While SMS continues to evolve technically and grow in volume as brands and enterprises increasingly use mobile messaging for authentication, customer engagement and marketing, it is at risk of being undermined by rogue players finding new loopholes to exploit.
MEF’s recent Enterprise Mobile Messaging Fraud Framework was produced by a cross-sector messaging working group from the Future of Messaging Programme. The Framework looks in depth at the issues of identity & data theft, network manipulation and commercial exploitation of enterprise messaging. The guide details 13 fraud types, and offers practical information on how to identify and deal with them.
We asked MEF members for their thoughts on the challenges facing enterprises from messaging fraud. Here’s what they said…
Harsh Mamgain, AVP Product Management, Infinite Convergence
As messaging continues to dominate to become the most preferred way of communication on mobile devices, the enterprise vulnerability to fraud on consumer-grade messaging platforms has also increased exponentially. Mobile messaging, despite its seeming ubiquity, has only begun to penetrate enterprises as a company authorised communication platform.
The first step in solving a problem is recognising there is one: consumer messaging and other unsecured messaging apps for business communication is an ideal breeding ground for fraud!
Today the consequences of fraud are not just limited to financial, the mobile connected economy has created new challenges where fraud can easily perpetuate erosion of consumer trust and investor confidence leading to catastrophic consequences for all stake holders, from individuals and consumers to an entire industry value chain.
Global regulations are important but the key to dealing with fraud and enterprise messaging sustainability is to closely collaborate with businesses, technology providers, and regulators to build fail-safe and self-regulated systems. We are already seeing this with the Blockchain phenomenon in Fintech, but that’s another story.
Nina Knezevic, Director of Telecom Solutions, Infobip
In my view, it’s important for businesses to use secure connections for the termination of messages they are sending. In order to minimize the risk of fraud, enterprises need to make sure that the service they’re using is developed in line with the highest IP security standards, certifications etc.
On the other hand, it’s very important for the MNOs to be fully and constantly aware of threats in the messaging space. This means proactive monitoring, identification and constant adaptation of anti-fraud solutions.
In order for this to work in the ecosystem level, regulation should closely follow these same principles, and develop standards in a proactive and timely manner as well.
Guendalina Rossi, Senior Product Expert at SAP Digital Interconnect
As a leading carrier in the A2P and P2P aggregator industry, SAP Digital Interconnect undertakes a strong commitment to maintaining a fair and sustainable mobile ecosystem. Fraud is a moving target and fraudsters constantly try to exploit network or regulatory weaknesses. A2P cost bypassing techniques such as SIM farms or grey routes undermine the messaging eco-system and the operators’ financial means to combat fraud itself.
Today’s market offers a variety of technical solutions to combat fraud but even the best tool must be combined with following aspects to achieve success:
- A sound commercial messaging strategy
- Legal and regulatory frameworks supporting the above
- Dedicated personnel and on-going monitoring
- P2P and A2P messaging founded knowledge
SAP has been working on a suite of award winning products for the protection of our Enterprise and Mobile customers, thus contributing to solve these issues with messaging worldwide.
Esra Yüksel, Roaming and Mobile Services Senior Account Manager Türk Telekom International
Messaging, especially the A2P SMS market, is growing globally and will continue so for number of years. As this brings opportunities to national and global enterprise organisations, fraud types and the impact of the fraud are simultaneously expanding. The level of impact varies between regions, countries and between the providers that are operating in the same country. Although mainly this seems to be due to regulatory differences, in my perception, it is caused by an awareness of fraud and the effect of revenue leakage.
In Turkey, SMS bypass fraud, mostly national bypass, impacts our business. This is noticed by performing international A2P SMS terminations tests, but since that traffic is not on international routes, it is difficult to split it from legal national traffic with monitoring or to block it via firewall solutions.
With these difficulties, we face some challenges to eliminate the impact of fraud and revenue leakage.
As the SMS market grows in the direction of A2P, it is necessary to make updates in this regard in regulation. To do this, firstly, all new trends, developments and fraud types should be followed by the enterprises and regulations should be updated in the new direction. From the other side, it is hard to adapt regulations with such new transformations. For this reason, global standardisation must be in place.
