While moving to the cloud provides a number of considerable advantages – increased agility, time to market and flexibility, to name but a few – the reduction of physical infrastructure means companies are more susceptible to fraudulent activity.
According to recent research carried out by HAUD Systems, which focusses on securing communication pathways for network operators, bulk SMS marketing message providers are the prime suspects for this type of fraud.
HAUD’s CEO Claire Cassar explains that although a lot of businesses have agreements in place with operators to legitimately send bulk marketing messages on their networks, in the last few years a number of third-party companies have found loopholes in the system.
“Nowadays, with everything becoming more cloud-based, it is easier than ever to enter the market. The barriers have dropped,” Cassar said.
Neil Cook, CTO at Cloudmark – a US-based solutions provider which has developed a technology to monitor and filter traffic from grey routes – also noted that there has been an increase in companies using SMS communications.
He explained that larger corporations are using third-party companies to terminate their traffic, which are finding the cheapest ways to send that information – often via illegal grey routes.
Unfortunately, mobile operators have not been looking into this problem actively enough and although they expect a certain amount of revenue loss from grey routes, this figure is much higher than first thought.
“[Operators] often think, OK how much more money can I be making from SMS? They do not realise that what they actually have is revenue leakage, and it consequently continues to be abused by senders,” Cassar added.
European losses
The amount of revenue lost varies by region and the maturity of the market itself, and although more-developed markets are thought to be well-protected against such intrusions, HAUD’s profiling technique revealed some surprising results.
“We found that one major European operator was experiencing around 40% of all international traffic coming via grey routes,” Cassar said.
In this instance, a legitimate company was sending bulk SMS traffic across the operator’s network via grey routes without realising it. The outsourced aggregator charged with terminating the traffic was not paying to do so.
“It was quite amazing and quite insightful for us,” commented Cassar.
Both HAUD and Cloudmark offer technologies designed to detect and filter grey route traffic and have already started to see patterns and trends.
“I think it is a global issue – we have seen it in most geographies we work in,” said Cook. “There are a few geographies where it may be an issue, but the operators themselves do not have such a problem with it.”
Despite the anomaly with the major European operator, Cassar names Europe – Spain and Greece in particular – as a region most sufficiently protected from the threat of grey routes, thanks to the filters they have in place, which they actively monitor.
“In Europe at least, we are seeing much more awareness and much more proactivity from the operators,” she said.
However, in regions such as Asia, Africa and Latin America, which are still largely growing and emerging markets, Cassar expects there to be more of an issue because the systems are less sophisticated. “In Latin America they do use some sort of filtering, but it is not yet foolproof,” she said.
Security alert
Aside from the revenue lost to grey route traffic, Cook also highlighted the security risks involved with using grey routes.
“If your bank messages were being sent through insecure networks and countries that the bank, the operator or the consumer do not know about, that could be used by someone to phish you, which is very worrying,” Cook said. But this awareness is growing and Cassar said that compared to two years ago, when HAUD first began its profiling technique, operators are now much more receptive to the problem.
Both Cook and Cassar agree that operators are realising the scale of the problem and are actively pursuing a solution as a result.
“At the end of the day, if you can maximise the revenue from your systems, why not look into it?” added Cassar.
There are also potential regulatory implications. In Africa, Cassar said that one operator was completely bypassing the local interconnect fees of a national carrier customer by sending traffic over grey routes internationally.
“That’s not only illegal, it’s also a regulatory issue,” she noted.
The problem was resolved by blocking the offending operator, and regulators worldwide have since started paying more attention to their incoming traffic.
“The regulator in India has actually imposed on all operators that they are to have some kind of filtering in place,” Cassar said.
Despite this awareness, solutions like those from Cloudmark and HAUD are still in the early stages and much of the world accepts that some traffic will remain lost to grey routes.
Operators, regulators and service providers are taking on board the need for protection against fraudulent grey route traffic, but the issue remains a pressing one for 2014.