Feb 6, 2023
Artificial Generation of A2P SMS Traffic: The Twitter Case Study and Beyond
By Vladimir Smal
The problem of SMS fraud targeting businesses, and specifically the artificial generation of traffic (AGT), also known as SMS OTP fraud, has been on the rise for several years. And yet, it’s unusual for tech industry leaders to address the issue head-on.
It was a pleasant surprise when Elon Musk recently did just that. During a conversation on Twitter’s Spaces channel, Musk claimed that “Twitter was being scammed to the tune of 60 million dollars a year for SMS texts, not counting North America”.
His response was to cut off all telcos, which have more than 10% of artificially generated traffic. To Musk’s surprise, there were 390 telcos with such a high percentage of fraudulent traffic. This goes to show the scope of the problem. Unfortunately, this immediate response had a negative impact on genuine Twitter users, who now struggle to sign in to their accounts. Is there a better solution to the SMS generation crisis?
In this article, I will explain what artificial traffic generation is, why it is on the rise, what scope it has and what the challenges of dealing with it are. I will then address the possible solutions to the problem and the work already being done.
What is A2P SMS Fraud and How Does it Work?
Artificial generation of traffic exploits application-to-person (A2P) verification SMS that deliver one-time passcodes (OTPs) for verifying users’ phone numbers during the registration process. Like in Twitter’s case, fraudsters generate fake A2P SMS traffic by creating a huge amount of bot accounts.
In this way, fraudsters earn illegitimate revenue from rogue SMS service providers or operators. Typically an SMS service provider or operator conspires with a fraudster and the fraudster then takes a share of the profits while the enterprise incurs losses without obtaining new users.
A2P SMS fraud is actually similar to Wangiri 2.0, a type of fraud discovered by LANCK Telecom in 2019. In this type of fraud, internet bots submit international and premium rate numbers to businesses’ online contact forms. Enterprises then call these numbers via their voice services and pay exorbitant rates without gaining any real customers.
Why is A2P SMS Traffic Generation on the Rise?
Firstly, one-time passcodes delivered via A2P SMS are not classified as spam by MNOs so it’s not always easy to label this traffic as fraudulent. Currently, it’s relatively easy for fraudulent players to get away with it because operators don’t bear any major losses. Moreover, artificial generation of traffic is not regulated by common SMS interworking or Hub agreements. Aggregators are the ones legally bound to pay for it.
Secondly, MNO SMS firewalls can’t detect this type of fraud, as it usually doesn’t even reach their network unless the MNO knowingly participates in the scheme.
Third, as more players enter the market, it’s harder to control the use of white routes so the percentage of fraudulent players increases. Some “newcomers” consider fraud to be an opportunity to break into the highly competitive SMS market.
Additionally, A2P SMS rates are constantly increasing. The potential for higher revenues attracts more and more fraudsters.
Finally, the high competition for the traffic of large brands also drives generation. The additional revenue made through AGT helps to subsidize the costs of SMS and to overtake alternative vendors.
The Tech Giants’ Case Study
An important factor that allowed AGT fraud to flourish was the lack of attention and action on the side of tech giants, such as Twitter and Facebook.
It is possible that they closed their eyes to the problem to show a growing customer base, thereby increasing the value of the company to their investors. Acknowledging that a large number of users are actually bots typically sends shares plummeting, as was the case with Twitter. So perhaps the financial risk of tumbling share values outweighs the financial losses to fraud.
Musk came to the problem with a fresh perspective and his acknowledgment of the issue will hopefully raise awareness across the industry. However, a nuanced solution that accurately detects and blocks fraudulent generated traffic is much needed. LANCK Telecom has just developed the necessary tool for this job.
The Scope of the Generation Game
LANCK Telecom has a powerful Fraud Management System, which protects 140+ operators and enterprises worldwide and detects up to 800 fraud attacks per day, including AGT attacks. Based on our traffic analysis we saw the following trends from December 2021 to December 2022:
- Around 6% of all SMS traffic was flagged as AGT and the percentage keeps growing. Revenue-wise it`s more than 10%;
- The percentage of generated traffic for some of the top brands may reach 30-60%;
- The percentage of generated traffic for some networks may reach 50-80%;
- 7 out of 10 top networks with more than 50% fraudulent traffic have a single gateway aggregator;
- 30% of networks where fraud prevails over genuine traffic are MVNOs or MNOs with a subscriber base of less than 100,000.
Of course, there are significant regional differences, yet these statistics are in line with Musk’s findings for Twitter and reflect the sheer scope of the problem.
Raising Awareness and Finding Solutions
LANCK Telecom has been raising awareness of the threat of artificial SMS generation for more than two years. I personally led a number of panels on the topic at the Mobile Ecosystem Forum (MEF). Many of the ecosystem’s esteemed members from companies such as Sinch, Vonage, Clickatel, and Twilio confirmed our findings.
So what are the possible solutions?
Firstly, a robust user authentication process certainly makes the creation of fake accounts more difficult. We have detailed our omnichannel user authentication and verification solution in our previous article on the topic of fake accounts.
But a more robust solution is needed if fraudsters manage to outsmart the verification process. This is where LANCK Telecom’s cutting-edge Fraud Management System (FMS) comes into play.
The FMS monitors voice and SMS traffic in real time, alerting and blocking fraud attacks before they can do any harm. It uses mathematical models and machine learning algorithms developed in-house to detect even the most well-disguised fraud schemes with the highest possible accuracy.
In response to the emergence of A2P SMS Generation, we are adding SMS anti-fraud capabilitties this year. Our system can be deployed on clients’ premises or in the cloud. It notifies the client in real-time when artificial traffic is being generated and immediately blocks the generated outbound SMS, according to the client`s settings.
Moreover, if fraudsters use fake or temporary phone numbers at registration, the FMS checks the numbers of new users at the sign-up stage. Based on our client’s settings, the FMS allows the sign-up with or without sending an alert about the suspicious number or blocks the sign-up altogether.
Final Thoughts
Artificial generation of traffic has many negative impacts on the entire SMS ecosystem.
Of course, enterprises and aggregators incur direct losses but the loss of trust in SMS as a channel also leads to reputational losses for non-fraudulent operators. In addition, potential regulatory and legal intervention makes SMS a more complicated and less attractive channel for clients, causing more and more traffic to be diverted to OTT channels and RCS.
From my point of view, it is crucial for enterprises not to close their eyes on the problem of artificial generation of traffic. The more enterprises use advanced dedicated anti-fraud systems to block such fraudulent outbound SMS traffic, the quicker this fraud scenario will go extinct.