Solving the SMS Revenue Leakage Challenge



Similar documents
Control Traffic from Grey Routes and Boost Enterprise Messaging Revenue

Two-Factor Authentication: Tailor-Made for SMS

Opportunies in IP Messaging

Protecting Mobile Networks from SS7 Attacks. Telesoft White Papers

GOSFIELD NORTH COMMUNICATIONS CO-OPERATIVE LIMITED ( GOSFIELD ) ACCEPTABLE USE POLICY

As threat actors target various types of networks, companies with improperly configured network infrastructures risk the following repercussions:

Digital Communications Exploring SS7 signaling fraud that threatens mobile network security and subscriber privacy

Web Drive Limited STANDARD TERMS AND CONDITIONS FOR THE SUPPLY OF SERVICES

Fighting the threat of SIM boxes to A2P SMS revenues

Battling illegal call operations with Fraud Management Systems

Acceptable Use Policy

CENTURY 21 CANADA LIMITED PARTNERSHIP WEBSITE TERMS OF USE

RELOCATEYOURSELF.COM B.V - TERMS OF USE OF SERVICES

fraud & billing For example, Layer4 will identify: Compliance of telecom operators with service level agreements

Terms of Service. 1. Acceptance Of Terms. 2. Use Of Customer Information And Privacy Policy. 3. Ownership Of Site Content

MySeoNetwork Reseller Agreement -Revised June 2, (800) ; (410)

43% Figure 1: Targeted Attack Campaign Diagram

Acceptable Use Policy

Agreeing to Shortcut Solutions,llc.. Acceptable Use Policy and Terms of Service is mandatory for Hosting signing up or using our services.

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

The term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT.

Streamlining Web and Security

HTC Communications Acceptable Use Policy High Speed Internet Service Page 1 of 5. HTC Communications

8 Securities Limited ( 8Sec ) reserves the right to update and change the TOS from time to time without notice or acceptance by you.

Connect for new business opportunities

SHORT MESSAGE SERVICE SECURITY

ACCEPTABLE USE POLICY OF BROADVOX, INC; BROADVOX, LLC; (COLLECTIVELY BROADVOX )

Terms and Conditions

Acceptable Use Policy of UNWIRED Ltd.

Robinhood Terms & Conditions

Enabling Innovation with KPI-based Service Management Operator Key Performance Indicators (KPIs)

Nova ADSL Broadband Service Application Form

Terms and conditions of use

TERMS OF USE 1. Definitions

FAX-TO- END-USER LICENSE AGREEMENT

Terms of Use Table of Contents 1. General Information 2. Your Agreement to the Terms 3. Changes to the Terms 4. Provision of the Website

Web. Paul Pajares and Max Goncharov. Connection. Edition. ios platform are also at risk, as. numbers via browser-based social.

The Advantages of a Firewall Over an Interafer

Beyond the Hype: Advanced Persistent Threats

Maximising supply chain throughput with existing infrastructure

Communications Fraud Control Association Global Fraud Loss Survey

You must not: (a) Copy and republish material from this website (including republication on another website);

Terms and Conditions. Acceptable Use Policy Introduction. Compliance with UK Law. Compliance with foreign law

Symantec Protection Suite Add-On for Hosted and Web Security

VERISIGN OPENHYBRID CLOUD SIGNALLING API SPECIFICATION

Terms & Conditions. In this section you can find: - Website usage terms and conditions 1, 2, 3. - Website disclaimer

COLOCATION AGREEMENT. 1. Term and Payment for Services

STAR TELEPHONE MEMBERSHIP CORPORATION ACCEPTABLE USE POLICY FOR BROADBAND INTERNET SERVICES

LETABA WIRELESS INTERNET CC ACCEPTABLE USE POLICY

IMPORTANT IT IS DEAMED THAT YOU HAVE READ AND AGREE TO ALL TERMS & CONDITIONS BEFORE USING THIS WEBSITE.

INSTANT MESSAGING SECURITY

Business User Agreement

Computer Scene Technical Ltd ("We") are committed to providing the best service and protecting & respecting all our customers.

TRIPLE PLAY SERVICES ACCEPTABLE USE POLICY

We suggest you retain a copy of these End User Terms of Use for your records.

Acceptable Use Policy ("AUP")

IT IS IMPORTANT THAT YOU READ ALL THE TERMS AND CONDITIONS CAREFULLY.

Virgin Media Business Acceptable Use Policy (Internet)

TELECOM FRAUD CALL SCENARIOS

Protect Your Customers and Brands with Multichannel Two-Factor Authentication

App Terms and Conditions!

HP Agile and Innovative Solutions for Service Providers. Teaming with Microsoft for next-generation solutions. HP Services

Acceptable Use Policy - NBN Services

TERMS OF USE. Last Updated: October 8, 2015

A Review of Mobile Messaging Use Cases

Everyone s online, but not everyone s secure. It s up to you to make sure that your family is.

