Telcos must do more than just shake off SMS fraud

A telco we recently spoke to narrated how scam SMSes were creating trouble for its subscribers, but its risk team was able to ‘shake it off for now. Interesting choice of words: ‘shake it off, a phrase popularized by Grammy Award Winner, Taylor Swift, who has been busy shaking off other things like a record deal that turned sour last year, driving her to re-record her first 6 albums.

Unfortunately, unlike the pain of past relationships, which is what the singer croons about in her chart-topping hit, SMS fraud isn’t something that can be easily shaken off by telcos.

Sending the right message

A text message from a friend is a person-to-person or P2P message. A message from your bank sharing an OTP is an application-to-person or A2P message. A2P SMS finds use in areas like two-factor authentication, sharing details about bookings, reminders for appointments and travel, updates about deliveries, notifications about discounts, sales, and promotions, etc., making it an indispensable information delivery channel. Since the pandemic, the number of A2P SMSes traveling across telecom networks has shot up. It is estimated that 3.5 trillion A2P messages will be sent in 2023, marking a 40% increase over 5 years. On the other hand, the flourishing of OTT apps providing free messages has put a dent in P2P messaging revenues. Nevertheless, subscribers consider SMS a safe channel of communication. A study on marketing channels reveals that the average open rate of a marketing SMS is 99% compared to 28-33% for marketing emails.

What goes on behind that SMS

Convenience is perhaps the best thing about sending a text message. It’s quick and does what it is supposed to. But there is a whole machinery at play to ensure that every ‘send’ button clicked on an SMS creates revenue for telecom operators and many, many intermediaries.

The SMS ecosystem consists of numerous players supporting the business of P2P and A2P SMS. There are SMS resellers, SMS hubs, Rich Communication Service (RCS) providers, and SMS aggregators, to name a few. The infrastructure also comprises several components like SMS centers as well as software such as SMS gateways and SMS APIs. Each of these plays a role within authorized routes, allowing messages to be delivered from a business through an MNO to the right customer.

SMS resellers provide software that allows quick broadcasting of business SMSes based on an agenda with pre-built templates. SMS hubs streamline the flow of international SMS through interoperable systems between telecom operators, enabling wider reach at a lower cost without complex agreements. SMS aggregators are niche telcos that act as intermediaries between many MNOs to send and receive SMS connecting brands to their customers. SMS gateway is a website that allows businesses to send bulk SMSes to their customers via telecom networks and supports international SMS. And finally, SMS API, a new addition to the market, is a piece of code that dispatches SMS via an SMS gateway and also supports text message communication between different web applications.

Understanding ‘The Blank Space’ of fraud 

Interactions between these nodes and players are complex and governed by numerous and verbose contracts outlining cost, frequency, carriers involved, interruptions, disputes, privacy, and much more. But fraudsters commit much time to find loopholes within networks and agreements that they can exploit, such as weaknesses within SS7 signaling protocols and grey routes. According to CFCA Fraud Loss Survey 2021, SMS fraud accounts for US $3.65 billion in losses.

Here are some well-known fraud types:

• SMS Spoofing – The location and identity of the sender are spoofed to mimic a known business
• SMS Faking – Signaling parameters are manipulated to fake the operator’s details, causing customers to receive unsolicited SMS
• SMS Spamming – SMS is embedded with a callback premium rate number, incurring high charges
• SMS Malware – Hackers breach MNO systems to steal sensitive user information
• SMS Bypass – Traffic is routed through alternate networks and grey routes, leading to a loss of revenue for telco
• SIM Farms – A collection of SIM cards are used to issue business SMS to avoid paying enterprise SMS rates

SMS fraud creates much harm. It leads to identity theft, financial theft, and network manipulation. It significantly erodes customer trust in the primary communication channel. For example, nearly 64% of customers worldwide are concerned that mobile messages could be from impersonators trying to steal their data, money, or identity.

And they are right to be concerned. Today, a majority of SMS fraud remains undetected. It affects operators through the leakage of SMS revenue and negative brand image. Businesses cannot monetize their services as people become distrustful of promotions and sales discounts.

Re-orienting fraud and security solutions for the new age 

Telcos need a diverse ecosystem of SMS players to forge international connections between people and businesses. However, they ought to focus on transparency and weeding out misaligned players if they want to secure their SMS ecosystems and sustain revenues from A2P and P2P SMS.

SMS firewalls are among the most popular approaches, but their efficacy is waning in light of emerging SMS threats due to new signaling protocols. Techniques such as real-time signaling analytics, heuristics, and advanced ML techniques give all parties – businesses, operators, and users – visibility into SMS interactions so operators can identify any SMS fraud. As operators re-orient their security systems to fight SMS fraud, it fosters customer confidence, secures access from businesses to their consumers, and creates a thriving ecosystem for genuine players.

Perhaps it is time for telcos to move from merely ‘shaking off fraud’ to ‘knowing that it’s trouble’ and adopt a long-term view to combat it. They ought to upgrade their fraud management system to mitigate any form of risk proactively.

Subex’s AI-first Fraud Management Solution provides a data analytics platform that helps CSPs engineer ML features, leverage a global honeypot network to spot anomalies faster, identify malware attacks in SMS, and ensure real-time SMS threat monitoring.

To see how our signaling to fraud management solution telcos from SMS fraud

Connect with a Subex expert now!

Sukshitha Rao

Sukshitha Rao is a Product Marketing Specialist responsible for Fraud management portfolio at Subex. She is a postgraduate in management from Symbiosis Institute of Digital and Telecom Management with Marketing as her major. She has about two years of work experience in the IT industry.