Last week, MEF’s Future of Messaging Programme launched its Securing A2P SMS Business Messaging Whitepaper developed by members of its Fraud & Security Working Group. The comprehensive guide makes best practice recommendations when using SMS for Two Factor Authentication and provides practical use cases.
The working group was led by GTC’s Giovanni Benini who here shares the collaborative approach that had the goal to help demystify the complexities of the messaging ecosystem and provide member uses cases how the industry is tackling fraud.
As business communications evolve, SMS continues to see robust growth particularly for sending One Time Passwords to support Two Factor Authentication. Unfortunately, these high-value transactions attract the attention of fraudsters and it is imperative that across the entire ecosystem all necessary actions are taken to prevent and mitigate fraud attacks.
It provides recommendations in a clear three-step approach for securing the SMS business messaging channel balanced by the use case and risk profile:
But how did this whitepaper come to life? In October of 2019, MEF asked me if I could help lead a group that wanted to look at market education on the security issues around SMS and SS7. Both are topics very close to my heart and core consultancy areas of GTC, so I immediately said yes.
 SMS traffic can also be a high-value target for fraudsters. If left unchecked, there is a risk that levels of trust amongst consumers and enterprises will fall, impacting the adoption of messaging among new enterprise sectors“
I quickly pictured a flow of the storyline in my head and thought this would no doubt require me to be working many evenings to get it done. What I hadn’t anticipated was the amazing amount of contributions that all the MEF members participating in the group would bring – in quantity and quality.
Given the high volume of messages and high-value uses cases associated with 2FA including banking and retail accounts, it inevitably means SMS traffic can also be a high-value target for fraudsters. If left unchecked, there is a risk that levels of trust amongst consumers and enterprises will fall, impacting the adoption of messaging among new enterprise sectors, stifling innovation and ultimately slowing the long-term growth of the industry.
Hence the need for better clarity and market awareness and the sub-group started with a kick-off call and 1:1s with the group’s founding members which represent different parts of the messaging ecosystem.
They included Vincent Schaeken from AdaptiveMobile, Brendan Cleary from Cellusys, Scott Taylor from FICO,  Leif Östling from Sinch, Furqan Ahmad from Telenor and  Lee Suker from XConnect. That gave us the concept of the whitepaper: a perspective across the messaging delivery chain which I presented early December 2019 at MEF’s Future of Messaging Programme live meeting in London.
As the project progressed, I was blown away by the expert input from many other members like e.g. Chris Drake from iConectiv contributing brand new empirical data from the Study of Wireless Carrier Authentication for SIM Swaps and Jenny Whelan and Felipe Castillo sharing Telefonica’s experiences on SMS One-Time Passwords for Two Factor Authentication.
The theme of willingness to contribute continued until the end of this project with Mary Therese Fitzpatrick and John Murtagh from ANAM, Kim MacSymon from Myriad Connect, Randy Warshaw and Surash Patel from Realnetworks as well as Munz Bharde from Neustar led the contributions on technical solutions chapters which looked at SMS and SS7 Firewalls, SIM Swap Solutions to mitigate account take over as well as machine learning. Mobilesquared helped out with numbers and MEF members provided practical use cases on ensuring security in the SMS channel including mGage’s Jim Barnes and Virginie Debris from GMS, who jumped on this project right after the first London meeting.
So in the end, and despite having to steer this project through the challenges of COVID-19, a hopefully useful whitepaper came out. Please download and share 😊
And a special, personal thank-you to the whole team including MEF’s Joanne Lacey for an excellent combined effort.
Finally – do join myself and some of the contributors to the paper ANAM, GMS and Xconnect as we continue to debate the topic and promote best practice. 2nd July, 4PM BST.
MEF Webinar | Securing SMS for Enterprises
Register now to hear members of MEF’s Fraud & Security Working Group for business messaging discuss best practices for ensuring SMS remains a clean and secure channel for businesses.
The briefing walks through the group’s latest recommendations for enterprises including guidelines for sending OTP / 2FA as part of a paper published in June.
With guest speakers including Giovanni Benini of Global Telco Consult, Virginie Debris of Global Message Services, John Murtagh of Anam and Lee Suker of Xconnect.
