fighting messaging fraud with intelligence, partnerships, people
SUCCESS Communication between all the parties involved in the messaging chain is crucial,
fighting messaging fraud with
intelligence, partnerships, people Sandrine Dutertre Messaging Security, Orange International Carriers
T
he growth of A2P traffic and termination revenue has triggered an explosion of messaging fraud, both in the international and domestic markets. It is a never-ending battle that needs to be fought through information, intelligent tools, partnerships and people.
I recently had the opportunity to sit down with Sandrine Dutertre, Messaging Security Product Manager at Orange International Carriers to discuss how to successfully tackle the growing fraud messaging challenge. She also talked about the central role Orange is playing in the fight against messaging fraud. The fight is on!
2
H OT IN T ERV IE W
w w w.who l es al es o lu ti o ns .o r an ge.c o m
Messaging fraud is a growing scourge on operators’ business. What do you think is the biggest challenge in successfully fighting fraudsters? There are actually several key challenges that build on each other. The first is to acquire a very deep knowledge of the fast-moving messaging market, to keep up with all types of frauds, old and new. Then you must find reliable partners so that you can rapidly build a flexible fraud prevention ecosystem, able to adapt to the evolving nature of fraud and upgrade your system as close as possible to real-time. Finally, the human factor is critical. Having knowledgeable security experts to maintain and update security mechanisms to adapt to the ever-changing methods of fraudsters is crucial. The involvement of machines and artificial intelligence is one thing, but to be really successful at fighting fraud you also need the human involvement. Good security experts are difficult to find, as it requires a very specific and specialized profile. We are lucky to have such security experts within Orange, as we are already deep into security challenges on the data, voice and mobile front. Our experts are now working increasingly on messaging and are continually learning, both through the interactions with our partners and through internal technical and commercial acquired knowledge.
What do you think is the most damaging type of fraud attacking operators’ network at the moment?
Firstly, we must distinguish between two types of cases: fraud and bypass. Fraud cases trigger damage to the network and its customers, while bypass cases trigger revenue losses for the operators terminating the messages. On the fraud side, spoofing of the message origin and its technical details is very dangerous, as it can lead to roaming service interruption and huge billing disputes, with both subscribers and partners. It is also a serious risk, as it is very easy to put in place once you have found a way to enter the signalling network. For example, spoofing attacks took place within the Orange Group a few years ago, and it resulted in the Orange mobile operators having to stop all customer roaming for a full day to deal with the attack. When it comes to the main bypass cases, currently it is all about SIM Boxes. Again, it is unfortunately quite easy to set-up, as all you need to do is to buy local SIM cards and deploy them in the destination network - even putting them into cars to minimize the chance of detection. To make matters worse, when you deactivate SIM cards due to fraud, it only takes a few hours for thousands more to appear somewhere else in the network. So, if you do not have the automated tools to detect these fraud events in real-time you can lose a lot of money fast. Consequently, fraud and bypass attacks not only cause significant damage to the operators’ network, but also more importantly to their reputation and therefore to their longterm revenue and success.
H OT IN T ERV IE W
3
w w w.hot tel e c o m.c o m
Sadly, not all operators realize that the risk is there and growing. Obviously, those who have already suffered an attack understand the risk and are taking the steps to protect themselves, but those who have not may not be as aware and well prepared to fight the fraudsters. Someone looking to make money quickly will always gravitate to the weakest link and these operators are therefore a prime target and will be attacked at one point.
The world is moving very quickly and so are fraudsters. How do you think messaging fraud will evolve in the next few years? Are there any areas that particularly worry you? I would say that the fraudsters are getting smarter and smarter and we now see some highly sophisticated fraud cases emerging. Initially, implementing a firewall with basic rule checks, such as the origin of the message, for example, was sufficient to fight most fraud attacks. However, now we are getting to a different level, where the information inside the message is being modified, which is more difficult to identify. For example, you are seeing messages being sent with zeros instead of Os, spaces between letters, dashes and the combinations are endless. Many operators do not filter the content of the message because of the regulations within their country and this is definitely an open door for the fraudsters. Therefore, going forward I believe that new fraud cases will appear around the obfuscation of the content to avoid detection.
