with email spam) and some crowd-sourcing of problematic messages to help in their detection. The impact for Brands in general is that the more Spam messaging that exists, the less the chance that valid messages will be checked and acted upon - it therefore reduces the effectiveness of the channel. Phishing: The next layer deeper is where the origination details of the message are modified such that the message purports to come from an organization that it does not actually represent. Some practitioners use Alpha character origination details - ie Orange - when the message is actually from a competitor perhaps, looking to find out if the consumer has an account that is up for renewal. More serious problems occur when the message appears to come from the local Tax department and are looking to either trick the consumer into making a payment against their (non-existent) tax default, or to visit a website aimed at obtaining personal details and log-in credentials that will be used for identity theft.
7
36 0 ° V I SI O N
This latter area is sometimes known as SMS Phishing or SMiShing. Most valid SMS originating companies can check for mismatches between the sender and the claimed name, but, of course, there are companies willing to turn a blind eye to transgressions in the race for revenue. Tracking such activities relies again on AI techniques together with crowd sourced databases of spoof originations. Of course, educating consumers to watch out for such frauds is also a key part of the solution. Here again, the risk is decrease in customer satisfaction compounded with a financial and/or identity risk. Malware: SMS Malware takes these techniques to a more critical level again. Here the techniques are used to persuade a consumer to click a link in the message which automatically downloads and installs malware on the device which can access the internal databases of the phone to find PIN codes, access the contact list to act as a generator of additional Spam messages, or even send messages or make calls to premium rate services to generate cash via that mechanism. Even with this enhanced risk, the solutions to tackle this type of frauds are similar to the cases discussed above: AI techniques looking at pattern or URL detection plus, of course, making sure that operating systems are fully patched and up to date with the latest security releases. As we can see, in this area of consumer security, while the terminating mobile operator has no hand in controlling the origination of these messages, having an effective firewall around their Short Message Service Center (SMSC), which is equipped with the latest iterations of AI driven detection methods, is
w w w. who l es al es o lu ti o ns .o r an ge.c o m
the best way to stop these messages from ever reaching their customers. As always, there is a fine balance between blocking legitimate messages and letting through a dubious false message. Hence partnering with leaders in the space is preferable to a Do-It-Yourself approach, or, even worse, just allowing all incoming messages to be delivered. OPERATOR REVENUE ATTACKS The other side of an effective approach to fraud is to protect the revenue of the mobile operator against various attacks aimed at bypassing the normal settlement processes. As we saw in the first article, P2P messaging was generally believed to be reasonably balanced in terms of interactions between mobile operators. A message was sent by one consumer to another on a different network and often times, the recipient would reply. As a result, either settlement of the balance would occur, or a sender keeps all approach was preferred (simplifying the complexity of tracking message transactions and settlement payments). The rapid rise of A2P messaging totally changed this dynamic, as now the majority of messages are from a company, via an aggregator to a consumer and there is rarely a need to reply to the message. Most mobile operators hence become the terminators of such messages and reasonably expect payment for that service. The rapid rise of these messages coupled with the high cost of termination resulted in many attempts by aggregators and other originators to increase their margins by reducing their costs. Competition between aggregators for the business of large global
brands similarly drove the need to offer the lowest price termination available and if one less than honest aggregator is offering a certain price in the market place, there is an obvious incentive on others to somehow match the price structure. The end result - many attempted ways to avoid paying for the full regulated interconnect pricing. These efforts include the use of grey routes, global title faking and SIM farms. Grey Routes Many routes into the SMSC were opened in the days of P2P messaging and relics of the sender keeps all settlement process remain today. Thus, in some instances agreements between mobile operators have yet to be signed to define how messaging will be handled. For low volume routes, this does not cause serious issues for the operators themselves, but when these routes are used by others to send A2P messaging then this opens the door to fraud. Simply closing those routes is not an option, as this would block valid P2P messages between operators. However, if these routes are used by others by changing the originating number so that it appears to be valid, or by changing the signaling addresses, then operators should attempt to block or refuse to deliver the resultant messages. The technical ways these routes are used will be described later, but in general, trying to move all the old Sender Keeps All arrangements towards commercial settlement approaches is a key step for mobile operators to tackle this loophole. Global Title Faking The Global Title is an International SS7 signaling identity normally issued by Regulators to define the identity of a company able to send messages via the global signaling
ME S S AGIN G FR AUD
8
w w w.hot tel e c o m.c o m
networks. Firewalls encircling an SMSC can be set up to accept incoming messages from entities with valid Global Titles and block others. However, if an unscrupulous operator is willing to modify the content of its signaling messages and utilize the Global Title of another operator or aggregator, then firewalls can be fooled and messages terminated without payment by the company originating them. Such approaches then result in disputes between valid partners or lower pricing in the marketplace offered by companies perhaps blending in lower cost (or free) termination, which then incentivizes other aggregators to somehow follow suit. There are variants of this, where the message asking for the full location of a called customer (the SRI message) is sent from an accurate Global Title, but the message itself (the FSM request) is sent using the details of another company.
