Mobile messaging via text message has endured for three decades as a ubiquitous communications tool. More recently a vast array of messaging alternatives such as chat apps, OTT messaging and the arrival of messaging based on the rich communication services standard, allow individuals to message each other in ever more sophisticated ways. The result is a fragmented messaging market and as a knock on effect mobile carriers and messaging service providers have seen peer-to-peer messaging revenues decline.
Conversely the application-to-person (A2P) or enterprise messaging market continues to grow - analyst firm Ovum forecasts 1.28tn messages by 2019 up from 1.16tn in 2016.
Enterprise messaging describes how businesses and brands use messaging to communicate to their customers for all manner of different reasons – be that marketing, account verification or commerce. SMS is still the preferred channel because it is simple, understood by consumers, doesn’t require a 4G data connection and works on every handset.
With an often-quoted 90 per cent open rate within three minutes of an SMS being received, it’s a no-brainer. Everything from authenticating a user for a banking service, notifying them that their parking meter is about to expire or serving up marketing offers, is fair game.
For those businesses that provide enterprise messaging as a service, revenues are not insignificant. At the end of 2016, mobile analyst firm, mobileSquared, estimated the market to be worth $17.2 billion and forecast a rise to $58.7 billion by the end of 2020.
However, wherever there big revenues there are also fraudsters seeking to exploit technological, regulatory and human weaknesses for financial gain.
It’s a complex problem.
10 years ago cyber security meant updating antivirus software and investing in firewalls to protect our most valuable assets – personal, sensitive data - on our desktops or servers. Now, the exponential rise of mobile devices and the mobile Internet means that access points for fraudulent or malicious activity are distributed across a highly intricate value-chain that includes mobile networks, handsets, switching and signaling technologies and consumers themselves. And since enterprise messaging is based on this mobile architecture it is, in general, as vulnerable as any other mobile app or service.
MEF’s Future of Messaging programme - an industry group of 30+ companies including all participants in the messaging ecosystem - recently published the latest edition of its Enterprise Messaging Fraud Framework which identifies a staggering 13 types of fraud across four distinct areas:
- Identity theft - obtaining information required to steal someone’s identity
- Data theft - obtaining information required to access personal and private banking or other financial accounts
- Network manipulation - to gain competitive advantage or perform illegal activities via the deliberate manipulation of a message or the exploitation of system vulnerabilities to bypass protection measures intended to safeguard mobile network operators and consumers
- Commercial exploitation - to gain competitive advantage by exploiting gaps within the commercial structures of the ecosystem
It includes, for example, SMiShing (SMS Phishing), SMS Roaming Intercept and SIM Swap fraud where messages containing confidential personal information or perhaps account authorisation codes (two factor authentication) that are intended for consumers, are intercepted by a third party and used to gain access to personal banking services.
Just last month in Europe, mobile carrier, o2 Germany confirmed some of its customers had their accounts emptied by hackers after they fell victim to an SMS phishing scam that stole their usernames, passwords, phone numbers and bank account details.
Most types of enterprise messaging fraud can be prevented by the adoption of best practice and security technology at the network level but the fraud problem is compounded because the global mobile messaging ecosystem does not operate in a one size-fits all environment.
Rather it has grown at different rates country by country in order to meet demand, accommodate local business conditions or to comply with legal and regulatory requirements (where they exist). Therefore the fraud types and the ability to prevent fraud varies from country to country.
Of course the issue of enterprise messaging fraud isn’t just the practice of hacking in to mobile networks and sending phishing messages. Sharp business practices from some companies that sit between enterprises and their customers in the delivery chain, actively look to exploit technological or regulatory weaknesses.
Businesses and brands risk reputational damage or financial harm if they procure enterprise messaging via a rogue player using unauthorised grey routes for example. Typically these providers attract buyers of bulk messaging based on rock-bottom per message prices and then send messages via another country, without paying an interconnect fee to the networks involved. In effect the SMS message originates from an un-authorised network and ends up being paid for by the network that it terminates on – a practice associated with spamming or over-zealous marketing.
Consumer trust is at stake
Taken together, the 13 fraud types cost the messaging industry an estimated Aside from these hefty financial loses, there is also the risk of undermining the long-tern sustainability of the enterprise messaging industry.
With heightened sensitivity around personal data and digital identities then it is absolutely fundamental that the enterprises that buy messaging services and consumers alike, need to trust the channels they use to communicate with each other.
MEF’s latest study on mobile consumer behaviors found that 86% of us will take some kind of action if trust is challenged. Almost half will stop using a service (interestingly a year-on-year increase from 38% to 44%) and nearly one in three (30%) warn friends and family about bad experiences.
Looking ahead new interactive and richer messaging formats such as messaging based on the RCS standard, and chat bots that use AI to automate customer interactivity (across both OTT and mobile networks) will help grow the enterprise messaging opportunity. Yet fraud is a persistent threat. MEF’s Fraud Framework sends a clear message (no pun intended) to all players, from telcos to buyers and everyone in-between, that fraud needs to be seen as shared problem if we want to protect and indeed grow a $60bn market place.
Joanne Lacey, COO at MEF
Image Credit Niekverlaan / Pixabay