Monday, May 27, 2024

    Under attack: Fighting artificial inflation of traffic in one-time passcodes

    Artificial inflation of traffic is costing businesses dearly and eroding trust in OTP and A2P messaging and even SMS itself. Tim Ward, VP Number Information Services, XConnect, looks at what is behind the problem and how it can be tackled

    In 2022, the A2P global market was generating approximately $48bn in revenues worldwide and is expected to grow to $78bn by 2027. With more organisations now adopting A2P SMS, the profit potential of Artificial inflation of traffic (AIT) is growing wider and increasingly attractive to fraudsters.

    One such form of AIT takes place when bad actors exploit online services to create fake traffic using automated software programmes and send out a large number of message requests to generate revenue. The process is initiated by deploying a bot to request a one-time password (OTP) to a premium rate or ghost number, which then incurs costs for the organisation. This process is repeated with thousands of numbers, resulting in big losses for any organisation that provides OTPs.

    OTPs are one of the most relied upon authentication methods across the world. Yet, if organisations are unable to effectively validate the traffic that requests these passcodes, they will turn to other verification methods and communication channels they consider to be more reliable. This has the potential to cause irrevocable losses and reputational damage to the SMS industry.

    AIT causing big business losses

    According to recent research from Mobilesquared, the biggest threats to messaging in 2022 were grey routes, AIT and SMS phishing – with AIT expected to take the lead in 2023.

    AIT is a growing challenge within messaging services, resulting in organisations paying out for fake traffic that has no prospect of being converted into real business. Even though requests are sent to illegitimate numbers, the organisation providing the OTPs is still charged because the messages are terminated.

    Threat actors are especially using this to their advantage in high-cost SMS markets to reap larger pay-outs for their scams. In a recent example, Elon Musk claimed that Twitter suffered losses of $60m a year as a result of AIT and shut down all telcos that have fraud above 10%.

    AIT fraud can go completely undetected up until organisations check message volume delivery compared to projected returns. It is especially challenging for organisations to detect and therefore mitigate due to the ways that AIT imitates real user behaviour.

    On top of this, many of the techniques used to generate fake messages use sophisticated tactics that are not detected by traditional security measures. This leaves many organisations unaware that they are being targeted until it’s too late and the costs have already incurred.

    On a wider scale, AIT has the potential to lead to the erosion of trust for SMS channels, with providers that are not involved having their reputations damaged by bad actors. If fraud A2P SMS is associated as a channel synonymous with fraud, those who use it will look for alternative channels to reach their customers, redirecting revenues to channels they deem to be more reliable.

    Without taking action, organisations will continue to pay massive costs for OTP requests delivered from high-cost routes. They will experience manipulated conversion statistics and an increasing number of incomplete logins. To stay ahead of evolving AIT tactics, they need to find a way to rapidly pre-validate the numbers in their systems before OTPs are sent out. This is not only to reduce fraud, but to build and retain trust to ensure the telco ecosystem can continue to grow to benefit end users.

    Securing A2P SMS against the fraud threat

    Overcoming AIT fraud in OTP delivery requires organisations to take a proactive approach, otherwise fraudsters will continue to drain their revenues, waste precious time and resources and exploit the services that are in place to help legitimate customers.

    Deploying global number range (GNR) and mobile number portability (MNP) data is one of the simplest and fastest ways to verify if a number belongs to a valid number range and whether it is in the correct format (correct length, country code etc) and to check whether it has been recently ported.

    With access to the right GNR and MNP provider, organisations can save costs, drive trust and ensure they are maximising efficiency within their messaging operations. The implementation of global numbering intelligence makes it simple to route traffic to valid and active users by helping to avoid delivery to incorrect and inactive numbers. Organisations can ensure they are achieving the following:

    • Validation – Organisations can use GNR and MNP data to verify numbers, reduce failures, and increase margins. With this data, organisations can pre-validate numbers before their systems respond to OTP requests. This ensures they do not face costly charges and have pre-emptive measures in place to protect margins.

    GNR data can provide insights into whether a number belongs to a valid number range and is within the correct format (correct length, country code, etc.) and MNP data delivers the correct network for the number if it has been ported. For organisations looking to tackle fraudulent A2P traffic, this means guaranteed and rapid A2P SMS delivery that increases accuracy and security.

    With no software development or large-scale integrations required, data can be deployed quickly, and organisations can rapidly defend against AIT whilst realising ROI.

    They no longer need to manage complex data sets. Instead, organisations can rely on up-to-date telecoms data to solve challenges and optimise operations.

    • Authentication – Organisations can increase the effectiveness of their business messaging activities with up-to-date telecoms data to solve fraud-based challenges and optimise their operations. Harnessing GNR and MNP data ensures organisations are providing their legitimate end users with a seamless service, increasing customer loyalty, trust, and revenue.

    They can check number portability records to assure that they are responding to legitimate message requests in a timely manner.

    • Accuracy – GNR and MNP data ensures the OTP originated from an end-user that has a legitimate number. This enables organisations to execute their outbound messages with accuracy – the first time, every time.
    • Continuous Support – With the right data provider, organisations can benefit from immediate and knowledgeable support to get the most out of their numbering intelligence solutions. This enables them to optimise their revenue streams and deliver a reliable A2P experience to end users.


    Tim Ward is VP Number Information Services, XConnect

    Related Articles

    Subscribe to our newsletter

    To be updated with all the latest news, offers and special announcements.

    24 Seven 600x500
    SeriouslyFresh 600x500
    Evina 900x750