9
36 0 ° V I SI O N
The technical design of SMSCs did not necessarily require these two linked messages to be directly tied to each other and as charging is based on the delivery of a message, rather than on the request for routing information (SRI), this fraud often succeeds. Solutions to this partly reside in tightening up processes and procedures that trigger alarms when, for instance, a valid operator receives a response to the sending of a message (via the FSM message) when it did not, in fact, send such a message. This would allow responsible originators to realize that someone is likely making use of their Global Title. At the terminating end, having advanced firewalls that can recognize discrepancies between routing enquiries and the messages themselves, and identify changes in volumes and other origination details associated with valid Global Titles, would also help spot these frauds before they can develop further.
w w w. who l es al es o lu ti o ns .o r an ge.c o m
A broader ecosystem approach that identifies the ways that below market rates are offered would also highlight problematic players, although with such a complex set of commercial arrangements, this is rarely achieved. SIM Farms A SIM Farm is a bank of SIM cards used for the delivery of A2P messages (and indeed voice calls) using consumer retail SIM cards available in the country with rates that are below the international interconnect rate. Overseas aggregators can then route messages via these SIM Farms for delivery as if they were locally originated P2P messages and pay the “special offer” retail rates often available for new customers. Variants of this can also include incenting real consumers in the distant network to allow their own phone to be used in this way using an App which greatly increases the complexity of identifying such approaches. The messages themselves now will appear to be originating from a local number in the country (the number assigned to the SIM) and Alpha originators (ie Orange) are not available. For some applications this does not seem to matter, and perhaps, in some cases, the originating Enterprise is not aware of how the message actually appears to the called consumer. Also, because responses are rarely required to these messages, the inability of the consumer to reply correctly to the message is not a problem either. Again, detailed analysis of the content of messages appearing to come from local SIMs is a key way of controlling this type of fraud and also speaks to the requirement to firewall both the signaling routes into the SMSC from international sources as well as domestically. Purely assuming that issues with the lack of a
valid interconnect payment will only become apparent by controlling international signaling links is not a full solution. AI AT THE CENTER OF THE FIGHT This walk-through of the main frauds seen in A2P messaging perhaps highlights the ingenuity of companies to maximize their revenue and margin, which is almost always done at the expense of the terminating operator. The key solution that arises time and time again to tackle the different types of fraud messaging is for leading edge AI-based solutions to analyse signaling messages and message content to identify signs of a developing fraud. Firewalls can be equipped with thresholdbased alerts which are triggered when thresholds are passed, however operations staff in mobile networks around the globe are rarely equipped to properly set and continuously modify those thresholds to cope with changing circumstances. Only self-learning systems have the speed and “intelligence” to cope with the fastmoving approaches adopted by aggregators and originating companies fighting for their survival. Partnering with leading practitioners that keep on top of technological advancement in this field is crucial so that mobile operators fully receive the settlement payments for messages they are, in fact, terminating. The next article in this series will look at reallife use cases of mobile operators which are successfully tackling some of the frauds discussed here and how effective fraud management systems can significantly increase the revenue from this important, and growing, service opportunity.
ME S S AGIN G FR AUD
10
fighting the messaging fraud beast The previous article in this series entitled “Not all messaging frauds are made equal� outlined the many varied ways that attempts are made to bypass the legitimate routes for messaging delivery and how those can be used to deceive the consumer, hurt the brand, and financially damage the mobile networks involved. The mobile network that serves the end-customer is perhaps the only one that has a broad visibility of the fraud issues and has the most to lose financially in terms of lost revenue. But maybe more importantly, its reputation is on the line, with disappointed customers hit with spam or fraudulent messages.
