Not all messaging frauds are maDe equal As we saw in the first article of this series entitled ‘Messaging fraud – The next gold mine’, although person to person messaging (P2P) has perhaps passed its peak, application to person messages (A2P) have been growing rapidly, such that this segment of the market is forecast to generate US$27 billion over the next three years – a significant sum. With money like that on the table, the interest in taking an increased share of the A2P pie, by any means possible, has unfortunately risen in parallel. E-mail was perhaps the first to do so, as the free nature of e-mail delivery meant that every shady character could inundate the world with fake and sometimes dangerous messages.
w w w.hot tel e c o m.c o m
The messaging ecosystem is a complex one, with multiple stakeholders playing their role in getting the message from the systems of the enterprise or brand through the telecom infrastructure to be securely delivered to the required consumer wherever they are in the world. Sadly, each of the entities in the messaging value chain is susceptible to fraud, with some of them, unfortunately, also playing an active part in encouraging or profiting from those frauds. This series of articles is focused primarily on how mobile operators serving the end consumer can minimize fraud and so we will examine these different frauds from their perspective. Overall, we can segregate messaging frauds in three categories, based on who is impacted:
2
M A RK E T IN SIGH T
• enterprises or brands originating the messages • consumers as the recipients of the message • entities in the network - the aggregators and mobile operator(s) responsible for securely delivering the message to the appropriate device CONSUMER AND BRAND ATTACKS To some extent, both consumers and enterprises suffer, albeit in different ways, from the same types of frauds, which are those that try to entice the consumer to take actions that are not advisable or appropriate. The key frauds in this area are variants of messages that are unwanted or which pretend to represent a company that they are not. These include Spam messages, Phishing and Malware.
w w w.hot tel e c o m.c o m
Spam: Spam messages are annoying to consumers and reduce customer satisfaction, but are typically harmless. They are usually advertising or brand building and are difficult to control for operators because it is not clear whether the consumer has opted in to receiving such messages. In most countries where there is an opt-in requirement, this is often implemented in the small print during another transaction and the status of the opt-in response is stored with the company involved. As a result, Spam is best controlled via artificial intelligence driven analysis programs (as with email spam) and some crowd-sourcing of problematic messages to help in their detection. The impact for Brands in general is that the more Spam messaging that exists, the less the chance that valid messages will be checked and acted upon - it therefore reduces the effectiveness of the channel. Phishing: The next layer deeper is where the origination details of the message are modified such that the message purports to come from an organization that it does not actually represent. Some practitioners use Alpha character origination details - ie Orange - when the message is actually from a competitor perhaps, looking to find out if the consumer has an account that is up for renewal. More serious problems occur when the message appears to come from the local Tax department and are looking to either trick the consumer into making a payment against their (non-existent) tax default, or to visit a website aimed at obtaining personal details and log-in credentials that will be used for identity theft.
