As the Messaging and SMS ecosystem descended on the London Hilton Bankside for Day 2 of Messaging and SMS World, one theme ran throughout the morning sessions: restoring and maintaining trust in SMS is essential for operators to continue their drive to monetise the channel.
A key threat facing the industry is the rise of artificially inflated traffic, the theme of the day's keynote panel.
Artificially inflated traffic (AIT) is the term used to describe the fraudulent transmission of Application to Person (A2P) messages, so that rogue mobile network operators (MNOs) or another rogue party in the value chain, such as an SMS aggregator, can profit from the increased traffic. Often, it’s the unsuspecting enterprise that ends up footing the bill.
With A2P two factor authentication messages contributing to over 25% of SMS volume globally, even a small amount of fake traffic can cause big problems.
“The volume of total traffic which is fraudulent is in the 5% range which represents around $5 – 10 billion of value,” said panellist Michael Reading, senior director, cloudmark technical services at Proofpoint.
Even though they are sent to fake accounts, the messages are still terminated and therefore the enterprise that is using the service still gets a bill. This can take one of two forms, enterprises are slowly bled by a low volume of fake traffic that they barely notice, or it can all come in one go and they receive a nasty shock.
One panellist was aware of a company that’s entire marketing budget for the financial year was wiped out by a single attack.
Often when this happens, the enterprise is quick to blame the aggregator, messaging platform or Communications Platform as a Service (CPaaS) they’re using, even if they could have taken more steps on their end to prevent the fraudulent activity.
“We try to work with our customers to ensure that they are not just using our system but have set up the right security on their side to prevent attacks” said Uku Tomikas, CEO of Messente, an Estonian SMS messaging platform.
Moderator John Wilkinson, CEO of TMT Analysis provocatively claimed that mobile network operators and the A2P value chain profiting from the fraudulent activity disincentivises anything to be done about it.
The panel took the bait and firmly disagreed. “While MNOs do have short-term targets to increase monetisation of SMS and may be more lenient, increased AIT jeopardises the integrity of the channel” said Richard Lemmers, chief commercial officer of Openmind Networks.
Tomikas agreed that the industry needs to step in and help prevent fraud, regardless of whether it can lead to increased revenue in the short term. “If an enterprise is subject to an attack, they may lose faith in us as a platform, and look to our competitors. Once the trust is gone, we will lose them as a client” he said.
Nina Knezevic, global business development director at Infobip took this trust issue a step further:
“[AIT is] creating mistrust and not creating long-term benefits for aggregators. Traffic will just be moved from SMS if fraud continues. A better long-term strategy is to be honest with MNOs and enterprises and provide traffic only provided by trustworthy parties.”
Losing faith in SMS as a B2B channel could have disastrous effects on MNOs. Just as they are starting to monetise a legacy technology that has been a fraction of their revenue to date, enterprises switching off A2P verification would deeply impact this emerging businesses.
Nascent signs of enterprises losing faith in SMS could already be beginning to rear their head.
The panel pointed to the recent example of Twitter putting SMS verification behind its Twitter Blue paywall as an example of the real threat that AIT poses to the industry.
In December, Elon Musk claimed the company suffered losses of $60 million as a result of AIT, and in response ordered Twitter executives to cut off services to any operators with a fraud hit rate of more than 10%.
So, what can be done? Potential apathy across the value chain coincides with a certain level of apathy from enterprises in the tech space that are subject to such attacks. The inflation of users on a tech platform is likely to positively impact the company’s valuation, and as such some bosses may be unmotivated, or even actively encourage, AIT. This makes AIT a complex problem that everyone knows exists, but no one knows how to stop.
The panel called for a united front against criminal activity from all aspects of the industry is key to ensuring the long-term functionality of the market, with Infobip encouraging operators, communication providers and businesses to implement a comprehensive fraud prevention strategy.
For enterprises themselves, working with communication platforms that offer realistic pricing (fraudulent platforms are more likely to offer their services at a discount) and have verified connections with operators can help to reduce the risk of a bad actor entering their value chain.
Monitoring conversion rates and the direct connections with MNOs to reduce the risk of grey routes (routes via which traffic enters the network without being sanction by the operator) can also help detect and prevent AIT.
Operators too can help by making responsible choices on SMS platforms they work with, while setting realistic revenue growth targets for SMS can help reduce the incentive to allow fraudulent activity into the network.
For the messaging platforms a number of steps can be taken, from increased investment in algorithms and firewalls that can detect bot activity, to limiting the number of messages that can be sent to a certain number.