11
36 0 ° V I SI O N
w w w. who l es al es o lu ti o ns .o r an ge.c o m
The revenue hit involved can be substantial and not to be underestimated. With Enterprises willing to pay an estimated US$17 Billion per annum for reliable delivery of A2P SMSs and with the average delivery price of such messages globally between US$0.03 to US$0.07, the amount of money a mobile operator with 10 million subscriber can lose from local SIM Boxes, for instance, could easily reach US$2 million per year. But fraud messaging can be fought successfully if you have the right tools. For example, a major MNO in Asia with over 20 million customers which implemented an SMS firewall in its network was able to reduce the amount of incoming SMS bypassing the legal interconnects from over 30% to around 13% within one year of implementation.
As such, it is a little like the joke about the best way to outrun a bear - be faster than your companions. THE NATURE OF THE BEAST As explained in our prior article, most fraud attempts around A2P messaging delivery revolve around SIM Boxes, local aggregator bypass and P2P route bypass. As a quick reminder, SIM Box fraud allows international A2P messages to be sent via local SIM cards as though they were originated in the country by local customers. MNOs offering “unlimited SMS” plans for personal customers and “SIM-only” offers are particularly at risk here. There will be fair usage policies attached to these plans, but often these are not monitored in real time and significant revenue can be lost in a relatively short time.
‘Operators easily lose US$2 million per year due to SIM Boxes’
As a result, it increased its global incoming volume of SMS by 67% over that period and its overall revenue generated from terminating incoming messages increased by US$1.2 million to US$3.8 million. So what steps can a mobile operator take to reduce this major issue? As we can see from the above, totally eliminating fraud is always the goal, but almost always it is a goal that is out of reach. Every time an improvement is made in detection, an attempt is made to try to bypass that change!
However, there is one key factor to bear in mind - people committing fraud are similar to the flow of water and they will always seek the easiest path. If there are networks with relatively few controls over fraudulent attempts compared to hardened destinations, the fraud attempts will focus on the easy target.
Coupled with this, the messages will technically be transformed to look like P2P messages from one customer to another and so the MNO is very wary of blocking messages that could, in fact, be legitimate customer sessions. From the point of view of the A2P brand, any originating numbers are lost and the message will appear to come from the telephone number assigned to the SIM in-country. Local aggregators can enable a similar type of fraud in the country if they have a legitimate low-cost deal to originate domestic A2P messages. The grey route fraud however appears if one of these enterprises decides to sell access to its route to other national or
ME S S AGIN G FR AUD
12
w w w.hot tel e c o m.c o m
international originators at their own “special” rate. Again, complex to spot because the messages from this source are already seen as legitimate by the mobile operator involved.
integrated into the operator’s network in a way that minimizes or avoids the re-engineering needed in other elements such as the HLR/ HSS and SMS gateways.
Finally, the P2P bypass occurs when, for historic reasons, an interconnect with a distant mobile operator was deemed to be low volume and/or balanced and so it was not worth establishing billing and settlement processes for the traffic. Over time, this route will be used to carry increasing amounts of A2P messages from other sources and the technical arrangements are such that the A-number can be freely set to a national number or even an alphanumeric brand.
Similarly, the implementation of the firewall should be invisible to the external systems terminating into the MNO network so that others cannot see that a firewall is now in place.
As can be seen, the complexities of these fraudulent paths are such that the simple statistical reports produced by network elements are rarely adequate for the task at hand and hardening a network must always start with controlling the entrance points and gateways.
And, finally, the technology must handle all the common legacy and modern protocols from SS7 to 4G/5G approaches. As you can see, even with this step, it is important to partner with experts in the field to minimize your exposure.
HOW TO TACKLE THE BEAST
With the firewall in place, the next step is to ensure that all relevant data is collected as close to real time as possible. Large quantities of data come, of course, from the firewall itself, but adding in the statistics from the other internal SMS traffic handling systems brings in added detail to the data captured.