This latter area is sometimes known as SMS Phishing or SMiShing. Most valid SMS originating companies can check for mismatches between the sender and the claimed name, but, of course, there are companies willing to turn a blind eye to transgressions in the race for revenue. Tracking such activities relies again on AI techniques together with crowd sourced databases of spoof originations. Of course, educating consumers to watch out for such frauds is also a key part of the solution. Here again, the risk is decrease in customer satisfaction compounded with a financial and/or identity risk. Malware: SMS Malware takes these techniques to a more critical level again. Here the techniques are used to persuade a consumer to click a link in the message which automatically downloads and installs malware on the device which can access the internal databases of the phone to find PIN codes, access the contact list to act as a generator of additional Spam messages, or even send messages or make calls to premium rate services to generate cash via that mechanism. Even with this enhanced risk, the solutions to tackle this type of frauds are similar to the cases discussed above: AI techniques looking at pattern or URL detection plus, of course, making sure that operating systems are fully patched and up to date with the latest security releases. As we can see, in this area of consumer security, while the terminating mobile operator has no hand in controlling the origination of these messages, having an effective firewall around their Short Message Service Center (SMSC), which is equipped with the latest iterations of AI driven detection methods, is
w w w. who l es al es o lu ti o ns .o r an ge.c o m
3
w w w.hot tel e c o m.c o m
the best way to stop these messages from ever reaching their customers. As always, there is a fine balance between blocking legitimate messages and letting through a dubious false message. Hence partnering with leaders in the space is preferable to a Do-It-Yourself approach, or, even worse, just allowing all incoming messages to be delivered. OPERATOR REVENUE ATTACKS The other side of an effective approach to fraud is to protect the revenue of the mobile operator against various attacks aimed at bypassing the normal settlement processes. As we saw in the first article, P2P messaging was generally believed to be reasonably balanced in terms of interactions between mobile operators. A message was sent by one consumer to another on a different network and often times, the recipient would reply. As a result, either settlement of the balance would occur, or a sender keeps all approach was preferred (simplifying the complexity of tracking message transactions and settlement payments). The rapid rise of A2P messaging totally changed this dynamic, as now the majority of messages are from a company, via an aggregator to a consumer and there is rarely a need to reply to the message. Most mobile operators hence become the terminators of such messages and reasonably expect payment for that service. The rapid rise of these messages coupled with the high cost of termination resulted in many attempts by aggregators and other originators to increase their margins by reducing their costs. Competition between aggregators for the business of large global
4
M A RK E T IN SIGH T
brands similarly drove the need to offer the lowest price termination available and if one less than honest aggregator is offering a certain price in the market place, there is an obvious incentive on others to somehow match the price structure. The end result - many attempted ways to avoid paying for the full regulated interconnect pricing. These efforts include the use of grey routes, global title faking and SIM farms. Grey Routes Many routes into the SMSC were opened in the days of P2P messaging and relics of the sender keeps all settlement process remain today. Thus, in some instances agreements between mobile operators have yet to be signed to define how messaging will be handled. For low volume routes, this does not cause serious issues for the operators themselves, but when these routes are used by others to send A2P messaging then this opens the door to fraud. Simply closing those routes is not an option, as this would block valid P2P messages between operators. However, if these routes are used by others by changing the originating number so that it appears to be valid, or by changing the signaling addresses, then operators should attempt to block or refuse to deliver the resultant messages. The technical ways these routes are used will be described later, but in general, trying to move all the old Sender Keeps All arrangements towards commercial settlement approaches is a key step for mobile operators to tackle this loophole. Global Title Faking The Global Title is an International SS7 signaling identity normally issued by Regulators to define the identity of a company able to send messages via the global signaling
w w w.hot tel e c o m.c o m
networks. Firewalls encircling an SMSC can be set up to accept incoming messages from entities with valid Global Titles and block others. However, if an unscrupulous operator is willing to modify the content of its signaling messages and utilize the Global Title of another operator or aggregator, then firewalls can be fooled and messages terminated without payment by the company originating them. Such approaches then result in disputes between valid partners or lower pricing in the marketplace offered by companies perhaps blending in lower cost (or free) termination, which then incentivizes other aggregators to somehow follow suit. There are variants of this, where the message asking for the full location of a called customer (the SRI message) is sent from an accurate Global Title, but the message itself (the FSM request) is sent using the details of another company.
The technical design of SMSCs did not necessarily require these two linked messages to be directly tied to each other and as charging is based on the delivery of a message, rather than on the request for routing information (SRI), this fraud often succeeds. Solutions to this partly reside in tightening up processes and procedures that trigger alarms when, for instance, a valid operator receives a response to the sending of a message (via the FSM message) when it did not, in fact, send such a message. This would allow responsible originators to realize that someone is likely making use of their Global Title. At the terminating end, having advanced firewalls that can recognize discrepancies between routing enquiries and the messages themselves, and identify changes in volumes and other origination details associated with valid Global Titles, would also help spot these frauds before they can develop further.
