fighting the messaging fraud beast The previous article in this series entitled “Not all messaging frauds are made equal� outlined the many varied ways that attempts are made to bypass the legitimate routes for messaging delivery and how those can be used to deceive the consumer, hurt the brand, and financially damage the mobile networks involved. The mobile network that serves the end-customer is perhaps the only one that has a broad visibility of the fraud issues and has the most to lose financially in terms of lost revenue. But maybe more importantly, its reputation is on the line, with disappointed customers hit with spam or fraudulent messages.
w w w.hot tel e c o m.c o m
The revenue hit involved can be substantial and not to be underestimated. With Enterprises willing to pay an estimated US$17 Billion per annum for reliable delivery of A2P SMSs and with the average delivery price of such messages globally between US$0.03 to US$0.07, the amount of money a mobile operator with 10 million subscriber can lose from local SIM Boxes, for instance, could easily reach US$2 million per year. But fraud messaging can be fought successfully if you have the right tools. For example, a major MNO in Asia with over 20 million customers which implemented an SMS firewall in its network was able to reduce the amount of incoming SMS bypassing the legal interconnects from over 30% to around 13% within one year of implementation.
As such, it is a little like the joke about the best way to outrun a bear - be faster than your companions. THE NATURE OF THE BEAST As explained in our prior article, most fraud attempts around A2P messaging delivery revolve around SIM Boxes, local aggregator bypass and P2P route bypass. As a quick reminder, SIM Box fraud allows international A2P messages to be sent via local SIM cards as though they were originated in the country by local customers. MNOs offering “unlimited SMS” plans for personal customers and “SIM-only” offers are particularly at risk here. There will be fair usage policies attached to these plans, but often these are not monitored in real time and significant revenue can be lost in a relatively short time.
‘Operators easily lose US$2 million per year due to SIM Boxes’
As a result, it increased its global incoming volume of SMS by 67% over that period and its overall revenue generated from terminating incoming messages increased by US$1.2 million to US$3.8 million. So what steps can a mobile operator take to reduce this major issue? As we can see from the above, totally eliminating fraud is always the goal, but almost always it is a goal that is out of reach. Every time an improvement is made in detection, an attempt is made to try to bypass that change!
However, there is one key factor to bear in mind - people committing fraud are similar to the flow of water and they will always seek the easiest path. If there are networks with relatively few controls over fraudulent attempts compared to hardened destinations, the fraud attempts will focus on the easy target.
2
M A RK E T IN SIGH T
Coupled with this, the messages will technically be transformed to look like P2P messages from one customer to another and so the MNO is very wary of blocking messages that could, in fact, be legitimate customer sessions. From the point of view of the A2P brand, any originating numbers are lost and the message will appear to come from the telephone number assigned to the SIM in-country. Local aggregators can enable a similar type of fraud in the country if they have a legitimate low-cost deal to originate domestic A2P messages. The grey route fraud however appears if one of these enterprises decides to sell access to its route to other national or
w w w.hot tel e c o m.c o m
international originators at their own “special” rate. Again, complex to spot because the messages from this source are already seen as legitimate by the mobile operator involved.
integrated into the operator’s network in a way that minimizes or avoids the re-engineering needed in other elements such as the HLR/ HSS and SMS gateways.
Finally, the P2P bypass occurs when, for historic reasons, an interconnect with a distant mobile operator was deemed to be low volume and/or balanced and so it was not worth establishing billing and settlement processes for the traffic. Over time, this route will be used to carry increasing amounts of A2P messages from other sources and the technical arrangements are such that the A-number can be freely set to a national number or even an alphanumeric brand.
Similarly, the implementation of the firewall should be invisible to the external systems terminating into the MNO network so that others cannot see that a firewall is now in place.
As can be seen, the complexities of these fraudulent paths are such that the simple statistical reports produced by network elements are rarely adequate for the task at hand and hardening a network must always start with controlling the entrance points and gateways.
And, finally, the technology must handle all the common legacy and modern protocols from SS7 to 4G/5G approaches. As you can see, even with this step, it is important to partner with experts in the field to minimize your exposure.
HOW TO TACKLE THE BEAST
With the firewall in place, the next step is to ensure that all relevant data is collected as close to real time as possible. Large quantities of data come, of course, from the firewall itself, but adding in the statistics from the other internal SMS traffic handling systems brings in added detail to the data captured.
Step #1: Build Firewalls - Encircling the camp Controlling the access to the SMS delivery elements in a network with a firewall sounds easy in practice, but implementing this efficiently and simply can be far from straightforward. This is because networks are highly interconnected with signaling coming from many international sources as well as multiple interconnects occurring with network elements and systems in the operator’s own network. A number of technical design considerations must be taken into account for a firewall to be successful. Firstly, the implementation of the core element of a fraud management system - the Technology System - must be
To further minimize bypass, the technology must ensure that fraudsters cannot probe weaknesses in the network design to access other network elements and avoid filtering in that way.