Step #1: Build Firewalls - Encircling the camp Controlling the access to the SMS delivery elements in a network with a firewall sounds easy in practice, but implementing this efficiently and simply can be far from straightforward. This is because networks are highly interconnected with signaling coming from many international sources as well as multiple interconnects occurring with network elements and systems in the operator’s own network. A number of technical design considerations must be taken into account for a firewall to be successful. Firstly, the implementation of the core element of a fraud management system - the Technology System - must be
13
36 0 ° V I SI O N
To further minimize bypass, the technology must ensure that fraudsters cannot probe weaknesses in the network design to access other network elements and avoid filtering in that way.
Step #2: Data and Analytics – Adding the ammunition
Analysis of this wealth of information basically follows two distinct paths to detect fraud. 1. Categorizing the nature of the sender as identified by the addressing of the SMS The addressing details of messages are the first line of defense. Modern artificial intelligence (AI) systems use leading-edge statistical tools to maintain a “reputation” score against individual senders by looking at their history of messages sent.
w w w. who l es al es o lu ti o ns .o r an ge.c o m
This can include such calculations as the number and frequency of blocked messages, the transmit and receive volumes and ratios, the spread of recipients of the messages and finally patterns in the timing of messages to differentiate automatically generated messages from the ones where people have taken the time to create and send the message itself. 2. Analysis and matching the content of the message against known A2P content Behind the addressing analysis lays a deeper level of message content analysis. Leading vendors in the space, such as Orange with their partnership with Anam Technologies, maintain a constantly updated database of all known fraudulent attacks and threats and the nature of the messages involved.
This allows the system to instantly check incoming messages against those known content types and react accordingly. The AI elements of the system are able to extend from known message types to detect and learn about modifications to the message which result in the same fraud albeit using slightly different approaches. Finally, this detailed and real time analysis provides operators excellent insight with visualization tools illustrating the status of their messaging business in terms of revenue generating traffic and well as fraudulent traffic coming in under the radar. Step #3: Proactive approaches Strengthening the walls Passive analysis is a key component of fraud solutions, but aggressive proactive approaches help identify new techniques before they can develop into major problems.
ME S S AGIN G FR AUD
14
w w w.hot tel e c o m.c o m
Creating virtual SIMs within the firewall allows operators to use a “honeypot” fishing technique, whereby these SIMs can receive and immediately analyze new messages that are coming via unusual routes. Of course, these SIMs never belong to real customers who can sign up for message alerts and so even one incoming message is a sign of Spam. In a similar fashion, generating international messages heading towards these SIMs allows the firewall to confirm the routing taken by those test messages and pinpoints exactly where the leakage is taking place, allowing another grey route to be identified and blocked. Step #4: People – Supporting the army Although AI is often spoken about as this ultimate automated system that takes the best a human can do and then enhances it, the reality is that having a skilled and proactive team of data scientists and SMS/signaling fraud experts behind the scenes is critical. New frauds need to be identified and the mechanisms fully understood so that new rules can be built into the systems. Auditing the workings of the firewall and its associated systems are key to satisfying the dual objectives of the mobile operator - to maximize the incoming revenue without ever blocking legitimate messages to or from their customers. Convincing an operator that this will be achieved is perhaps the most critical part of a fraud prevention installation. BATTLES WON - THE RESULTS SPEAK FOR THEMSELVES With solutions such as the ones described here, the benefits can be seen in many areas:
15
36 0 ° V I SI O N
• Fewer messages leak and the increase in messaging via legal routes also improves delivery reliability and therefore the satisfaction of both the Brands and recipients • End users are protected against identity thefts as well as bill disputes and lost personal data • Revenue to the mobile operator is increased as messages shift from zero or low revenue routes back onto the correct interconnects A growing number of operators are taking the necessary steps to win the fight against fraud messaging and are now benefiting from their hard work. We described earlier the results seen by a major Asian MNO, but many others exist. For example, efforts by an African MNO with 30 Million+ customers resulted in bypassed traffic on SIM Boxes dropping down to 10% after 18 months of operation. Their global paid volumes of incoming messages also increased by 50% in the first six months and are now up by 77%. As we say, the results speak for themselves and prove that it is well worth taking on the fraud messaging beast head first!
Watch interview
HotShot interview with Sandrine Dutertre, Messaging security product manager at Orange International Carriers. Sandrine talks to us about the biggest challenges and the keys to a successfully messaging fraud plan. Finally she shares how Orange is leading the fight against the messaging fraud beast.