There is already much research and studies on fraud types and precautions to be taken. Since a big percentage of fraud types vary according to the way SMS is terminated, there should be a global way to identify authorised and regulated routes. With this standardisation and regulatory support, enterprises can be aware of the fraud impacts and take necessary actions accordingly.
Michele Bader COO at TWW
Fraud in the Brazilian A2P SMS market is huge. We believe that at least half of the market uses grey routes (SIM Farms and SS7 routes). This could mean that approximately 1 billion SMS per month are being sent via fraudulent routes.
The impact to TWW´s and other official aggregators and the operators themselves is a loss of millions in revenue. Not only are we not getting the revenue from the messages but the carriers are losing more millions in revenue with the off-net messages cost.
Although carriers believe they make money selling the SIM´s that are used in SIM farms they are actually losing. For example, a SIM with a 10.000 SMS limit may cost BRL 60 per month but may cost BRL 400 or more in off net messages cost. This means that the BRL 60 revenue could actually be a BRL 340 loss!
In addition to the revenue issues, we also have a serious margin problem.
The use of grey routes is much cheaper. The result is that the margins for the official A2P players is disappearing. We have to operate at zero or very low margin to maintain clients while the grey route companies are selling with very fat margins of over 100%. If a solution is not found quickly there is a very good chance the grey routes will dominate the A2P space in Brazil. It is simply becoming impossible to compete.
What is the solution?
For years we have been working together with the carries to block the grey routes. A lot has been done and the effort is still there. But the grey route gang is smart and swift. The operator actions are not as effective as we need them to be. So we believe the solution is a simple economic solution. Bring the price down and the grey routes will naturally disappear as they will no longer be economically viable. Simple supply and demand.
Daniele Mensi CEO Ubiquity International
Fraud is a threat affecting all A2P Messaging players, from customers to the carriers and providers. Particularly, our customers within the Banking and Financial community see the messaging being used to fight consumer Fraud through personal notifications, SMS passwords and enforcing two-factor authentication.
Kind of fun that providers who solve fraud on behalf of their clients are themselves exposed to fraud…
The most common types of fraud come from Social Engineering, where skilled engineers exploit systems or weaknesses in a process to take advantage for financial gain. Typical examples our Business is exposed to are: illegal termination via sim boxes (breaching interconnection contracts with MNOs) or extensive use of grey routes in breach of direct interconnection agreements.
The consequences of a breach of an interconnection agreement are very serious, because we may not be able to comply with SLAs, causing serious impact on finances and reputation.
Our role at Ubiquity, being a trusted messaging provider for banks and financial institutions, is to ensure the use of highly secured providers/routes to deliver best value to our B2B customers.
For all our customers, security and integrity represent must-have requirements and we need to fulfil the highest compliance standards. That’s how Ubiquity is strongly positioned across Industries that do not tolerate fraudulent behaviour.
From an A2P industry perspective, it is clear that any active party should deploy countermeasures to limit the adoption of illegal practices and eradicate fraud, by encouraging and actively promoting the deployment of intelligence alerts/processes.
It is also worth promoting awareness at every level, mostly across the Telco provider landscape (e.g. GSMA) to avoid the commoditisation of A2P SMS and instead promote value for the market and customers. As an example: the overall SMS price disruption is explained by an extensive use of borderline practices by carriers and aggregators which under no circumstances should be encouraged.
Furthermore, we strongly believe that Regulation is key for improvement. Nevertheless, since A2P messaging is a global business, a complete solution at this level is unlikely within the next 10 years to come.
Version 2.0 of MEF’s Enterprise Mobile Messaging Fraud Framework offers insights into the impact of fraud on all parties within the mobile ecosystem, as well as categorisation of the means available to parties to detect and protect against fraud through the implementation of commercial solutions, technical solutions and through processes, compliance and legality.
The framework was developed by a collaborative cross-ecosystem working group of participants of MEF’s Future of Messaging Programme, represented by senior executives from across Commercial, Operator Relations, Product and Technical teams.