A2P (Application-to-Person) messaging is becoming increasingly popular with businesses and their customers due to its simplicity, immediacy, and directness. However, fraudsters are also exploiting this method of communication for their own gain.
MEF and Mobilesquared reported that the business messaging market was valued at $19.4 billion in 2021, but the market faced a significant loss of $7.9 billion due to grey routes. This equates to a loss of approximately $10.5 million per mobile network operator (MNO). It's important to note that this is just one of many issues the telecom industry faces and the total losses are likely to be even greater.
Twitter also faced major losses due to SMS fraud, as reported by Elon Musk. He claimed that Twitter alone incurred a loss of $60 million per year due to 390 telecommunications companies using bot accounts to artificially boost A2P SMS usage. (Source: https://youtu.be/AigQnB4nJEY) This figure does not take into account other forms of fraud such as SMS trashing, which means the actual loss may be even greater.
There are several major categories of SMS fraud, including SMS phishing, SMS spoofing, SMS vishing, SIM swapping, SMS pumping, SMS trashing, and others. These frauds can be executed in different ways, but one common aspect is the use of bot accounts to send large number of unwanted or spam messages to victim's phone.
Voice and SMS traffic typically passes through multiple intermediate transit carriers before reaching its destination. Each carrier in the chain aims to protect its commercial interests but also must comply with GDPR and PII regulations, which creates opportunities for fraudsters to infiltrate the chain. This is one of the reasons why fraud is hard to detect and prevent.
However, there are ways to prevent these types of frauds, and one of them is by origin and terminating telecommunications carrier being able to communicate authenticated but anonymous "out-of-band" information about key parameters of their traffic. This information can be used to detect and stop fraud in real-time.
Thankfully, this is already possible through CodeB's distributed Self-Sovereign Identity System. Anonymous exchange protocols and zero-knowledge mechanisms allow this type of communication, which can help to prevent fraud and shut out fraudsters from the business.