MESSAGING FRAUD the NEXT GOLD MINE? Messaging to mobile customers was once the steady but left behind side of the business. It was something that all mobile operators offered, but was so steady in its demand that many operators didn’t even bother to measure and settle messages between each other, especially internationally. It was simply assumed that customers would generally originate as many messages as they would receive and so a “sender keeps all� approach to revenue simplified the commercial processes that would otherwise have to be established. Move on several generations and the world is completely different. For example, basic forms of communication have gradually lost their status as trustworthy and safe interactions.
w w w.hot tel e c o m.c o m
E-mail was perhaps the first to do so, as the free nature of e-mail delivery meant that every shady character could inundate the world with fake and sometimes dangerous messages. Voice calls were trustworthy because you knew who was calling and the cost benefit behind sending spam calls meant that they were far fewer in nature. On top of that, regulators in most countries set-up various laws and regulations to limit calling from unwelcome parties. Unfortunately, that has fallen into disrepair and now consumers are probably receiving more calls from fake originations than they do from their friends and business contacts. However, messaging has stood outside that morass and, in fact, has grown in status as the realization that the secure path to a known individual, provided by text messages, was a way to secure other transactions.
benefit from this growing business. There are two distinctive types of attacks: commercial and security frauds. RULE #1: NEVER LOSE MONEY RULE #2: DON’T FORGET RULE #1 The business opportunities behind the desire for enterprises to directly interact securely with their customers have been growing rapidly, to the extent that this relatively new business of Application to Person (A2P) messaging was, according to Mobilesquared, worth more than $17 billion in 2018, with growth expected to reach almost $27 billion in the next 3 years. Almost every online relationship with an enterprise now requests a mobile phone and permission to send messages associated with the account.
‘A2P messaging to generate $27 billion in 2021’
For example, now text messages are used more than ever before to provide confirmations of banking transactions, password reset and login attempts and to give enterprises, large and small, a way to securely interact with their customers.
This broad new category of messaging from applications to people rather than from people to people has added tremendous growth and brought much needed revenue to mobile operators. Unfortunately, as with many communication technologies, messaging is increasingly under attack from fraudsters wanting to
2
M A RK E T IN SIGH T
When there are large sums of money being paid for reliable messaging delivery, there is always a growing appetite from the companies involved to find a way to increase their profits from it, with for example, aggregators looking for routes at the lowest possible prices to deliver traffic. Additionally, as the nature of messaging evolves, a growing number of actors (brands, aggregators, hubs) are involved in the A2P chain before messages reach subscribers, which increases the risk of commercial bypass at one point in the path. This increased commercial fraud, and the lower quality termination generated by bypass, brings maybe the largest risk of all: poor customer satisfaction. With mobile
w w w.hot tel e c o m.c o m
customers being able to benefit from a growing number of OTT messaging options, including apps developed by the enterprises themselves, and with A2P customers being highly sensitive to quality, the advent of messaging fraud and bypass could have a significant impact on customer experiences. The direct result for mobile operators is obviously loss of customer and loss of significant revenue. SECURITY IS BETTER WHEN IT’S BUILT IN, NOT BOLTED ON Although the diversion of money from legal white routes towards grey routes and SIM farms is a serious commercial issue for operators, the loss of trust in the basic mechanism that secures text messaging would be a crippling blow. With A2P messaging driving so many secure transactions, including on-line banking and stock trading, the focus of cyber criminals around the world has migrated to gaining access to, or controlling the receipt of those messages.
information, but medical details and perhaps information used to blackmail public figures is all potentially available. Not a great result, when A2P messaging has been a bright spot for several years and when mobile operators are struggling to generate new revenue. DON’T ASSUME THE MARKET IS CAPTIVE The global technology companies, Google in particular, are increasingly pushing forward with alternatives to SMS messaging that might provide an avenue for many of these security related A2P messages. They recently announced efforts to launch an RCS capability in their App that integrates messaging with the phone book and multimedia capabilities which is happening without the involvement of the operators themselves. A major security issue surrounding SMS could result in significant migration to alternative approaches such as this one.