w w w. who l es al es o lu ti o ns .o r an ge.c o m
5
w w w.hot tel e c o m.c o m
A broader ecosystem approach that identifies the ways that below market rates are offered would also highlight problematic players, although with such a complex set of commercial arrangements, this is rarely achieved. SIM Farms A SIM Farm is a bank of SIM cards used for the delivery of A2P messages (and indeed voice calls) using consumer retail SIM cards available in the country with rates that are below the international interconnect rate. Overseas aggregators can then route messages via these SIM Farms for delivery as if they were locally originated P2P messages and pay the “special offer” retail rates often available for new customers. Variants of this can also include incenting real consumers in the distant network to allow their own phone to be used in this way using an App which greatly increases the complexity of identifying such approaches. The messages themselves now will appear to be originating from a local number in the country (the number assigned to the SIM) and Alpha originators (ie Orange) are not available. For some applications this does not seem to matter, and perhaps, in some cases, the originating Enterprise is not aware of how the message actually appears to the called consumer. Also, because responses are rarely required to these messages, the inability of the consumer to reply correctly to the message is not a problem either. Again, detailed analysis of the content of messages appearing to come from local SIMs is a key way of controlling this type of fraud and also speaks to the requirement to firewall both the signaling routes into the SMSC from international sources as well as domestically. Purely assuming that issues with the lack of a
6
M A RK E T IN SIGH T
valid interconnect payment will only become apparent by controlling international signaling links is not a full solution. AI AT THE CENTER OF THE FIGHT This walk-through of the main frauds seen in A2P messaging perhaps highlights the ingenuity of companies to maximize their revenue and margin, which is almost always done at the expense of the terminating operator. The key solution that arises time and time again to tackle the different types of fraud messaging is for leading edge AI-based solutions to analyse signaling messages and message content to identify signs of a developing fraud. Firewalls can be equipped with thresholdbased alerts which are triggered when thresholds are passed, however operations staff in mobile networks around the globe are rarely equipped to properly set and continuously modify those thresholds to cope with changing circumstances. Only self-learning systems have the speed and “intelligence” to cope with the fastmoving approaches adopted by aggregators and originating companies fighting for their survival. Partnering with leading practitioners that keep on top of technological advancement in this field is crucial so that mobile operators fully receive the settlement payments for messages they are, in fact, terminating. The next article in this series will look at reallife use cases of mobile operators which are successfully tackling some of the frauds discussed here and how effective fraud management systems can significantly increase the revenue from this important, and growing, service opportunity.
w w w.hot tel e c o m.c o m
ABOUT THE AUTHOR Steve Heap CTO HOT TELECOM Steve has a lifetime of experience in designing, engineering and operating networks, both domestic and international. With leadership experience in small technology start-ups through to global service providers, he has deep experience in a wide range of products, technologies and geographies. He has the rare skill of being able to explain complex technical issues in easily understood concepts and uses that extensively in his consulting work with HOT TELECOM.
ABOUT ORANGE INTERNATIONAL CARRIERS Orange International Carriers is the Wholesale Division of Orange Group, which has retail operations in 27 countries and provides business services in 220 countries and territories. In a market place that is constantly evolving, Orange International Carriers is the operator that brings its customers a true digital experience and makes technology accessible to everyone. Offering a network of global connectivity via 40 submarine cables and international consortiums, stretching 450,000km, Orange is actively involved in the deployment of smart connectivity to support today’s fast-moving, telecoms landscape. With a comprehensive portfolio of innovative and flexible solutions for retailers, wholesalers and OTTs worldwide, Orange International Carriers is a global solutionprovider for services in Security, Data, Mobile and Voice. Additionally, Orange International Carriers proposes professional services to meet today’s increasing diversity of digital demands, including customised business models and – where relevant – especially adapted offers. To learn more, please visit https://wholesalesolutions.orange.com
w w w. who l es al es o lu ti o ns .o r an ge.c o m
7