Mobilesquared most recent SMS A2P databook indicates 87% SMS A2P gray routes in Nepal. A VOX360 network audit of Nepal also revealed that there were several clear areas of vulnerability which MNOs should look to improve. These network vulnerabilities negatively impact customer service and also act as significant barriers to MNOs being able to increase their revenue.
SMS Delivery based on pricing alone
One classic red flag is pricing. When the pricing of any good or service is so low it appears too good to be true, then this is a surefire clue that something worrying may be going on; this holds true for any industry, Business Messaging included.
Rock-bottom pricing usually comes with a sting or two in its tail – sub-standard service and compromised security to name but two. With Nepal, we found that over 50% of SMS A2P traffic was being sold at a price below 0.01$.
This is suspiciously low compared with the market prices and termination rates. We know that sometimes some Messaging volumes can be contractually locked in with low pricing but given the frequency with which low pricing was available, out of step with the rest of the market, this is a red flag, a strong indicator that insecure, illegal routing is being used for message delivery.
SIM boxes are a growing threat all over the world. Opportunistic parties create a cheap, bulk SMS messaging leveraging consumer-grade technology which any person can easily secure. The practice is illegal and puts the end customer, the Messaging deliverer and the MNO at risk. The whole delivery chain is negatively impacted.
Testing results for fraudulent activity in Nepal
Extremely low pricing often deserves close inspection to make sure that proper business practices are being followed. With Nepal, we found that a small but significant percentage (over 50%) of their SMSs were delivered at the lowest price possible.
“Over 50% of SMS traffic was sold at a price below 0.01$”
What to look for to get better network control
Stakeholders at MNOs need to be conscious of the fact that each of these common red flags negatively impacts customer experience and devalues their brand. Crucially, MNOs can also lose out on revenue. The following are clear signs that you do not have the correct level of network controls in place:
Threats To The A2P Value Chain
Four principal threats emerge from our network analysis:
SMS spoofing, faking, and spam are all illegal methods used by criminals to secure access to private consumer data, for fraudulent use. Scammers and fraudsters can exploit network vulnerabilities intending to defraud customers. MNOs stand to suffer great reputational damage and customer churn should these practices come to light.
A2P SMS messaging fulfils numerous use cases, one of them being the delivery of authentication messages by banks to their customers. Referring to the practice of these messages being hijacked by scammers, Marius Rosca says, “When there is a bypasser, there is no contract, so suddenly your message goes through someone you don’t know. You have no idea who it is. The bank has no idea who it is. The operator has no idea who it is.”
All the negative practices we have discussed expose the MNO to revenue loss: revenue intended for them is being taken by somebody else and this needs to be stopped in its tracks. A2P SMS messaging is on a steady growth path and now is the time for MNOs to optimise their systems and processes to take advantage of it.
As per the EU’s General Data Protection Regulation (GDPR), every party in the Messaging value chain has a role to play in safeguarding consumer information. Fraud and Compliance teams within MNOs know very well the legislation that requires them to proactively pursue illegal activity as soon as they find out about it.
We found many soft spots in Nepal’s network infrastructure. Some of these weak points are likely being taken advantage of by criminal elements. Other weak spots lead to wasteful revenue leakage.
We encourage MNOs and everyone in the value-chain to come together, each playing an active role in stamping these fraudulent practices out. The rewards of doing so are well worth it: enhanced brand reputation, customer retention and extra revenue.
The generation of fake traffic from legitimate websites and apps is proliferating and stiff resistance is required to […]