Watch Interview>>
fighting messaging fraud with intelligence, partnerships, people Sandrine Dutertre Messaging Security, Orange International Carriers
17
36 0 ° V I SI O N
w w w. who l es al es o lu ti o ns .o r an ge.c o m
Messaging fraud is a growing scourge on operators’ business. What do you think is the biggest challenge in successfully fighting fraudsters? There are actually several key challenges that build on each other. The first is to acquire a very deep knowledge of the fast-moving messaging market, to keep up with all types of frauds, old and new. Then you must find reliable partners so that you can rapidly build a flexible fraud prevention ecosystem, able to adapt to the evolving nature of fraud and upgrade your system as close as possible to real-time. Finally, the human factor is critical. Having knowledgeable security experts to maintain and update security mechanisms to adapt to the ever-changing methods of fraudsters is crucial.
Firstly, we must distinguish between two types of cases: fraud and bypass. Fraud cases trigger damage to the network and its customers, while bypass cases trigger revenue losses for the operators terminating the messages. On the fraud side, spoofing of the message origin and its technical details is very dangerous, as it can lead to roaming service interruption and huge billing disputes, with both subscribers and partners. It is also a serious risk, as it is very easy to put in place once you have found a way to enter the signalling network. For example, spoofing attacks took place within the Orange Group a few years ago, and it resulted in the Orange mobile operators having to stop all customer roaming for a full day to deal with the attack.
The involvement of machines and artificial intelligence is one thing, but to be really successful at fighting fraud you also need the human involvement. Good security experts are difficult to find, as it requires a very specific and specialized profile.
When it comes to the main bypass cases, currently it is all about SIM Boxes. Again, it is unfortunately quite easy to set-up, as all you need to do is to buy local SIM cards and deploy them in the destination network - even putting them into cars to minimize the chance of detection.
We are lucky to have such security experts within Orange, as we are already deep into security challenges on the data, voice and mobile front. Our experts are now working increasingly on messaging and are continually learning, both through the interactions with our partners and through internal technical and commercial acquired knowledge.
To make matters worse, when you deactivate SIM cards due to fraud, it only takes a few hours for thousands more to appear somewhere else in the network. So, if you do not have the automated tools to detect these fraud events in real-time you can lose a lot of money fast.
What do you think is the most damaging type of fraud attacking operators’ network at the moment?
Consequently, fraud and bypass attacks not only cause significant damage to the operators’ network, but also more importantly to their reputation and therefore to their longterm revenue and success.
ME S S AGIN G FR AUD
18
w w w.hot tel e c o m.c o m
Sadly, not all operators realize that the risk is there and growing. Obviously, those who have already suffered an attack understand the risk and are taking the steps to protect themselves, but those who have not may not be as aware and well prepared to fight the fraudsters. Someone looking to make money quickly will always gravitate to the weakest link and these operators are therefore a prime target and will be attacked at one point.
The world is moving very quickly and so are fraudsters. How do you think messaging fraud will evolve in the next few years? Are there any areas that particularly worry you? I would say that the fraudsters are getting smarter and smarter and we now see some highly sophisticated fraud cases emerging. Initially, implementing a firewall with basic rule checks, such as the origin of the message, for example, was sufficient to fight most fraud attacks. However, now we are getting to a different level, where the information inside the message is being modified, which is more difficult to identify. For example, you are seeing messages being sent with zeros instead of Os, spaces between letters, dashes and the combinations are endless. Many operators do not filter the content of the message because of the regulations within their country and this is definitely an open door for the fraudsters. Therefore, going forward I believe that new fraud cases will appear around the obfuscation of the content to avoid detection. As a result, operators must be very reactive
19
36 0 ° V I SI O N
and update their filtering rules and act in real time. It is a never-ending fight, so having a flexible and scalable firewall, combined with real-time filtering rules, is essential. Communication between all the parties involved in the messaging chain is also crucial, so that fraud can be detected at any stage of the messaging journey.
What is the role of AI in messaging fraud prevention? With fraud cases becoming more and more sophisticated you can’t just rely on a firewall without adding intelligence on top and that needs to be constantly refreshed via advances from our security experts but also by using advanced machine learning tools, which will help keep up with the fraudsters. Now that we have several deployments in service at Orange, we are able to use AI to spread the filtering rules to all our operator customers rapidly and seamlessly. This is very useful, as for example, we only took only one month for our most recent firewall deployment to reach our traffic target. In the early days this would often take three months to capture enough information for the AI to become productive. Our intelligent database contains all the known fraudulent attacks / threats that we have identified throughout our operator customers and it is constantly updated via a centralized “Threat Intelligence Sharing” service. It is a very powerful and effective way of sharing knowledge quickly between our operators.