4
H OT IN T ERV IE W
As a result, operators must be very reactive and update their filtering rules and act in real time. It is a never-ending fight, so having a flexible and scalable firewall, combined with real-time filtering rules, is essential. Communication between all the parties involved in the messaging chain is also crucial, so that fraud can be detected at any stage of the messaging journey.
What is the role of AI in messaging fraud prevention? With fraud cases becoming more and more sophisticated you can’t just rely on a firewall without adding intelligence on top and that needs to be constantly refreshed via advances from our security experts but also by using advanced machine learning tools, which will help keep up with the fraudsters. Now that we have several deployments in service at Orange, we are able to use AI to spread the filtering rules to all our operator customers rapidly and seamlessly. This is very useful, as for example, we only took only one month for our most recent firewall deployment to reach our traffic target. In the early days this would often take three months to capture enough information for the AI to become productive. Our intelligent database contains all the known fraudulent attacks / threats that we have identified throughout our operator customers and it is constantly updated via a centralized “Threat Intelligence Sharing� service. It is a very powerful and effective way of sharing knowledge quickly between our operators.
w w w.who l es al es o lu ti o ns .o r an ge.c o m
What is Orange’s overall strategy to fight messaging fraud? Orange is an A2P hub and not an aggregator, so our objective is the same as the mobile operators’: improve quality and protect revenue. Orange therefore has designed ‘SMS Protect’ to help operators combat all fraud and bypass cases effectively. It is deployed to fully protect the MNO’s SMS channel from revenue leakage and all other forms of SMS Fraud.
difficult. At the end of the day the results will talk for themselves. What we have seen within Orange is that the volume of A2P traffic has been multiplied by a factor of 3 or 4 since the implementation of our fraud prevention solution. But if you leave even a small crack of the door open, the fraudster will find it and attack. So the fight will never end!
Our solution helps ensure high quality A2P routes, protects end-users, provides improved customer care and therefore improves the overall messaging value for the operators. In addition, Orange also offers an audit service, through an external provider, in order to get a clear picture of the operator’s network prior to the firewall implementation. It also checks the solution accuracy once implemented at least two to three times a year. These audits ensure a better relationship with the operator from the start and optimises the results. We want to show the operator that we constantly challenge our own solution and are serious in identifying areas that need improvement. Through this process, we are also able to show the operator how much fraud we were able to prevent. For example, in one case an operator had more than 30% of its messaging traffic generated by SIM Boxes, and 18 months later this had gone down to 5% thanks to the implementation of our solutions. Fraudsters are still succeeding some of the time, but our solution is making their work much more
H OT IN T ERV IE W
5
w w w.hot tel e c o m.c o m
ABOUT THE AUTHOR Isabelle Paradis President, HOT TELECOM Isabelle is President and Founder of HOT TELECOM, one of the most innovative and creative telecom research and consulting companies in the industry. More recently, Isabelle has been working with many of the world’s telecom service providers to help them define their transformation strategy. She has published several articles and reports on the subject and has spoken at numerous conferences around the world to share her views on the future of the international telecoms business.
ABOUT ORANGE INTERNATIONAL CARRIERS Orange International Carriers is the Wholesale Division of Orange Group, which has retail operations in 27 countries and provides business services in 220 countries and territories. In a market place that is constantly evolving, Orange International Carriers is the operator that brings its customers a true digital experience and makes technology accessible to everyone. Offering a network of global connectivity via 40 submarine cables and international consortiums, stretching 450,000km, Orange is actively involved in the deployment of smart connectivity to support today’s fast-moving, telecoms landscape. With a comprehensive portfolio of innovative and flexible solutions for retailers, wholesalers and OTTs worldwide, Orange International Carriers is a global solutionprovider for services in Security, Data, Mobile and Voice. Additionally, Orange International Carriers proposes professional services to meet today’s increasing diversity of digital demands, including customised business models and – where relevant – especially adapted offers. To learn more, please visit https://wholesalesolutions.orange.com
6
H OT IN T ERV IE W