WINNER “BEST ANTI-FRAUD INNOVATION”
GLOBAL AWARDS 2019

Insights from Vox Carrier

VOX Insights | Networks Audit Report for Hungary

Network Audit

Mobilesquared most recent SMS A2P databook indicates 17% SMS A2P gray routes in Hungary, A VOX360 network audit of Hungary in 2020 also revealed that there were several clear areas of vulnerability which MNOs should look to improve. These network vulnerabilities negatively impact customer service and also act as significant barriers to MNOs being able to increase their revenue.

Sub-Network auditing results for fraudulent activity: Hungary

There are more often than not a set of common challenges that show up in country-level network analysis. 

SMS Delivery based on pricing alone

One classic red flag is pricing. When the pricing of any good or service is so low it appears too good to be true, then this is a surefire clue that something worrying may be going on; this holds true for any industry, Business Messaging included. 

Marius Rosca, VP of Partner Success at VOX Carrier puts it well, “If we are able to sell something that you are selling three times cheaper, there might be a problem somewhere.”

Rock-bottom pricing usually comes with a sting or two in its tail – sub-standard service and compromised security to name but two. With Hungary, we found that the bottom 25% of their SMS traffic was being sold at a price 3x less than traffic at the top end.

 “The bottom 25% of their SMS traffic was sold at a price 3x lower than traffic at the top end”

This is suspiciously low. We know that sometimes some Messaging volumes can be contractually locked in with low pricing but given the frequency with which low pricing was available, out of step with the rest of the market, this is a red flag, a strong indicator that insecure, illegal routing is being used for message delivery.

A2P Traffic from International and National Sources

When assessing the performance of a network, any traffic spikes from other networks could well prove to be indicators of there being weak spots in the network, the potential bypassing of firewalls. Simply put, ‘bypass traffic’ is illegal traffic from unknown sources.

“30% of A2P SMS traffic coming from international networks”

Our Hungary analysis showed that 30% of inbound A2P SMS traffic originates from international networks, alone indicating enormous potential for bypass.

Messages Analysed for Manipulated Content

Manipulated content shows up when a consumer receives an SMS with alterations in the text body. These alterations are a strong indicator that someone has tampered with the message. 

For Hungary, we found that 13% of SMS traffic showed evidence that content manipulation had taken place, meaning there is a high chance of ongoing fraudulent activity. Manipulated content is a very strong indicator that illegal activities are taking place on your network. 

“13% of SMS traffic showed evidence of manipulated content”

Marius Rosca comments on this practice, “These kinds of bypass are used to sidestep firewall rules and they impact the customer experience because all this activity ends up on the customer’s handset.”

As we explained in another of our blog posts on SIM farms, manipulated content is a vehicle for criminal activity. Bad actors in the ecosystem use such messages in an attempt to secure access to sensitive personal information from mobile subscribers.

SIM-box Analysis

SIM boxes are a growing threat all over the world. Opportunistic parties create a cheap, bulk SMS messaging leveraging consumer-grade technology which any person can easily secure. The practice is illegal and puts the end customer, the Messaging deliverer and the MNO at risk. The whole delivery chain is negatively impacted.

“SIM box activity was low but it builds momentum considerably when more obvious leakages are fixed”

Fortunately, we found few signs of SIM box activity in Hungary but this is simply likely to be because there are currently easier means of bypass. Marius Rosca warns of the dangers of taking your eye off this practice, “SIM box activity builds momentum gradually, and it can have a high impact if left unchecked.”

International HUBs Analysed

About 30% of Hungary’s A2P SMS traffic is terminated via hubs from other national MNO operators. This indicates the possibility bypass from international sources was occurring. This high percentage warrants further investigation.

What to look for to get better network control

Stakeholders at MNOs need to be conscious of the fact that each of these common red flags negatively impacts customer experience and devalues their brand. Crucially, MNOs can also lose out on revenue. The following are clear signs that you do not have the correct level of network controls in place:

  • High levels of A2P SMS traffic from international GTs that open up the possibility of bypass
  • Text manipulation (never a good sign) means there is illegal activity happening on your network
  • Unfeasibly cheap SMS pricing that suggests the presence of SIM boxes operating on your network
  • Revenue leakage. This is very likely due to inadequate monetisation of National and International A2P SMS traffic
  • Missed market opportunities. While your competitors are optimising and protecting their A2P SMS revenue models, you are losing out
  • Data privacy and consumer security threats that suggest you could face reputational damage

Threats To The A2P Value Chain

Four principal threats emerge from our network analysis:

  1. Privacy and Security

SMS spoofing, faking, and spam are all illegal methods used by criminals to secure access to private consumer data, for fraudulent use. Scammers and fraudsters can exploit network vulnerabilities intending to defraud customers. MNOs stand to suffer great reputational damage and customer churn should these practices come to light.

  1. Loss of Control

A2P SMS messaging fulfils numerous use cases, one of them being the delivery of authentication messages by banks to their customers. Referring to the practice of these messages being hijacked by scammers, Marius Rosca says, “When there is a bypasser, there is no contract, so suddenly your message goes through someone you don’t know. You have no idea who it is. The bank has no idea who it is. The operator has no idea who it is.”

  1. Loss of Revenue

All the negative practices we have discussed expose the MNO to revenue loss: revenue intended for them is being taken by somebody else and this needs to be stopped in its tracks. A2P SMS messaging is on a steady growth path and now is the time for MNOs to optimise their systems and processes to take advantage of it.  

  1. Compliance Failure

As per the EU’s General Data Protection Regulation (GDPR), every party in the Messaging value chain has a role to play in safeguarding consumer information. Fraud and Compliance teams within MNOs know very well the legislation that requires them to proactively pursue illegal activity as soon as they find out about it.

Conclusion

We found many soft spots in Hungary’s network infrastructure. Some of these weak points are likely being taken advantage of by criminal elements. Other weak spots lead to wasteful revenue leakage

We encourage MNOs and everyone in the value chain come together, each playing an active role in stamping these fraudulent practices out. The rewards of doing  so are well worth it: enhanced brand reputation, customer retention and extra revenue.

Insights from Vox Carrier

Updates on our activities, market insights and presence in international events

WINNER “BEST ANTI-FRAUD INNOVATION”
GLOBAL AWARDS 2019