When it comes to new ways to carve out revenues, one of the industry’s big problems is that those interested in intercepting and stealing them constantly change their tactics to escape detection and exploit emerging communications channels. The latest exploits involve a shift to the data path.
Two forms of data fraud have been going undetected or overlooked by many operators and are becoming more of a problem, according to US-based Mobius Wireless Solutions. The voice and data fraud prevention company, located in Ashburn, Virginia, has seen a rising incidence of so-called over-the-top (OTT) voice bypass and one-time-password (OTP) bypass.
OTT voice bypass occurs when an international mobile call generated abroad is terminated over an OTT app without consent to do so. OTP bypass is when illegitimate SMS delivery channels are used to infiltrate a mobile network via the IP data path. Termination in these two cases is often via WhatsApp, Viber and rich communication services (RCS).
“Bypass revenue loss is much the same, but how it is occurring is drastically changing,” says Shashank Reddy, CTO of Mobius Wireless Solutions. “We have observed a significant shift to OTT voice bypass and OTP bypass delivery over the data path.”
Revenue hit
Reddy explains that Mobius has observed OTT voice bypass in countries with high international call termination rates, and has seen it spreading globally. Of the operators with which Mobius has worked, the company estimates that 5% of all WhatsApp calls on their networks involve bypass fraud.
While many may write off this threat or are not aware of it, it’s a problem worth dealing with, believes Reddy. He adds that it is already having a considerable impact on MNO and aggregator revenues. “Bypass via OTT apps is occurring and most do not have tools to address it,” he says. “For those that have decent termination rates, the related loss can be significant.”
Similarly, OTP bypass appears to be hitting A2P revenues. “We have collected evidence that applications like WhatsApp and RCS are cannibalising a significant portion of the OTP revenue from some networks,” says Reddy.
The issue is also different in nature and less visible than traditional voice bypass fraud. The bypass is occurring over the data channel and is difficult to act upon with precision if you do not understand its signature. This is where Mobius can help, says Reddy.
Deep packet inspection
Fortunately, there are some tools out there to mitigate these effects. Mobius provides these with its DataSentry offerings, comprising managed services that use deep packet inspection to closely monitor inbound connections. For OTT voice bypass, it offers fraud detection and blocking tools, and for OTP bypass firewall controls.
“The fingerprint library of our DataSentry service is our secret sauce,” says Reddy. “We’ve found specific markers of fraud activity, and are able to flag those and even block them in real time.”
Reddy cites the example of a mid-size mobile network operator in North Africa that saw its international traffic increase by 15% per month using DataSentry, blocking over 50,000 WhatsApp OTT bypass calls daily. According to the figures, the operator had previously seen a substantial daily revenue loss of $35,000, with around 4% of WhatsApp voice calls identified as bypass fraud.
“When an operator takes steps to employ controls to monitor and take precise preventive action, the return on investment can be significant,” says Reddy. “We’ve also seen the monthly cost of our service covered by savings within the first two days of a month.”
Shifting targets
Mobius, which works with more than 30 mobile operators, currently focuses on Africa, Asia and Latin America, where it perceives more of an issue with inbound communications activity. Even if operators already have DPI tools, Reddy says the service is complementary to these alternatives because each serves their own niche.
And the company believes its tools can help ward off the threat, with significant experience after being in the fraud space for almost 20 years working with multiple operators in the voice arena. Now attentions are turning to new targets in the data space, says Reddy. “That’s where things are going, and fraud always follows,” he says. “Mobius will be there to find and prevent it.”
