What 5 Strategies Are A2P Messaging Stakeholders Using to Tackle Fraud?

October 2022

Scarlett Woodford

Principal Analyst

The term ‘fraudulent’ holds a number of meaning within the context of mobile messaging. From a network operator’s perspective, for example, transactions being excluded from their account receivables can be perceived as fraud. On the other hand, consumer perceptions of fraud may revolve around issues such as spam and phishing messages, which directly target the end user.
 
Given the importance of minimising and disrupting fraudulent players, therefore, it is important to classify the anti-fraud measures deployed by telecom operators, mobile operators, and other mobile messaging stakeholders.
 
Anti-fraud APIs
 
Dedicated anti-fraud APIs tend to involve the implementation of advanced analytics into a firewall stack. These analytics are key, as they provide increased visibility on end-to-end traffic; allowing operators to accurately detect and prevent fraudulent traffic. Aggregators will need to launch these enhanced reporting tools on behalf of network operators and enterprises, as the aforementioned stakeholders have limited visibility on messaging traffic.
 
Digital Identification Solutions
 
Juniper Research notes that the Mobile Ecosystem Forum’s SMS Sender ID Protection Registry was launched in Spain during March 2022; aiming to reduce the impact of SMS phishing and spam messaging. Notably, the SMS Sender ID Protection Registry is currently live in Ireland, Singapore, Spain and the UK, with future launches planned going forward.
 
Whilst the MEF’s registry aims to protect the security of the SMS messaging channel, Juniper Research notes that brands and enterprises may also wish to transition A2P traffic on to verified channels, such as RCS, or channels offering end-to-end encryption, such as WhatsApp, in markets where the Sender ID Protection Registry is not yet deployed. Notably, India has adopted blockchain technology for identification solutions; implementing DLT (Distributed Ledger Technology) for mobile messaging.
 
Improved KYC (Know Your Customer) Processes
 
Juniper Research believes that mobile number look-up capabilities must be in place to improve established KYC processes. Specifically, MNP (Mobile Number Portability) look-up capabilities will be key to enabling advanced traffic and delivery solutions for multiple operator-led services, including RCS, SMS and voice. By using MNP look-up, mobile operators can reduce termination costs, improve service levels by routing directly and enable sophisticated routing based on A-numbers and B-number portability information.
 
There is the need for user authentication and improved KYC processes to be tied into a penalty to ensure compliance. However, this may be problematic when one considers the differences between service providers in the space.
 
10DLC (10-digit long code) is a type of long code that is used to support high-volume A2P SMS messaging using a 10-digit phone number format. Whilst short codes are traditionally shared by multiple brands and enterprises, each verified enterprise is allocated its own, individual phone number. Using short codes, multiple brands are required to share the same number. This can damage the reputation of legitimate enterprises if they are allocated the same short code as a brand sending spam messages. Whilst 10DLC will work to reduce SMS fraud, Juniper Research notes that messaging vendors may struggle to keep pace with the changing deadlines and operator requirements that have evolved during 10DLC implementation.
 
Therefore, in order to assist enterprise customers through the adoption of 10DLC, Juniper Research urges messaging aggregators to offer a compatible API and console with a graphic-user interface. This console should allow enterprises to visually inspect data; enabling the visual registration of campaigns without the need for APIs and integration.
 
From a reputational perspective, messaging channels that require tougher levels of enterprise authentication will earn a greater, more valued reputation within the messaging ecosystem. That is, messaging channels that easily onboard brands will be easier to infiltrate with fraud, as they will be unable to provide the verified sender aspect of authentication.
 
In order to prevent enterprise fraud, it is important that messaging platforms perform sufficient number checks, and educate their partners on how to sufficiently set up two-factor authentication. Customers will increasingly rely on messaging aggregators in order to ensure that two-factor authentication methods remain guarded against fraud, as traditionally, network operators have limited visibility over messaging channels owing to their origination in voice services.
 
Penetration Testing
 
Network penetration testing is a security assessment tool carried out by an ethical hacking company, in order to identify any existing vulnerabilities in connected networks. Juniper Research believes that a combination of penetration testing and SMS firewalls capable of monitoring inbound and outbound traffic is necessary for operators to accurately identify and detect fraudulent traffic.
 
Therefore, there is clearly the need for clear communication between network operators in order to reduce levels of fraudulent traffic over A2P messaging services.
 
SMS Firewalls
 
Whilst SMS firewalls represent a crucial anti-fraud measure, additional steps must be taken to prevent messaging fraud such as the frequent running of penetration testing. There is also the need for consumer education, in which aggregators work closely with mobile network operators to inform subscribers about fraudulent messaging activity. If customers are aware of the potential for fraud over calls and SMS, the CTR (Click through Rate) of malware mobile messaging will decline; reducing the incentive for hackers and spammers. Fraudsters will then transition to alternative platforms that offer more lucrative opportunities, such as WhatsApp or other OTT messaging applications.