Mobilesquared most recent SMS A2P databook indicates 17% SMS A2P gray routes in Hungary, A VOX360 network audit of Hungary in 2020 also revealed that there were several clear areas of vulnerability which MNOs should look to improve. These network vulnerabilities negatively impact customer service and also act as significant barriers to MNOs being able to increase their revenue.
Sub-Network auditing results for fraudulent activity: Hungary
There are more often than not a set of common challenges that show up in country-level network analysis.
SMS Delivery based on pricing alone
One classic red flag is pricing. When the pricing of any good or service is so low it appears too good to be true, then this is a surefire clue that something worrying may be going on; this holds true for any industry, Business Messaging included.
Marius Rosca, VP of Partner Success at VOX Carrier puts it well, “If we are able to sell something that you are selling three times cheaper, there might be a problem somewhere.”
Rock-bottom pricing usually comes with a sting or two in its tail – sub-standard service and compromised security to name but two. With Hungary, we found that the bottom 25% of their SMS traffic was being sold at a price 3x less than traffic at the top end.
“The bottom 25% of their SMS traffic was sold at a price 3x lower than traffic at the top end”
This is suspiciously low. We know that sometimes some Messaging volumes can be contractually locked in with low pricing but given the frequency with which low pricing was available, out of step with the rest of the market, this is a red flag, a strong indicator that insecure, illegal routing is being used for message delivery.
A2P Traffic from International and National Sources
When assessing the performance of a network, any traffic spikes from other networks could well prove to be indicators of there being weak spots in the network, the potential bypassing of firewalls. Simply put, ‘bypass traffic’ is illegal traffic from unknown sources.
“30% of A2P SMS traffic coming from international networks”
Our Hungary analysis showed that 30% of inbound A2P SMS traffic originates from international networks, alone indicating enormous potential for bypass.
Messages Analysed for Manipulated Content
Manipulated content shows up when a consumer receives an SMS with alterations in the text body. These alterations are a strong indicator that someone has tampered with the message.
For Hungary, we found that 13% of SMS traffic showed evidence that content manipulation had taken place, meaning there is a high chance of ongoing fraudulent activity. Manipulated content is a very strong indicator that illegal activities are taking place on your network.
“13% of SMS traffic showed evidence of manipulated content”
Marius Rosca comments on this practice, “These kinds of bypass are used to sidestep firewall rules and they impact the customer experience because all this activity ends up on the customer’s handset.”
As we explained in another of our blog posts on SIM farms, manipulated content is a vehicle for criminal activity. Bad actors in the ecosystem use such messages in an attempt to secure access to sensitive personal information from mobile subscribers.
SIM boxes are a growing threat all over the world. Opportunistic parties create a cheap, bulk SMS messaging leveraging consumer-grade technology which any person can easily secure. The practice is illegal and puts the end customer, the Messaging deliverer and the MNO at risk. The whole delivery chain is negatively impacted.
“SIM box activity was low but it builds momentum considerably when more obvious leakages are fixed”
Fortunately, we found few signs of SIM box activity in Hungary but this is simply likely to be because there are currently easier means of bypass. Marius Rosca warns of the dangers of taking your eye off this practice, “SIM box activity builds momentum gradually, and it can have a high impact if left unchecked.”
International HUBs Analysed
About 30% of Hungary’s A2P SMS traffic is terminated via hubs from other national MNO operators. This indicates the possibility bypass from international sources was occurring. This high percentage warrants further investigation.
What to look for to get better network control
Stakeholders at MNOs need to be conscious of the fact that each of these common red flags negatively impacts customer experience and devalues their brand. Crucially, MNOs can also lose out on revenue. The following are clear signs that you do not have the correct level of network controls in place:
Threats To The A2P Value Chain
Four principal threats emerge from our network analysis:
SMS spoofing, faking, and spam are all illegal methods used by criminals to secure access to private consumer data, for fraudulent use. Scammers and fraudsters can exploit network vulnerabilities intending to defraud customers. MNOs stand to suffer great reputational damage and customer churn should these practices come to light.
A2P SMS messaging fulfils numerous use cases, one of them being the delivery of authentication messages by banks to their customers. Referring to the practice of these messages being hijacked by scammers, Marius Rosca says, “When there is a bypasser, there is no contract, so suddenly your message goes through someone you don’t know. You have no idea who it is. The bank has no idea who it is. The operator has no idea who it is.”
All the negative practices we have discussed expose the MNO to revenue loss: revenue intended for them is being taken by somebody else and this needs to be stopped in its tracks. A2P SMS messaging is on a steady growth path and now is the time for MNOs to optimise their systems and processes to take advantage of it.
As per the EU’s General Data Protection Regulation (GDPR), every party in the Messaging value chain has a role to play in safeguarding consumer information. Fraud and Compliance teams within MNOs know very well the legislation that requires them to proactively pursue illegal activity as soon as they find out about it.
We found many soft spots in Hungary’s network infrastructure. Some of these weak points are likely being taken advantage of by criminal elements. Other weak spots lead to wasteful revenue leakage.
We encourage MNOs and everyone in the value chain come together, each playing an active role in stamping these fraudulent practices out. The rewards of doing so are well worth it: enhanced brand reputation, customer retention and extra revenue.
Mobilesquared most recent SMS A2P databook indicates 35% SMS A2P gray routes in Ghana, A VOX360 network audit […]