Warning that growing fraud could spell the downfall of SMS

The scale of SMS fraud is often underestimated. Now Mobile Ecosystem Forum (MEF) CEO Dario Betti has said that “artificially inflated traffic” will have a greater negative impact on the application-to-person (A2P) SMS industry than any other type of fraud that has gone before it.

The MEF is a global body that addresses issues affecting the broad mobile ecosystem. Its research shows that since 2000, SMSes have been one of the most resilient messaging products for person-to-person communication, as well as a success story for banking.

But major brands are now saying that artificially inflated traffic (AIT) fraud is making SMSes “a damaged channel”, irreparably so in some brands’ view.

Time-sensitive one-time passwords (OTP) are at the heart of AIT, but brands are now being forced to pay higher market rates to operators to ensure a safe user experience as fraud increases.

AIT fraud occurs when cybercriminals generate large volumes of fake SMS messages through apps or websites.

Scammers create a bot that generates fake phone numbers and the bot then uses these numbers to request OTPs or other SMS messages. The cybercriminal then resells the OTP or SMS to commit other fraud, such as account hacking or data theft.

Fraudsters can also use fake traffic to inflate the cost of legitimate SMSes by sending fake information to premium numbers that charge money for each message sent.

This traffic is used to inflate the cost of legitimate messages in SMS messaging, which leads to significant financial losses for businesses. MEF’s Betti said: “The real dark threat of the impact of inflated traffic is on inflating prices. The market adjusts if prices go too high by using a substitute.”

High cost

Research firm Mobilesquared said AIT fraud will cost brands an estimated US$2.4-billion between 2022 and 2024. It said the actions in the past two years will cost the A2P SMS industry $14.4-billion in revenue by 2027.

One of the ways to avert SMS fraud is to use two-factor authentication (2FA). “2FA began in Europe to safeguard financial transactions but is increasingly gaining ground as it offers a greater level of protection around fraud,” said Betti.

Read: Ads and subscriptions may be coming to WhatsApp

2FA relies on a user providing a password as the first factor and a second, different factor – such as a fingerprint or facial scan – to make it harder for attackers to gain access to an individual’s devices or online accounts. Even if a victim’s password is hacked, a password alone is then not enough to pass the authentication check.

Also, exclusivity agreements are being abused by mobile operators looking to increase international termination rates by a considerable percentage to drive double-digit revenue growth.

Mobilesquared’s independent research revealed that between the first quarter of 2021 and the second quarter of 2023, just 0.6% of mobile operators kept their international rates the same, while 9.4% reduced their rates. Some 90% of mobile operators increased their international termination rates.

Just 7.7% of those mobile operators that increased their international termination rates did so by up to 5% — recognised as the upper limit of a price increase in A2P SMS rates prior to mid-2021. Over a third of mobile operators have increased their international termination rates by more than 100% since 2021.  – © 2023 NewsCentral Media

Get breaking news alerts from TechCentral on WhatsApp