Today mobile network operators (MNOs) have multiple ways to combat SMS fraud and spam – and given that so much valuable information and access is on our phones, they should be implementing all of them.
During the early days of anti-fraud procedures, only basic features like blocking by global title or by sender ID/originating address were available. Now anti-fraud measures encompass a variety of methodologies and options, and their combination provides different levels of sophistication and efficiency.
So how does an MNO decide which measures to use in order to combat SMS fraud? There are some key features that stand out when implementing anti-spam and revenue assurance measures.
10 ways MNOs can combat SMS fraud
1. Volumetric checks
Volumetric checks are at the base of any anti-spam/fraud systems. These checks enable flagging of SMS whenever a pre-defined threshold is exceeded; for example, when the number of SMS sent by the same Sender ID is more than 50 in 1 hour, or when the same sender sends more than 20 SMS to the same recipient in 1 hour.
In order to keep peace with fraud while reducing false positives, MNOs should implement a solution enabling unlimited combinations of filters and dimensions.
2. Content validation
In the early days of content validation, we were happy when a tool could cluster SMS with specific key words or repeat content, but with the evolution of fraud this alone isn’t enough anymore to protect MNOs. Obfuscation and morphing techniques such as swapping Latin letters with Cyrillic characters or modifying the structure of the SMS body require advanced capacities to identify similar messages.
Content validation is key to split A2P from spam, foremost when the sender ID is a 6+ digits number.
3. Profiling and flexible filtering
With the diversification of SMS use cases, one MNO might want to handle an SMS depending on its content, sender ID, sending GT, etc. – for example, many operators want to receive Welcome SMS from Preferred Roaming Partners while blocking this content from all other connections.
The capacity to tailor filtering down to a combination of information is crucial to control message routing by content and should be required.
4. Machine learning
Machine learning techniques can be applied, and anti-fraud systems and up-to-date solutions should show this capacity on their roadmap if they don’t provide it already.
5. Re-routing
Blocking or monitoring messages aren’t the only SMS handling options we have. For instance, where entities don’t allow A2P content termination, sending MNOs might want to re-route commercial SMS over tested routes to prevent A2P revenue losses.
6. Home routing (roaming)
The home routing feature is necessary to maintain control on traffic generated by customers abroad. State of the art vendors provide advanced protection by masking user’s information to prevent faking and spoofing (dedicated global titles and faked MSISDNs are returned to the sender instead of the real info).
7. Global database checking
Industry associations (like the GSM Association) share knowledge on fraud cases with their members, and some specialized vendors use their own global database to automatically update their customers’ filters.
Connecting to existing databases or using 3rd party solutions with their own global threats feeds is strongly recommended, especially to combat SMS fraud, and if the MNO’s focus is on anti-spam and customer protection.
8. Pro-active routes testing
Pro-active testing solutions are generally provided by specialized vendors who own a global network of probes and a platform that’s able to collect and analyze information from both sending and receiving parties. This last information is particularly important and hardly accessible to the sending entity.
Crosschecks for discrepancies between information sent and information received reveal suspect routes and provide evidences in case of disputes. A major aspect to be considered when selecting a vendor for this service is their coverage.
9. URL checking
Malicious links damage users, but also enterprises when sent on their behalf.
URL checking services are available that automatically check URLs in suspect SMS bodies. Providers are connected to internal or external databases and can ping sites for validation.
10. IMSI querying
Sophisticated SIM farming techniques can bypass volumetric checks. This normally occurs when fraudsters feature a vast array of MSISDNs spread around the world, and each of them is used below standard thresholds. Results from IMSI querying against existing database and volumetric checks help identify sophisticated SIM farm cases.
Advanced solutions include geo-location querying, which is particularly efficient against identity spoofing.
Most successful MNOs implement solutions equipped a mix of these features, partly in-house or fully out-sourced to specialized, carrier-grade vendors.