For example, by manipulating elements of the messages themselves, fraudsters can deceive consumers into downloading malware or giving up secret details of their financial accounts, with a risk of losing thousands of dollars if those accounts are emptied by the fraudsters as a consequence.
So, it is clear that messaging fraud prevention is a key task for any mobile operator wanting to protect and grow its current revenue, while mitigating security risks and optimizing customer satisfaction. However, fighting messaging fraud is not as simple as it sounds.
Diversion of messages away from the true owner of the number, while more complex to carry out, brings even greater danger to the ecosystem. We are all used to an instant text message if a password on our e-mail, or other application is changed. If the message actually is routed to another phone altogether, then all the mechanisms used to secure our online lives can be voided. Not only banking
AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE The next article in this series will dig deeper into the types of fraud that are currently being attempted, but we will close this one with a broad overview of the challenges surrounding messaging fraud prevention and why it is so difficult to prevent messaging fraud.
w w w. who l es al es o lu ti o ns .o r an ge.c o m
3
w w w.hot tel e c o m.c o m
Four main challenges can be identified: 1. History: many early relationships for P2P messaging were sender keeps all 2. Complexity: the ecosystem is particularly complex and the operators are struggling with the fraud at the end of the chain 3. Revenue opportunity: the commercial payments for A2P termination are significant and hence attractive for companies looking to improve their margins 4. Value of transactions: A2P messages are often used to confirm security and financial transactions. Accessing those systems can be highly lucrative to the fraudsters The history of messaging, as we mentioned earlier, was one of trust between mobile operators that things would balance out over time and hence less effort was needed to validate all transactions. This is still an issue in many areas and so moving towards commercially underpinned interconnects and carefully controlling which messages will be accepted into their network is important to maximizing incoming revenue. Although not dropping incoming P2P messaging is an equally important criteria.
4
M A RK E T IN SIGH T
As with much of the global telecoms industry, this is a complex ecosystem with many players from the brands through to the final customer. Some of those players are long established and trustworthy, others may be much newer in the game, and with less of a record of reliable transactions, perhaps. Mobile operators are at the end of the A2P chain and so have little control over how the message is routed from source until it hits their network. So having real-time systems and processes in place to monitor the way the messages finally reach them is critical. And, finally, some of the best minds in the business are focused on making money from this ecosystem in whatever ways they can. One thing the fraud industry is not short of is funds to pay for the latest and greatest attacks on the global infrastructure and so operators need to be partnering with companies with the best automated fraud defence solutions that they can find. Leading technologies in this area revolve around firewalling incoming messages and using deep analysis and artificial intelligence solutions to try to accurately determine if the message is valid and safe and try to some extent to stop the fraud before it happens.
w w w.hot tel e c o m.c o m
ABOUT THE AUTHOR Steve Heap CTO HOT TELECOM Steve has a lifetime of experience in designing, engineering and operating networks, both domestic and international. With leadership experience in small technology start-ups through to global service providers, he has deep experience in a wide range of products, technologies and geographies. He has the rare skill of being able to explain complex technical issues in easily understood concepts and uses that extensively in his consulting work with HOT TELECOM.
ABOUT ORANGE INTERNATIONAL CARRIERS Orange International Carriers is the Wholesale Division of Orange Group, which has retail operations in 27 countries and provides business services in 220 countries and territories. In a market place that is constantly evolving, Orange International Carriers is the operator that brings its customers a true digital experience and makes technology accessible to everyone. Offering a network of global connectivity via 40 submarine cables and international consortiums, stretching 450,000km, Orange is actively involved in the deployment of smart connectivity to support today’s fast-moving, telecoms landscape. With a comprehensive portfolio of innovative and flexible solutions for retailers, wholesalers and OTTs worldwide, Orange International Carriers is a global solutionprovider for services in Security, Data, Mobile and Voice. Additionally, Orange International Carriers proposes professional services to meet today’s increasing diversity of digital demands, including customised business models and – where relevant – especially adapted offers. To learn more, please visit https://wholesalesolutions.orange.com
w w w. who l es al es o lu ti o ns .o r an ge.c o m
5