MEF COO Joanne Lacey describes how fraudsters seeking to exploit a highly successful (and lucrative) enterprise messaging businesses could be costing an estimated $2bn annually, and what they can do to mitigate their losses while creating a more sustainable industry.
For businesses providing enterprise messaging as a service, revenues are not insignificant. At the end of 2016, mobile analyst firm, mobileSquared, estimated the market to be worth $17.2 billion and forecast a rise to $58.7 billion by the end of 2020.
However, wherever there big revenues there are also fraudsters seeking to exploit technological, regulatory and human weaknesses for financial gain.
10 years ago cyber security meant updating antivirus software and investing in firewalls to protect our most valuable assets – personal, sensitive data – on our desktops or servers. Now, the exponential rise of mobile means that access points for fraudulent or malicious activity are distributed across a highly intricate value-chain that includes mobile networks, handsets, switching and signaling technologies and consumers themselves.
MEF’s Future of Messaging programme – an industry group of 30+ companies representing all stakeholders in the messaging ecosystem – recently published the latest edition of its Enterprise Messaging Fraud Framework which identifies a staggering 13 types of fraud across four distinct areas:
- Identity theft – obtaining information required to steal someone’s identity
- Data theft – obtaining information required to access personal and private banking or other financial accounts
- Network manipulation – to gain competitive advantage or perform illegal activities via the deliberate manipulation of a message or the exploitation of system vulnerabilities to bypass protection measures intended to safeguard mobile network operators and consumers
- Commercial exploitation – to gain competitive advantage by exploiting gaps within the commercial structures of the ecosystem
With heightened sensitivity around personal data and digital identities then it is absolutely fundamental that the enterprises that buy messaging services and consumers alike, need to trust the channels they use to communicate with each other.”
It includes, for example, SMiShing (SMS Phishing), SMS Roaming Intercept and SIM Swap fraud where messages containing confidential personal information or perhaps account authorisation codes (two factor authentication) that are intended for consumers, are intercepted by a third party and used to gain access to personal banking services.
Mobile carrier, o2 Germany recently confirmed some of its customers had their accounts emptied by hackers after they fell victim to an SMS phishing scam that stole their usernames, passwords, phone numbers and bank account details.
Most types of enterprise messaging fraud can be prevented by the adoption of best practice and security technology at the network level but the fraud problem is compounded because the global mobile messaging ecosystem does not operate in a one size-fits all environment.
Rather it has grown at different rates country by country in order to meet demand, accommodate local business conditions or to comply with legal and regulatory requirements (where they exist). Therefore the fraud types and the ability to prevent fraud varies from country to country.
Of course the issue of enterprise messaging fraud isn’t just the practice of hacking in to mobile networks and sending phishing messages. Sharp business practices from some companies that sit between enterprises and their customers in the delivery chain, actively look to exploit technological or regulatory weaknesses.
Businesses and brands risk reputational damage or financial harm if they procure enterprise messaging via a rogue player using unauthorised grey routes for example. In effect the SMS message originates from an un-authorised network and ends up being paid for by the network that it terminates on.
Consumer trust is at stake
Taken together, the 13 fraud types cost the messaging industry an estimated $2bn per annum. Aside from these hefty financial loses, there is also the risk of undermining the long-tern sustainability of the enterprise messaging industry.
With heightened sensitivity around personal data and digital identities then it is absolutely fundamental that the enterprises that buy messaging services and consumers alike, need to trust the channels they use to communicate with each other.
MEF’s latest study on mobile consumer behaviors found that 86% of us will take some kind of action if trust is challenged. Almost half will stop using a service (interestingly a year-on-year increase from 38% to 44%) and nearly one in three (30%) warn friends and family about bad experiences.
Looking ahead new interactive and richer messaging formats such as messaging based on the RCS standard, and chat bots that use AI to automate customer interactivity (across both OTT and mobile networks) will help grow the enterprise messaging opportunity. Yet fraud is a persistent threat. MEF’s Fraud Framework sends a clear message (no pun intended) to all players, from telcos to buyers and everyone in-between, that fraud needs to be seen as shared problem if we want to protect and indeed grow a $60bn market place.
A version of this post originally appeared on ITProPortal