Step #2: Data and Analytics – Adding the ammunition
Analysis of this wealth of information basically follows two distinct paths to detect fraud. 1. Categorizing the nature of the sender as identified by the addressing of the SMS The addressing details of messages are the first line of defense. Modern artificial intelligence (AI) systems use leading-edge statistical tools to maintain a “reputation” score against individual senders by looking at their history of messages sent.
w w w. who l es al es o lu ti o ns .o r an ge.c o m
3
w w w.hot tel e c o m.c o m
This can include such calculations as the number and frequency of blocked messages, the transmit and receive volumes and ratios, the spread of recipients of the messages and finally patterns in the timing of messages to differentiate automatically generated messages from the ones where people have taken the time to create and send the message itself. 2. Analysis and matching the content of the message against known A2P content Behind the addressing analysis lays a deeper level of message content analysis. Leading vendors in the space, such as Orange with their partnership with Anam Technologies, maintain a constantly updated database of all known fraudulent attacks and threats and the nature of the messages involved.
4
M A RK E T IN SIGH T
This allows the system to instantly check incoming messages against those known content types and react accordingly. The AI elements of the system are able to extend from known message types to detect and learn about modifications to the message which result in the same fraud albeit using slightly different approaches. Finally, this detailed and real time analysis provides operators excellent insight with visualization tools illustrating the status of their messaging business in terms of revenue generating traffic and well as fraudulent traffic coming in under the radar. Step #3: Proactive approaches Strengthening the walls Passive analysis is a key component of fraud solutions, but aggressive proactive approaches help identify new techniques before they can develop into major problems.
w w w.hot tel e c o m.c o m
Creating virtual SIMs within the firewall allows operators to use a “honeypot” fishing technique, whereby these SIMs can receive and immediately analyze new messages that are coming via unusual routes. Of course, these SIMs never belong to real customers who can sign up for message alerts and so even one incoming message is a sign of Spam. In a similar fashion, generating international messages heading towards these SIMs allows the firewall to confirm the routing taken by those test messages and pinpoints exactly where the leakage is taking place, allowing another grey route to be identified and blocked. Step #4: People – Supporting the army Although AI is often spoken about as this ultimate automated system that takes the best a human can do and then enhances it, the reality is that having a skilled and proactive team of data scientists and SMS/signaling fraud experts behind the scenes is critical. New frauds need to be identified and the mechanisms fully understood so that new rules can be built into the systems. Auditing the workings of the firewall and its associated systems are key to satisfying the dual objectives of the mobile operator - to maximize the incoming revenue without ever blocking legitimate messages to or from their customers.
• Fewer messages leak and the increase in messaging via legal routes also improves delivery reliability and therefore the satisfaction of both the Brands and recipients • End users are protected against identity thefts as well as bill disputes and lost personal data • Revenue to the mobile operator is increased as messages shift from zero or low revenue routes back onto the correct interconnects A growing number of operators are taking the necessary steps to win the fight against fraud messaging and are now benefiting from their hard work. We described earlier the results seen by a major Asian MNO, but many others exist. For example, efforts by an African MNO with 30 Million+ customers resulted in bypassed traffic on SIM Boxes dropping down to 10% after 18 months of operation. Their global paid volumes of incoming messages also increased by 50% in the first six months and are now up by 77%. As we say, the results speak for themselves and prove that it is well worth taking on the fraud messaging beast head first!
Convincing an operator that this will be achieved is perhaps the most critical part of a fraud prevention installation. BATTLES WON - THE RESULTS SPEAK FOR THEMSELVES With solutions such as the ones described here, the benefits can be seen in many areas:
w w w. who l es al es o lu ti o ns .o r an ge.c o m
5
w w w.hot tel e c o m.c o m
ABOUT THE AUTHOR Steve Heap CTO HOT TELECOM Steve has a lifetime of experience in designing, engineering and operating networks, both domestic and international. With leadership experience in small technology start-ups through to global service providers, he has deep experience in a wide range of products, technologies and geographies. He has the rare skill of being able to explain complex technical issues in easily understood concepts and uses that extensively in his consulting work with HOT TELECOM.
ABOUT ORANGE INTERNATIONAL CARRIERS Orange International Carriers is the Wholesale Division of Orange Group, which has retail operations in 27 countries and provides business services in 220 countries and territories. In a market place that is constantly evolving, Orange International Carriers is the operator that brings its customers a true digital experience and makes technology accessible to everyone. Offering a network of global connectivity via 40 submarine cables and international consortiums, stretching 450,000km, Orange is actively involved in the deployment of smart connectivity to support today’s fast-moving, telecoms landscape. With a comprehensive portfolio of innovative and flexible solutions for retailers, wholesalers and OTTs worldwide, Orange International Carriers is a global solutionprovider for services in Security, Data, Mobile and Voice. Additionally, Orange International Carriers proposes professional services to meet today’s increasing diversity of digital demands, including customised business models and – where relevant – especially adapted offers. To learn more, please visit https://wholesalesolutions.orange.com
w w w. who l es al es o lu ti o ns .o r an ge.c o m
6