Sending a message to fraudsters

28 November 2018 | James Pearce

Cover

Fraud in the SMS and messaging space causes damage to the industry in both revenue and reputation. James Pearce looks at what the messaging industry is doing to combat fraud

Fraud costs the global messaging industry an estimated $7.7 billion annually in lost revenue. To put that in perspective, the industry is estimated to see market growth from US$ 11.86bn to US$ 26.61bn, in the same period between 2017 and 2022. So eradicating lost fraud revenue would potentially make up half of that growth alone.

The damage caused by fraudsters isn’t just monetary. Fraudsters are damaging the trust of both enterprises and consumers and pushing them away from the world’s most ubiquitous communications channel: SMS.

At least that’s the claim of the Mobile Ecosystem Forum, an industry body that recently launched a code of conduct aimed at tackling fraud in the A2P messaging sphere. The code of conduct backs MEF’s Trust in Enterprise Messaging (TEM) service, which it also launched earlier this year.

The global code sets out best practice for all actors operating within the A2P SMS sector and is based on 10 principles offering guidance on commercial, procedural and technical requirements as well as an emphasis on consumer protection.  The Code was developed by the 30+ participants of MEF’s Future of Messaging Programme that include MNOs Telefonica, Telenor and Vodafone, messaging companies and signalling providers.

As demand for enterprise messaging via SMS continues to grow - with 1.67 trillion messages sent in 2017 according to MobileSquared – there is need for a code that helps both protect consumers from harm and protect the industry’s revenue, MEF said.

MEF’s COO Joanne Lacey said: “Today’s launch of Trust in Enterprise Messaging is the result of three years of collaboration of the Future of Messaging Programme’s fraud management working group which brings together competitors and customers alike to develop industry solutions to tackle fraud.”

Launch signatories include Apprentice Valley, BulkSMS, CLX Communications, Dimoco, Gemalto, IMImobile Intelligent Networks, iTouch Messaging Services, Kaleyra, MMD Smart, Modica, Movitext, Openmarket, Quiubas, rdcom, RealNetworks, TWW, Tyntec and XConnect.

A self-regulatory service, TEM aims to accelerate market clean-up whilst also educating enterprise messaging solution buyers about the threats of fraudulent practices and poor procurement processes. TEM’s launch signatories include companies from the messaging ecosystem that, combined, send over 60 billion A2P SMS messages per annum, MEF says.

MEF will now roll out the Code and its associated TEM Badge with an industry education programme as well as activate local projects that uphold the principles of the Code.

Spoof and Smish

Fraud is a significant issue for the SMS and messaging sector, according to Telnyx CEO David Casem. Most notably, spoofing (where someone pretends to be someone else) and smishing (when someone tries to gather sensitive information about someone else) are common frauds.

People do the latter by “using sender ID’s that would make a subscriber believe that a popular brand is contacting them – for example, a bank or loan company. There are also times when you could receive strange short web links in the content of messages to subscribers that when clicked are directed to fake websites,” explains Casem.

“Many Vendors work closely with mobile operators around the world to improve spam and fraud filters so that these messages are filtered out before they reach the mobile subscriber. For example, in some countries, an alphanumeric sender ID is not allowed in order to prevent the incorrect use of the brand name as sender ID’s for a message. In other countries, all alpha sender ID’s need to be pre-registered with the mobile operator with a specific use case and message examples – these are then whitelisted by the operator.

“Of course, some cases of fraud do still get through – individuals find new and creative ways of getting through the filters and firewalls, it is a continuous battle to ensure that subscribers are protected and the messages from fraudsters are blocked.”

Other issues of fraud include fraudulent messages trying to extract sensitive information from or on subscribers, to SMS messages requesting a call back on a premium number, to subscribers having their mobile-number spoofed and billed for the activity by the fraudster. This causes problems for MNO and subscribers alike, says HAUD COO Steven Sammut.

“Such problems cannot be quantified,” he adds, “as SMS, is in many cases, is just the medium used to initiate the fraudulent activity. What is known is that the problem is huge and is affecting millions of subscribers worldwide every day. “

Another fraud type that does not affect the subscribers directly is the utilisation of illegitimate channels to terminate application-to-person (A2P) messaging, which channels are used to avoid paying MNO to terminate messages to their subscribers. “From experience, unprotected operators are losing more than half of their potential A2P revenues because of such abuse,” says Sammut.

It is something the carrier market is also taking seriously. Earlier this year, BICS expanded its arsenal of bypass-fighting products with the launch of Local SMS Firewall.

“BICS is dedicated to aiding operators in monetising their SMS assets,” said Bart Vandekerckhove, Head of Mobile Messaging at BICS. “SMS aggregators are always going to look for new ways to disrupt the industry, but with solutions like BICS’ Local SMS Firewall, the industry can protect both their customers and their revenues.”

He continued: “By stopping spoofed and faked messages, our Local SMS Firewall product releases the network bandwidth for revenue- generating traffic and prevents content providers from bypassing the SMS Termination fee. This means BICS is playing an important role in winning back some of the revenue operators lose to bypass each year.”