MEF Conference: Connecting the dots on messaging fraud

Púca’s Eileen Carroll reports on some of the key discussion topics at the MEF CONNECTS conference in Dublin this week.

*****

I had the pleasure of representing Púca at the MEF CONNECTS event this week. It was great to meet the MEF team on our home turf, and have the opportunity to catch up with our local and international messaging community.

It’s clear the messaging industry is going from strength to strength and there was wealth of data shared which I can’t even begin to cover in a short post. But it’s not all plain sailing and messaging fraud was the recurring topic of the event. We learned that while messaging fraud is nowhere near the level of voice or email fraud, it still represents up to 10% of all traffic received on the mobile networks which is significant.

I joined the messaging fraud panel discussion led by Alex Duncan from Openmind Networks an Irish company specialising in messaging firewalls for Mobile Network Operators, and shared some of my thoughts on how we can help clients who may be subjected to messaging fraud.

AIT fraud (artificially inflated traffic)

AIT is an emerging problem in the industry affecting services that send one time passwords (OTPs) via SMS, particularly the larger players such as social media and large retail websites. It was brought to light recently by Elon Musk who has since taken the drastic decision to remove 2-factor authentication for some Twitter customers.

During the panel discussion I mentioned some other measures that enterprise can take to mitigate against traffic inflation (apart from the obvious one which is choosing to work with scrupulous aggregators). These measures can include delaying message re-tries, frequency capping, using captcha and validating customers with network lookups or other methods before issuing the SMS.

I also raised the possibility that excessive re-sending of OTPs may not always be malicious, in some instances it can simply be down to the fact that end users aren’t getting their passwords fast enough so they may request a re-send within just a few seconds.

Púca handles time-sensitive messages like OTPs via our SMS gateway’s “red carpet” in other words they are put to the top of the queue ahead of other not so time-sensitive messages. We also send via the most direct routes available to ensure messages get through as quickly and reliably as possible”.

Eileen Carroll, Púca CEO

Smishing

Another hot topic at the conference was Smishing, which is when scammers impersonate a company in a text message to trick customers. This is still prevalent, with banks and government agencies being the most targeted. All speakers agreed that it’s important the industry shares information to prevent Smishing attacks.

One point raised about was whether all illegitimate traffic is going through grey routes or legitimate (interconnect) routes. I asked whether this could be due to automated on-boarding of clients by some international aggregators, in other words maybe they are not properly vetting their clients? At Púca we personally vet all our clients, and it would be advisable for all aggregators to do the same.

The MEF’s Sender ID Protection Registry is a great anti-smishing initiative that Púca has been involved with alongside some of our larger clients since it was launched in Ireland. In my view it makes sense to expand this programme beyond just the banks and public sector and make it accessible to smaller companies too.

The Registry has limited the impact of bad actors in the face of global losses of $3.1 billion through SIM Box fraud and broader interconnect bypass, according to the 2021 Fraud Loss Report”. Mobile Ecosystem Forum

Flash Calls

In several sessions the topic of flash calls was raised and how this method of customer verification is taking off in some countries where SMS costs are high. But the user experience is not ideal. I agree with this – in my experience it’s awful to have a call flash up and then disappear. SMS and RCS are the better option but we all need to keep an open mind in future as this new technology evolves. In the meantime, the Mobile Network Operators and aggregators should endeavour to keep SMS prices stable so customers aren’t turned away.

Key take-away?

I found MEF CONNECTS to be extremely informative and an ideal forum for collaboration in the mobile ecosystem. We, all of us – from the enterprise to mobile operators, software providers and aggregators – need to continue to work together to stamp out fraud and improve messaging experiences for everyone.