Definitions. Broker means Veda Advantage Information Systems and Solutions Limited;

WCCM XII & APCOM VI Secretariat is in Seoul. Your use of will always be

maintain and enforce on its user clients an acceptable use policy similar in scope and intent to this Acceptable Use Policy.

The new role of billing systems in the Internet of Things

1.2: The name the shellies includes theshellies.co.uk.

MNI Networks Limited Acceptable Use Policy

GlaxoSmithKline Single Sign On Portal for ClearView and Campaign Tracker - Terms of Use

3. DUTIES: The following duties shall be required of Agent: No minimum production level set

Acceptable Usage Policy

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY

When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher

Reference Architecture: Enterprise Security For The Cloud

Transcription:

Whitepaper Table of Contents 1 Background 2 SMS fraud technical overview 3 Affected parties 4 Common methodologies 5 Ways to control the different types of SMS fraud Solving the SMS Revenue Leakage Challenge Background As mobile device usage became ubiquitous, marketing efforts to reach this population segment exploded. Companies burst onto the mobile marketing scene attempting to carve out a unique position, niche or vertical. Venture Capital funds fuelled such a growth of players in this arena so that keeping track of who was doing what became difficult. The Lumascape below from Luma Partners illustrates this sudden complexity in the mobile advertising or mobile marketing ecosystem. Figure 1 Sample of the complexity of companies in the mobile marketing ecosystem SMS messages are typically read almost immediately and responded to very quickly which is normal user behaviour on the mobile. However, for mobile marketers, this makes SMS-based marketing a very powerful tool to exploit. As a result, there has been a wide range of activity to provide SMS based marketing across the entire mobile marketing ecosystem. The majority of this activity has been legitimate and within acceptable standards of behaviour, but sometimes it crosses the line of legitimacy or blurs the distinction of what is acceptable and what is not. This is especially true when it comes to the area of low-cost, bulk SMS delivery. 1

Low-cost SMS delivery providers are known as SMS aggregators and there are many legitimate companies in this area. Their primary business model is to send message traffic at a lower price that the network operator s themselves offer. Typically, these companies partner with existing mobile operators to purchase wholesale SMS services at a reduced price that they can then offer to their customers. Mobile operators get a new revenue stream by selling bandwidth on their SS7 network to SMS aggregators and the SMS aggregators re-sell that bandwidth to their customers. The quality of service (such as SMS delivery success rate) is not always guaranteed, as these companies offer different levels of price/performance, depending on the type of connection and agreement they have with the mobile operators. This puts tremendous pricing pressure on the aggregators to seek every opportunity to optimise wherever they can. While this does not always result in illegal activities, sometimes the pressure does result in pushing the boundaries of what is lawfully allowed. Figure 2 Bulk SMS equipment for sale on Alibaba SMS fraud technical overview Let s outline the technical aspects behind SMS fraud to help set the stage on how it occurs and can be addressed. At the highest quality level, SMS aggregators may have a direct connection to the mobile operator s SS7 network via a special signalling gateway. This direct connection to the SS7 network is what enables SMS aggregators to provide a level of quality assurance to their customers. SMS aggregators may also have an indirect connection to the SS7 network via a mobile operator s SMS centre. This kind of SMS connection is typically less expensive than a direct connection but provides a lower delivery rate or less delivery assurance. 2

Affected parties As a result of the tremendous pricing pressure on the aggregators to be able to provide up to 75% discount SMS pricing or even free SMS, some SMS aggregators rely on indirect connectivity known as grey routes or make use of SIM farms. The SIM farm is explained a bit further on. SMS marketers may be lured into using an SMS aggregator that may not have a proven track record or simply provide low quality services. For the SMS marketers, the consequences of using an unproven aggregator may be: Marketing funds might result in messages not being sent and the funds be unrecoverable if the SMS service provider is secretly blocked for fraudulent activities The SMS delivery rate may not be constant or even worse, sporadic if the service provider is not able to provide a service level guarantee that they can deliver The SMS service provider may actually pirate the marketer s own customer list and expose them to uncontrolled fake, fraud or spam activity. Mobile operators, on the other side, might also suffer depending on network infrastructure and interconnect agreements with consequences such as: An imbalance in SMS interconnect traffic, resulting in high costs caused by the volume of targeted subscribers exceeding the volume of the operator s subscriber base SMS revenue leakage as a result of SMS traffic not being properly charged due to the exploited interconnect routes Negatively affected brand image caused by unsolicited volumes of SMS traffic addressed to either its own subscribers or towards the other mobile operators. The subscriber or end-user is also negatively affected by: Unsolicited messages in the form of fakes; fraud or spam is considered harassment and intimidation Fraudulent fees or charges by mistakenly engaging premium rate services Mistakenly led to divulge or make use of the subscriber s contact list Having the subscriber s handset taken out of service by being flooded or subjected to denial-ofservice techniques. The two major vectors of fraud in the SMS world are where the majority of activity and headaches originate are grey routes attacks and SIM farms attacks. 3

