|© 2016 Black Swan Telecom Journal||•||protecting and growing a robust communications business||• a service of|
|Email a colleague|
As a mobile operator revenue stream, SMS is a two-sided coin.
On one side is Person to Person (P2P) messaging, a business badly tarnished and declining due to major competition from Apple iMessage, WhatsApp, and several other OTT players offering free P2P alternatives.
But the flipside of SMS — Application to Person (A2P) SMS — glitters like gold thanks to global smartphone expansion. It’s a growing and profitable sector for mobile operators today because it’s used for all manner of enterprise-to-user communication. Banks, airlines, and on-line services (such as the Uber taxi) constantly use A2P to send notices, confirmations, or authentication messages to mobile subs.
So how big is this A2P market? Well, a recent research study by Ovum pegged annual A2P messaging volume at 1.8 trillion messages in 2014. And if an MNO earns an average 3 cents in revenue from each message, that equates to a nice $54 billion a year market for A2P.
Now such multi-billion dollar revenue streams need to be protected because they are a magnet for bypass fraudsters. Sure enough: operators today receive big volumes of “grey route” A2P messages — often bulk marketing messages — from senders who are try to sneak their messages in, even though the operator has no commercial agreements with them.
Well, luckily some clever solution vendors, such as Malta-based HAUD Systems, are stepping in to help operators filter out the fraudsters and maximize the revenue potential of their A2P platforms. We are now joined by HAUD’s CEO, Claire Cassar, who provides us with a comprehensive overview of the A2P revenue protection scene.
|Dan Baker: Claire, sounds like HAUD’s new fraud solution in A2P filtering and blocking is very timely. Can you briefly explain the history of how you got into this business?|
Claire Cassar: Sure, Dan. We are a revenue assurance and fraud solutions team within Fortytwo Group, a group of companies primarily focused on messaging solutions in the electronic communications industry.
As A2P fraud problems started mushrooming, we realized in 2010 that a dedicated solution would become crucial. So we started developing a product and by 2011 we did our first proof of concept at Jersey Telecom, a small operator in the UK. They soon signed on for the solution and they remain a customer today.
I must say, back in 2012, it was tough getting mobile operators interested in investing to control A2P fraud. Funds for voice fraud and LTE networks constrained budgets quite a bit.
But this forced us to offer a more financially attractive solution. What we offer today is a CAPEX free, revenue share model. These options made it much easier for the operator to say “yes” because they have no upfront investment. Secondly, we take on the responsibility: unless we are successful, we don’t get paid from the incremental revenue they would make.
|Can you give us a feel for the A2P marketplace and the aggregators who do the essential enterprise-to-mobile-operator transport?|
Well, there are about 40 to 50 aggregators of A2P traffic out there, and because entry is relatively easy, there’s considerable pressure on aggregators to perform and keep their prices low.
At the Tier 1 level, there are six to 10 aggregators and each of them approaches the A2P business with a very high level of professionalism. Then there are 15 to 20 Tier 2 and many Tier 3 players and below. Syniverse is perhaps the largest message aggregator. Other big players include MBlox, tyntec, CLX Networks, and Infobip as well as our sister company Fortytwo Telecom.
Enterprises and OTT players are eager to select the best carriers at the best prices for their A2P traffic. Remember, a large bank issuing credit cards needs to send SMS notices to customers who may be roaming around the world. So guaranteed global delivery is a growing concern for large enterprises, and to reach all corners of the world, it may need to split its SMS distribution among 4 or 5 aggregators.
One other market trend I think is significant: there seems to be a move towards greater quality in A2P. For instance, one of the larger firms, Dialog Communications, recently issued a press release saying they would not entertain any more grey route traffic and only do direct connections with operators.
|So how does your system work?|
We work at the network level with the operators. Now we could offer a cloud solution, but because of security and privacy issues, operators prefer us to host the solution in-country within their own data center.
Our job is to control all incoming SMS traffic — from international, local or direct routes such as SMPP connections. All these routes feed into our central system where they are served by a series of software modules that handle the various traffic types.
The heart of our system is BulkGuard, a pattern recognition module that looks at SMS content to identify bulk messages. The system is set to read through all the messages in a particular timeframe. If it detects similar patterns or content in messages within that timeframe, it will aggregate those and send out a report to the user.
Once we do the filtering, we then pass the traffic to an SMS gateway where the operator determines the routes where all this A2P traffic should come from. And it’s at that point where our solution picks up the traffic again and determines if all the rules are being obeyed and the traffic is being steered properly. Finally, the traffic goes to the operator’s core network and the SMSC where the message is delivered to the end customer or consumer.
As you’d expect, the local fraud department can set its own rules in the system and can alert the user via email or SMS as certain thresholds are met. In this way, the system can be monitored 24/7 and requires less intervention at the NOC level so it can be more timely, effective and preemptive.
And it’s not fully automated: the human element is needed for fine-grain analysis of the contents to ensure that bank notifications and other legitimate A2P traffic is allowed through the network to the consumer.
|How much fraud are you seeing in the SMS traffic?|
The everyday percentage is not that alarming. It’s maybe 1 to 2% in most networks that we’ve seen.
However, there are occasional spikes reaching 10% of the total volume. So if you’re a mobile operator with 50 million subscribers, that’s definitely alarming. It’s critical to stop the traffic immediately before it reaches the subscriber. Otherwise, the operator is likely to get many complaint calls in the call center — not to mention the damage to the brand image and possible subscriber churn.
To screen the traffic, we look for where the A2P traffic is coming from. And if it’s grey route traffic we block it because the operator cannot charge for it: either no agreement is in place or the sender is fraudulently trying to sneak messages through. Fraudsters use a number of bypass techniques such as faking the global titles of legitimate senders, or maybe spoofing to make the message appear to be an on-net subscriber.
Another fraud concern is the SMS equivalent of premium rate offers where the receiver of the message is asked to call back to a revenue share number.
Still another issue is a flooding attack of SMS messages, similar to a DDoS attack on a server or firewall. To manage that problem, user alerts are triggered whenever a high spike in traffic is experienced.
|And how do you monetize this SMS fraud and revenue assurance service of yours?|
It’s usually done at the point where the A2P traffic is collected — at the entry point or SMS gateway. Here the traffic is monetized and we would get a revenue share from the gateway with the rest of the money flowing to the operator.
So the operator is more protected: they can ensure they get monetized because they only have one partner to deal with to do that. And on top of that they get a solution at no financial risk to them.
Operators also like the idea of getting the solution through our managed service option. This is attractive because the mobile operator gets our expertise and quicker results. In a recent installation, an operator in Bangladesh saw a 45% reduction in fraud in the first 32 hours, and they started boosting their A2P revenue within 72 hours of installation.
|Just like other forms of bypass, I’m sure the fraudsters are constantly innovating and trying to skirt around your controls.|
Yes, one of the latest threats is coming from Global Title (GT) scanning. The fraudsters learned to mimic the GT of the operator in order to terminate on the network. It’s made to look like the operator’ own traffic.
A lot of international disputes are arising from this fraud. Why? Imagine Vodafone is seeing lots of Verizon traffic. When it sends the bill, Verizon comes back and says the amount of traffic was 50% less. What’s happening is that someone is impersonating Verizon’s global title to terminate on Vodafone.
This trend is going strong so we devised a new feature in our system to identify this type of fraud.
So the price of safety is constant vigilance — and for HAUD Systems, that means constantly developing new features that stop and hopefully anticipate the next A2P fraud scheme.
|Claire, thanks for this nice briefing on A2P. Good luck growing this important new service.|
Copyright 2015 Black Swan Telecom Journal