What is Orange’s overall strategy to fight messaging fraud?
w w w. who l es al es o lu ti o ns .o r an ge.c o m
Orange is an A2P hub and not an aggregator, so our objective is the same as the mobile operators’: improve quality and protect revenue. Orange therefore has designed ‘SMS Protect’ to help operators combat all fraud and bypass cases effectively. It is deployed to fully protect the MNO’s SMS channel from revenue leakage and all other forms of SMS Fraud.
Orange is that the volume of A2P traffic has been multiplied by a factor of 3 or 4 since the implementation of our fraud prevention solution. But if you leave even a small crack of the door open, the fraudster will find it and attack. So the fight will never end!
Our solution helps ensure high quality A2P routes, protects end-users, provides improved customer care and therefore improves the overall messaging value for the operators. In addition, Orange also offers an audit service, through an external provider, in order to get a clear picture of the operator’s network prior to the firewall implementation. It also checks the solution accuracy once implemented at least two to three times a year. These audits ensure a better relationship with the operator from the start and optimises the results. We want to show the operator that we constantly challenge our own solution and are serious in identifying areas that need improvement. Through this process, we are also able to show the operator how much fraud we were able to prevent. For example, in one case an operator had more than 30% of its messaging traffic generated by SIM Boxes, and 18 months later this had gone down to 5% thanks to the implementation of our solutions. Fraudsters are still succeeding some of the time, but our solution is making their work much more difficult. At the end of the day the results will talk for themselves. What we have seen within
ME S S AGIN G FR AUD
20
w w w.hot tel e c o m.c o m
ABOUT HOT TELECOM HOT TELECOM is one of the most innovative and creative research and consulting companies, which has been providing International operators and carriers with specialized intelligence and advice for the past 15 years. We understand the challenges faced by international carriers better than anyone, and have therefore developed a number of research and advisory tools and expertise to mirror these needs, and provide the support any wholesaler requires to survive and thrive in the current environment. To find out more about what we can do for you and how we can make the difference in your success, contact us and it will be our pleasure to provide you with tailored, reallife solutions that will meet your needs, challenges and objectives. For more information, please visit www.hottelecom.com
ABOUT ORANGE INTERNATIONAL CARRIERS Orange International Carriers is the Wholesale Division of Orange Group, which has retail operations in 27 countries and provides business services in 220 countries and territories. In a market place that is constantly evolving, Orange International Carriers is the operator that brings its customers a true digital experience and makes technology accessible to everyone. Offering a network of global connectivity via 40 submarine cables and international consortiums, stretching 450,000km, Orange is actively involved in the deployment of smart connectivity to support today’s fast-moving, telecoms landscape. With a comprehensive portfolio of innovative and flexible solutions for retailers, wholesalers and OTTs worldwide, Orange International Carriers is a global solutionprovider for services in Security, Data, Mobile and Voice. Additionally, Orange International Carriers proposes professional services to meet today’s increasing diversity of digital demands, including customised business models and – where relevant – especially adapted offers. To learn more, please visit https://wholesalesolutions.orange.com
21
36 0 ° V I SI O N
w w w. who l es al es o lu ti o ns .o r an ge.c o m
ABOUT THE AUTHORS Isabelle Paradis President, HOT TELECOM Isabelle is President and Founder of HOT TELECOM, and has been working with many of the world’s telecom service providers to help them define their transformation strategy. She has published several articles and reports on the subject and has spoken at numerous conferences around the world to share her views on the future of the international telecoms business.
Steve Heap CTO, HOT TELECOM Steve has a lifetime of experience in designing, engineering and operating networks, both domestic and international. With leadership experience in small technology start-ups through to global service providers, he has deep experience in a wide range of products, technologies and geographies. He has the rare skill of being able to explain complex technical issues in easily understood concepts and uses that extensively in his consulting work with HOT TELECOM.
ME S S AGIN G FR AUD
22
Contact us Email: info@hottelecom.com Web: www.hottelecom.com
HOT TELECOM