Common methodologies SIM Farms By definition, a SIM Farm is a computer connected to a bank of hundreds of mobile phones SIM cards. Each of the SIM cards is an account on mobile network operator that offers the tariff needed by the SMS service provider. Routinely the tariff exploited is an unlimited SMS bundle. The SIM farm computer then cycles through the bank of SIM cards to send bulk the SMS traffic exploiting the operator s consumer based tariffs. Figure 3 Sample SIM farm appliance The use of SIM Farms is an example of how bulk SMS service providers push the limits of the law. This method of SMS delivery is not technically illegal but clearly a breach of the operator s intent with a consumer based tariff. In many cases, the term and conditions forbid unlimited SMS bundles being used for advertising, marketing or bulk delivery campaigns. But, the low prices of these tariffs make it attractive for intermediate entities to provide bulk SMS delivery service to SMS aggregators. Grey Routes Mobile operators in different countries use a variety of international telecoms routes to send traffic to each over. These can be grouped into three types known as white routes, black routes and grey routes. White Route A white route is where both the source and destination are standardised legally agreed upon terminations. This generally means the operators have an agreement which outlines the charges and the manner in which SMS traffic will be conveyed over their networks. Black Route Opposed to a white route, a black route is illegal on both source and destination ends. This means that there has not been a contractual agreement between the parties involved to provide SMS traffic and traffic from either party is therefore unlawful over such a route. Grey Route The last route type is referred to as grey route but also referred to as special carrier arrangements, settlement by-pass or other unclear terms used by different groups. A grey route is generally defined as a legal connection on one end but prohibited at the other end i.e. origination or termination. Grey routes are another way that bulk SMS service providers push the limits of the law. Not only do they present legal issues, they are difficult to evaluate, monitor and control and come with a number of hidden costs. But, due to the low costs involved, they are very appealing to bulk SMS providers. Grey routes are non-interconnected routes currently unused and typically owned by telecommunication providers. Bulk SMS providers exploit the difference in settlement rates, and route traffic via intermediate networks while also re-originating the message to the network it terminates in, making the message appear as national as opposed to international. This allows the bulk SMS provider to incur the lowest cost possible and achieve their delivery needs. 4

In order to achieve the price advertised through a grey route, dispatches are run on a single delivery option with no back up, which can ultimately compromise both the message quality and successful delivery. These routes are used without the telecommunications company s knowledge and as a result can be terminated and turned off at any time. This means that any other traffic carried along these routes, even if it is legitimate, may not be delivered to the recipients. Grey routes also present an even bigger threat to business a risk to customer data. Due to the temporary nature of grey routes, it is impossible to guarantee the security of customer data or to track any data breaches. Essentially using a grey route compromises your customer database and puts your company at risk of breaching the data protection act. Ways to control the different types of SMS fraud Understanding the complexity of the mobile marketing ecosystem, Acision provides a holistic approach to address the multitude of SMS fraud techniques. The comprehensive solution provides 16 levels of fraud, fakes, spoof and spam control that range from basic functionalities such as blacklisting and whitelisting of originators identifications on various layers of SS7 protocols, to more sophisticated engines that address the volumetric control of SMS traffic based on multiple message parameters. Acision s solution also offers intelligent analytical tools based on traffic patterns detection to help operators minimise their revenue leakage. This allows the operator to quickly respond to the continuous exploitation of weaknesses in the mobile network and mobile devices, Copyright Acision BV 2007-2013 All rights reserved. This document is protected by international copyright law and may not be reprinted, reproduced, copied or utilised in whole or in part by any means including electronic, mechanical, or other means without the prior written consent of Acision BV. Whilst reasonable care has been taken by Acision BV to ensure the information contained herein is reasonably accurate, Acision shall not, under any circumstances be liable for any loss or damage (direct or consequential) suffered by any party as a result of the contents of this publication or the reliance of any party thereon or any inaccuracy or omission therein. The information in this document is therefore provided on an as is basis without warranty and is subject to change without further notice and cannot be construed as a commitment by Acision BV. An important element of the mechanisms offered with Acision s SMS Revenue Assurance proposition is the accuracy of fraud detection, reducing the chance of false positives. Improving accuracy further that is achieved via online detection, off-line reporting gives additional insights. Using both the off and online detection mechanisms, provides a comprehensive protection from revenue leakage. Operator experience and our research clearly demonstrate that closing fraudulent access allows the operator to: Minimise direct revenue leakage Encourage legitimate channels improving revenue potential Ensure market pricing is enforced and maintained Revenue potential is greatly improved when SMS marketers interested in quality of service start accessing the network infrastructure directly. The products mentioned in this document are identified by the names, trademarks, service marks and logos of their respective companies or organisations and may not be used in any advertising or publicity or in any other way whatsoever without the prior written consent of those companies or organisations and Acision BV. 5714/v3 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information