Written by Nauman Akram
There was a time when Short Messaging Services (SMS) despite being “Best Effort Delivery” used to be one of the major contributors to MNOs Revenues. Be it P2P (peer-to-peer) or A2P (Application to Peer), SMS Service has its vital importance among both users and operators. Since 2012, Operator’s SMS revenues have been shrinking and suffered an impact from OTT messaging apps.
Despite the drastic decline in P2P SMS, the operators have shifted their focus to gain revenues out of the A2P SMS market worldwide. With minimum CAPEX and operational expenses, MNOs are deploying SMS Firewalls in their networks and tightening their filtering policies to identify and block all grey traffic that leads to revenue leakage. AI definitely plays a vital role in detecting the grey routes being used to deliver A2P SMS to the user. A study shows that A2P SMS grey-route traffic causes mobile operators to lose $7.7 billion annually — a sum equivalent to $21 million a day. Identification and blocking of grey routes involve a continuous effort day in day out basis.
The global A2P market is expected to reach approximately USD 50.1 billion by 2023 with a CAGR of 4.7% over the forecast period 2018–2023.
Source: MRFR study, 2020
Back in the early days of GSM, when P2P SMS traffic was on the priority scale for MNOs, they used simple SMS filtering techniques to ensure their SMSCs (Short Messaging Service Center) did not get congested and complied with the Authorities. Some of the common filters include:
- Frequency-Based Filters
A user could send xx SMS in yy time period eg. 100 SMS in 15 mins, 300 SMS in 1 hour and 1000 SMS in 24 Hours.
- Content Filters
Content provided by the authorities that required to be blocked.
SMS Firewall Implications on P2P SMS Traffic
In order to meet the frequency and content-based filtering, operators had the privilege to either deploy the SMS Firewall on the Signaling network or through SMPP (Short message peer to peer) connectivity via SMSC.
Types of SMS Frauds
As the days passed by and users migrated to OTT messaging apps, the legit P2P SMS revenues started to decrease. Operators on the other hand noticed fraudulent SMS activities. Below are a few examples of how P2P SMS was being compromised:
- SPAM SMS
SMS spam is any unwanted or unsolicited text message sent indiscriminately to your mobile phone, often for commercial purposes. It can take the form of a simple message, a link to a number to call or text, a link to a website for more information or a link to a website to download an application.
- Sim Farms
SIM farms allow businesses to send low-cost marketing messages to customers. However, they utilize unsecured delivery methods and could expose personal information to fraudsters. SIM farms are the second-costliest type of SMS fraud after spam, according to research.
- SMS Phishing
SMS phishing is a social engineering technique where the sender of a message pretends to be someone that the recipient knows — usually someone in authority, like a bank or employer. The sender will exchange texts with the recipient and then ask him or her to send personal information such as passwords or bank details. People often associate phishing with email, but recent research shows that 48 percent of phishing attacks happen on mobile devices.
- SMS Originator Spoofing
SMS originator spoofing happens when someone takes on a new identity and tricks a phone user into thinking that a text message is legitimate. These texts look like they are from a trusted friend or family member, but they are not.
- SMS Faking
SMS Faking is when the Query Request (SRI-SM) from the foreign operator comes from one GT (Global Title) while the SMS delivery is made from the other address (GT).
How the MNO Revenues get impacted
The potential of exponential growth in the OTT market is threatened by an emerging AppSec threat landscape, which, if not handled well, could well derail the juggernaut. With the Financial solutions taking a stride in the digital marketplace, security is one of the key concerns.
OTP is something that is the most commonly used mechanism to ensure that no one else but the right person is trying to login. OTP is the one-time SMS that is sent to the user’s registered mobile phone to ensure that the right person is logging into his particular account. Upon entering the code from SMS, a user is allowed to login.
It is not for the OTT APP to connect to every Operator’s SMSC via SMPP to deliver the SMS to the user. As stated above MNOs have strict policies regarding SMS filtering and they do not allow the SMS to be delivered to their user via some other operator. This way the operator’s share of revenue can get compromised for that SMS.
The OTT APPs in order to avoid complications send the SMS (OTPs and other notification SMS) to any of the Global Aggregator. It is Aggregator’s responsibility to deliver the SMS to the user. These Global Aggregators if not directly connected with Operator’s SMSCs deliver the SMS to the user via Regional Aggregators which are operating area-specific and are connected to the Regional Operators.
