Mobilesquared most recent SMS A2P databook indicates 29% SMS A2P gray routes in Russia, A VOX360 network audit of Russia also revealed that there were several clear areas of vulnerability which MNOs should look to improve. These network vulnerabilities negatively impact customer service and also act as significant barriers to MNOs being able to increase their revenue.
Sub-Network auditing results for fraudulent activity: Russia
There are more often than not a set of common challenges that show up in country-level network analysis.
SMS Delivery based on pricing alone
One classic red flag is pricing. When the pricing of any good or service is so low it appears too good to be true, then this is a surefire clue that something worrying may be going on; this holds true for any industry, Business Messaging included.
Rock-bottom pricing usually comes with a sting or two in its tail – sub-standard service and compromised security to name but two. With Russia, we found that the bottom 20% of their SMS traffic was being sold at a price 2x less than traffic at the top end.
This is suspiciously low. We know that sometimes some Messaging volumes can be contractually locked in with low pricing but given the frequency with which low pricing was available, out of step with the rest of the market, this is a red flag, a strong indicator that insecure, illegal routing is being used for message delivery.
Messages Analysed for Manipulated Content
Manipulated content shows up when a consumer receives an SMS with alterations in the text body. These alterations are a strong indicator that someone has tampered with the message.
For Russia, we found that 15% of SMS traffic showed evidence that content manipulation had taken place, meaning there is a high chance of ongoing fraudulent activity. Manipulated content is a very strong indicator that illegal activities are taking place on your network.
As we explained in another of our blog posts on SIM farms, manipulated content is a vehicle for criminal activity. Bad actors in the ecosystem use such messages in an attempt to secure access to sensitive personal information from mobile subscribers.
SIM boxes are a growing threat all over the world. Opportunistic parties create a cheap, bulk SMS messaging leveraging consumer-grade technology which any person can easily secure. The practice is illegal and puts the end customer, the Messaging deliverer and the MNO at risk. The whole delivery chain is negatively impacted.
International HUBs Analysed
About 65% of Russia’s A2P SMS traffic is terminated via hubs from other national MNO operators. This indicates the possibility of bypass from international sources was occurring. This high percentage warrants further investigation.
What to look for to get better network control
Stakeholders at MNOs need to be conscious of the fact that each of these common red flags negatively impacts customer experience and devalues their brand. Crucially, MNOs can also lose out on revenue. The following are clear signs that you do not have the correct level of network controls in place:
Threats To The A2P Value Chain
Four principal threats emerge from our network analysis:
SMS spoofing, faking, and spam are all illegal methods used by criminals to secure access to private consumer data, for fraudulent use. Scammers and fraudsters can exploit network vulnerabilities intending to defraud customers. MNOs stand to suffer great reputational damage and customer churn should these practices come to light.
A2P SMS messaging fulfils numerous use cases, one of them being the delivery of authentication messages by banks to their customers. Referring to the practice of these messages being hijacked by scammers, Marius Rosca says, “When there is a bypasser, there is no contract, so suddenly your message goes through someone you don’t know. You have no idea who it is. The bank has no idea who it is. The operator has no idea who it is.”
All the negative practices we have discussed expose the MNO to revenue loss: revenue intended for them is being taken by somebody else and this needs to be stopped in its tracks. A2P SMS messaging is on a steady growth path and now is the time for MNOs to optimise their systems and processes to take advantage of it.
As per the EU’s General Data Protection Regulation (GDPR), every party in the Messaging value chain has a role to play in safeguarding consumer information. Fraud and Compliance teams within MNOs know very well the legislation that requires them to proactively pursue illegal activity as soon as they find out about it.
We found many soft spots in Russia’s network infrastructure. Some of these weak points are likely being taken advantage of by criminal elements. Other weak spots lead to wasteful revenue leakage.
We encourage MNOs and everyone in the value-chain to come together, each playing an active role in stamping these fraudulent practices out. The rewards of doing so are well worth it: enhanced brand reputation, customer retention and extra revenue.
Mobilesquared most recent SMS A2P databook indicates 29% SMS A2P gray routes in Russia, A VOX360 network audit […]