Securing Application-to-Peer (A2P) SMS from Artificial Inflated Traffic (AIT) fraud.

 

Artificial Inflated Traffic (AIT) is a new type of Application-to-Peer (A2P) SMS fraud where fraudsters use automated software programmes also known as bots to generate large volumes of fake One-Time Passcode (OTP) requests to rake in revenues from businesses.

This Artificial Inflated Traffic (AIT) Application-to-Peer (A2P) SMS request is a challenge for businesses to distinguish whether it is a ‘real’ or ‘fake’ user request.

This occurrence largely benefits the fraudsters financially while affecting telcos, businesses and users at large, especially in the aspect of security.

This Artificial Inflated Traffic (AIT) Application-to-Peer (A2P) SMS fraud will ultimately result in fake Application-to-Peer (A2P) SMS traffic, revenue impact for businesses, reputational damages to the entire ecosystem and its providers, and above all, it undermines the credibility and benefits of SMS as a reliable, secure and safe channel for business messaging.

 

How does Application-to-Peer (A2P) SMS Artificial Inflated Traffic (AIT) fraud happen?

1. The idea that SMS messaging should be superbly low-cost
   • Connecting and delivering your SMS messages through a superbly low-cost aggregator/provider is one of the key factors. This is simply because these aggregators/providers do not have sufficient buffer to substantiate their cost of doing business and when that happens, they will resort to generating Application-to-Peer (A2P) SMS Artificial Inflated Traffic (AIT) to charge the businesses while failing to deliver the SMS messages and keeping the profits margins for themselves.
2. Unfavourable Application-to-Peer (A2P) SMS traffic commitments to telcos
   • There are scenarios where rogue aggregators/providers make unfavourable Application-to-Peer (A2P) SMS traffic commitments to telcos and when they are not able to sustain the Application-to-Peer (A2P) SMS traffic to the respective telcos, these aggregators/providers will then resort to generating Application-to-Peer (A2P) SMS Artificial Inflated Traffic (AIT) to charge the businesses and on the other hand fulfil their committed Application-to-Peer (A2P) SMS traffic to the telcos. This gives the aggregators/providers and the telcos more revenue while the businesses bear the cost.
3. Application-to-Peer (A2P) SMS traffic deliveries through not reputable/licensed aggregators/providers
   • The not reputable/licensed aggregators/providers typically lack certification, licensing, proper setups, and the necessary expertise in running such operations, let alone having a direct connection to telcos. These engagements hold zero accountability and responsibility towards the not reputable/licensed aggregators/providers while damaging the reputation of the entire business messaging industry.

In conclusion, regardless of which scenarios, all involved parties (businesses, telcos, users, aggregators, providers) will find themselves in a highly detrimental position while the strong reputation of Application-to-Peer (A2P) SMS messaging industry will be severely tarnished.

 

Preventing Application-to-Peer (A2P) SMS from Artificial Inflated Traffic (AIT) fraud.

At MACROKIOSK, we are a strong believer in taking proactive measures to safeguard every stakeholder. Below are the measures:

1. Continuous prevention of activation through customer engagements.
2. Scale-up our in-house enterprise solutions platform prevention efforts.
3. Fallback channels availability.

In this context, MACROKIOSK’s position lies between businesses and telcos in taking an active prevention role to deter fraudulent activities.

MACROKIOSK is committed and has been investing in solutions and technology to countermeasure Application-to-Peer (A2P) SMS Artificial Inflated Traffic (AIT) with the following:

1. The application of machine learning algorithms with anti-spam filtering applications to proactively predict and establish accurate outcomes to deter such occurrences.
2. Anti-flooding application aims at blocking SMS messages spamming in real-time when it reaches its threshold of received SMS messages within a stipulated timeframe. This threshold is automatically calculated and implemented for example:
   • Allowing only a certain number of SMS messages with the same content sent to the same mobile number within a certain period;
   • Allowing a pre-set number of SMS messages sent with different content and mobile number within a certain period.
3. Anti-spoofing application blocks the SMS message traffic in real-time after it has exceeded the pre-defined threshold for example SMS message deliveries to a specific country, destination and/or user.
4. Anti-spam application has the capability to mitigate/detect fraud in SMS messages by using an Artificial Intelligent (AI) programme that spots specific SMS message traffic patents sent through our platform to differentiate ‘genuine’ from ‘fake’ SMS message delivery.
5. Automated fallback application that allows the delivery of genuine messages through other over-the-top (OTT) channels to prevent the disruption of real requests and/or deliveries of messages such as One-Time Passcode (OTP).

 

Common Application-to-Peer (A2P) SMS Artificial Inflated Traffic (AIT) fraud threat scenarios.

1. Fraudsters develop automated software programmes also known as bots to create fake accounts for One-Time Passcode (OTP) requests.
2. The automated software programmes or bots will request a One-Time Passcode (OTP) SMS to mobile numbers.
3. Fraudster will then partner with rogue aggregators/providers to intercept the Application-to-Peer (A2P) SMS Artificial Inflated Traffic (AIT) without delivering the One-Time Passcode (OTP) SMS messages to the intended mobile number.
4. Together, they claim the revenues and share the profits. This rogue process will then be repeated to inflate revenues further while destroying the strong reputation of the Application-to-Peer (A2P) SMS messaging industry.

 

Prevention is always better than cure.

Apart from applications, solutions and technology-based prevention measures, other perspective measures will be able to curb Application-to-Peer (A2P) SMS from Artificial Inflated Traffic (AIT) fraud.

Below are some of the high-level measures:

1. Starts from the user-journey level which will be far more effective than a later detection at the SMS message delivery stage. For example, include captcha to prevent automated software programmes or bots from triggering One-Time Passcode (OTP) requests.
2. Instil controls in the number of One-Time Passcode (OTP) requests within a timeframe. For example, no requests are allowed after consecutive attempts from the same account within the same timeframe.
3. Monitor the One-Time Passcode (OTP) conversion rates. For example, detect if there are certain spike patterns in new customer growth rates, One-Time Passcode (OTP) requests and submission rates.
4. Limit the One-Time Passcode (OTP) request deliveries to a specific country within a certain timeframe. For example, establish a whitelist of countries for genuine One-Time Passcode (OTP) deliveries based on your business geography and/or solutions availability.
5. Instil a higher level of authentication approach. For example, biometric scan for mobile number/Personal Identifiable Information (PII) changes.
6. Procure and/or partner with reputable, licensed aggregators/providers and never from superbly low-cost aggregators/providers.

 

Let’s talk to find out more.

Let’s talk and together we can create a win-back approach in securing Application-to-Peer (A2P) SMS creditability as the most reliable, secure and efficient business messaging for all.

MACROKIOSK is an enterprise solutions platform market leader in Asia. We are licensed, accredited and have direct working relationships with telcos to provide an enterprise solutions platform that is reliable, secure, scalable and innovative for all businesses.