Elon Musk said Twitter had been scammed for USD 60 million worth of international SMS and guess what, theyweren’t the only ones and the sad fact is that this practice is on the up in a big way!
It might seem just like yesterday but it’s now already getting on for six months since Elon Musk tweeted: “Twitter was being scammed to the tune of 60 million dollars a year for SMS texts, not counting North America…”
Trust Elon Musk to call it as it is, pulling no punches.As his track record shows, he isn’t shy about confronting real issues head-on and he doesn’t mind getting his hands dirty down in the trenches either!He once more accurately shed light on a real problem: the fact that many enterprises are being overcharged for their international SMS and the sad fact is that this trend is on the up.
I wasn’t surprised in the least personally when this topic was raised. In fact, I’ve been raising this issue publicly for over a year at numerous industry events and within trade organizations such as the Mobile Ecosystem Forum (MEF) and the GSMA.
What I wouldn’t give for 15 minutes with Elon Musk, a whiteboard and a couple of (functioning!)coloured marker pens to educate him about the causes of this problem, the mechanism of this fraud and some basic solutions to it! Unfortunately, my audience with Elon doesn’t look like it’ll be happening anytime soon, so I’ll have to make do with explaining here – for the benefit of all – how this is happening, who profits from the ‘crime’ and how to prevent it!
Let me say upfront that – contrary to popular belief – it isn’t the mobile network operators (MNOs) defrauding Twitter and others. It’s actually some of the vendors from which Twitter and other enterprises choose to buy their SMS connectivity from and the passive complicity of the defrauded companies themselves plays a role too.
When it comes to internationally generated SMS traffic, it’s not uncommon for over 90% of transactions being terminated into mobile operators to be two-factor authentication (2FA) related.
Twitter, like many others, was lured by a phalanx of Application-to-Person (A2P) SMS intermediaries out there around the world offering unfeasibly low-priced SMS connectivity. How can a company know if the prices being offered are too good to be true? Well in the International A2P SMS world, it’s not too hard. It doesn’t take a SpaceX scientist to work out that if, for example, mobile operators are charging EUR 0.16 per A2P SMS (e.g., typical price for Germany) then if a company is offering that connectivity for EUR 0.13, something has to be up.The players have to make-up for the losses they are seemingly incurring offering such low prices and they do so in three dishonest ways:
1) They defraud the MNOs whose network they are using to terminate the SMS, by using what we in the business messaging industry call ‘grey routes’, ways of entering a network unnoticed, thus not paying their fair dues to MNOs.
2) They defraud their clients, the Twitters of this world, by creating false accounts to send SMS to, generating illegitimate traffic. Rings a bell? Musk asserted that a large portion of Twitter’s subscriber base was fake, made up of bots. That suited the fraudsters and sadly to a certain extent Twitter’s management perhaps as well as. After all, a key success metric of social media is the number of accounts they have.
3) By occasionally dropping some SMS in order to force the generation of an additional SMS to reach the same person.
All of these actions not only generate more fraudulent traffic (termed ‘Artificial Traffic Generation’) but also provide poor user experience and, furthermore, can expose the SMS channel to wider security breaches. So, what should Twitter and others be doing differently to put an end to all this?
First of all, the easy one: don’t just hunt for the lowest possible connectivity pricing by using some of the hundreds of intermediaries. Instead, favour placing your trust in a handful of reputable brands that use direct connectivity whenever and wherever possible. The costs might be higher initially but in the long run, they’ll prove a sound investment; you’ll have much improved user experience across the board and none of the high costs associated with resolving the issues just going for the absolute cheapest option invariably generates.
Secondly, they need to leverage technology offered by managed service providers such as us, that allows for the easy tracking of SMS, its routing and traffic quality. We’ve been in the business for many years and with a global footprint of deployments, are perfectly positioned to get a great overview of the threat vectors in play worldwide at any point in time.
Last but not least, it won’t do any harm for them to increase their knowledge, keeping up with the latest technological innovations in the field of 2FA in particular, such as for instance Flash Calling.
I will conclude by saying that given how essential a channel A2P SMS is for authentication, it’s sad that it remains a commodity. We at VOX Solutions are committed to doing our part through technological and service innovation to improve the situation. We sincerely hope that you share our commitment to stamping out fraud and offering reliable SMS to your clients/users.