The OTT APP has to pay for every SMS that is sent to the user and each aggregator along with the Operator keeps the percentage of the payment that the OTT APP pays.
The aggregators are always looking for the grey routes so they do not have to pay the Operator and get the SMS delivered to the user as well.
The below is one such example where the SMS are being sent to the user through proper channels as well as grey route to gain the Operator’s cut as well.
In the above example, the APP submits the SMS to Aggregator 1 and 2 which are operating on the Global Level. Considering the SMS to be sent to a user in Australia, the Aggregator push the SMS towards the Regional Aggregator to have it delivered to the user. Regional Operator has direct connectivity with the user’s Mobile Operator. It generally submits a chunk of SMS (let’s say 50%) through the paid legal route to the MNO SMSC while the rest of 50% is sent through a grey channel. Instead of submitting the SMS to SMSC through a paid route, it is routed towards a sim box and sim box sends the SMS to the user as a regular P2P.
Since there is a difference in pricing plans for P2P and A2P (20 cents Vs 1 USD) the aggregator keeps on gaining the Operators cut of revenue and the SMS also gets delivered to the user.
Operators on the other hand keep on building the intelligence in their SMS Firewalls to detect all such A2P SMS that are going through P2P routes however the aggregators keep on changing the SMS content, A-Party Addresses to deliver the SMS to the user undetected.
This is a never-ending battle and there are plenty of other ways through which the A2P SMS are being delivered to the users through illegal channels however the revenues involved keep both ends pushing to their max.
Functionalities Offered by SMS Firewalls:
- Traffic Segregation
Separating P2P from A2P is a key function of a firewall. Firewalls don’t just protect against spam or malicious messages; they also aid in monetizing messaging.
Based on the source addresses, Firewalls can detect the nature of traffic whether international, national or application generated traffic coming from any signaling link. International traffic termination is often priced higher compared to local, therefore it is important to understand the potential and revenues of both traffic types.
- Implementation of Global Blocking Features
Manipulating sender IDs, exploiting under-protected P2P connections, or SIM farms — everything goes for the dishonest players looking for ways to bypass your firewall and increase their margins. A global set of blocklists are generally maintained by the Firewall to combat such exploitations. Operators own knowledge base gained over a period of time (blocking rules, content generally used in exploited messages) also helps in fine tuning the Firewall Operation.
- Application of Right Ruleset
After the segregation of traffic type P2P, A2P, P2A next step that generally firewall carries out is spam identification followed by blocking rules for felonious traffic. Every day the grey routes change, billable international messages are sent via low-cost routes, OTPs are sent through unpaid paths. While fraudsters constantly looking for new exploits and unprotected routes, firewalls must be maintained and rules updated
- AI (artificial Intelligent) and ML (Machine Learning)
Learning from the patterns makes the Firewall to decide and act intelligently. Instead of manually managing IDs, blacklists and whitelists, firewall recognize patterns in message content and sort messages into categories, such as international/domestic, P2P, A2P, P2A, spam, etc. the firewall can act upon accordingly and block the illicit traffic coming from the illegitimate routes.
The other application of machine learning is grey-route reduction: a machine able to tell the difference between A2P and P2P, and determining the traffic origins, can facilitate proper traffic routing, ensuring proper messaging termination and protecting the operator’s revenue.
- Intelligent Decisions of Phishing
While SMS Firewalls are equipped to detect and block spam and spoof traffic, it is hard for the firewall to ensure the security around the URL carried within the SMS content. Since the real threat is the hyperlink itself, the firewall’s rules must be updated and managed constantly. The obvious solution would be blocking all messages that contain known malicious URLs which is pretty hard because the URLs are created on the day of the attack. An alternate option is to white-list the safe URLs while blocking the rest.
About the author:
Nauman Akram is working as an Engineering Manager in Circles.Life & comes with 13+ years of experience in VAS, BSS and MFS Domains. He holds an Engineering Degree in Telecommunications. During his career he has been working on planning, designing, strategizing multiple products and services along with end-to-end execution of MergeCo (One of its kind merger of two MNOs)