SMS firewalls are the golden standard gateway for securing A2P SMS messaging

SMS firewalls are the golden standard gateway for securing A2P SMS messaging

Rachel Njiru, Director OP Africa, Infobip, on why mobile network operators (MNOs), must primarily implement SMS firewall systems to secure their networks and customers.

Despite the influx of over the top (OTT) messaging solutions in recent years, application-to- person (A2P) SMS messaging remains the most widely used channel by businesses across the African region. SMS reach, ease of use and guaranteed high ROI are top reasons for this, among others.

Although many African enterprises have recently embarked on Digital Transformation journeys, A2P SMS messaging remains the most important channel for companies to interact with customers. It is expected that white route traffic will increase from an average of 61% to 66% by 2023 worldwide. Internet, media, financial and entertainment industry lead the pack with SMS volumes that will average more than 50% contribution. Across Sub-Saharan Africa, mobile money is expected to shape the chunk of this traffic by 2024 with mobile money and RCS expected to grow by volumes and revenue according to a recent report by Analysys Mason group.

While Africa has a significant mobile phone penetration rate, the uptake of smartphones remains relatively low due to prohibitive pricing and low rates of Internet penetration in some parts of the continent. So, while OTT channels are beginning to focus on securing a greater role in A2P communication in Africa, the market remains restricted.

In the East African region, this is especially true for countries such as Ethiopia, Somalia and Sudan where feature phone penetration is high, meaning that OTT channels are unlikely to play a central role in business to customer communication in the near future. Thus, SMS still plays a critical role in the delivery of this type of traffic, even amid the COVID-19 pandemic which spurred an increase in the utilisation of online and B2B services.

Automated messaging

A2P messaging allows brands to connect with customers, whether via SMS or other chat applications, in an automated manner through specialised software and messaging gateways. The need for this solution arose from businesses seeking the ability to communicate with a large number of people, without typing out each individual message. This led to the advent of Application Programming Interfaces (APIs) that allows easy integration of business core platforms to messaging channels and platforms from providers and aggregators over public Internet. Other trends that are fast being adopted include digital native cloud SMS platforms that enable business faster time to market. In essence, whether bulk messaging for promotion, campaign or simply handling of transactional services as in authentication, verification etc, businesses are being empowered in their choice of technology to use to facilitate their core function via A2P and P2A integrations end-to-end.

However, while A2P SMS messaging remains an easy and convenient way for brands to reach their customers, fraudulent and unwanted traffic poses a significant risk to both mobile users and organisations. In the overall SMS ecosystem today, the amount of fraud is significant and an ongoing challenge for all the stakeholders. Fraudsters are always trying to find new ways to attack the network. A study by Accenture says the cost of this type of activity to businesses will reach US$5.2 trillion over the next five years, so there is no room for complacency.

Mobile network operators (MNOs) play a key role as part of the SMS A2P and P2A value chain. Not only do they host the SMS gateways based on either HTTP(s), SMPP or SS7 as the most popular integrations, but are also responsible for safeguarding consumers against abuses and illegal subscriptions, amongst other vices.

A growing concern for MNOs is the increase in grey routes, which are becoming prevalent in the delivery of fraudulent and unwanted traffic. A grey route is one that supports SMS traffic, but doesn’t generate revenue for MNOs because they take advantage of legitimate consumer routes to send large quantities of A2P SMS messages for a price point that is under the official carrier rate. The ‘grey’ part of the route is usually found at the receiving end where the message terminates on one operator’s network. It’s often made to look as if it originated locally through manipulation of the sender ID when, in, reality, it will have likely started its journey from abroad. While grey routes are not properly monetised, network operators still pay for signalling and network maintenance for this traffic.

In recent years, there has also been a steady rise in SIM farms that disguise A2P traffic to look like peer-to-peer (P2P) traffic to exploit mobile networks. SIM farms are banks of mobile devices that contain SIM cards and connect to networks like mobile phones. They typically use prepaid SIM cards with unlimited SMS deals, and are commonly used by SMS spammers.

Two options remain open for MNOs in attempting to curb losses and threats caused by such vulnerabilities, technological intervention or commercial. This is possibly augmented through other strategies including segmentation and segregation of traffic.

Fraud-ridden channels

SIM farms not only violate network fair usage agreements, they also often drive fraudulent traffic to end users with the intention of scamming them through phishing or other means. This poses a threat to both subscribers and network operators, with the latter risking reputational damage and a loss of trust from customers. When channels become fraud-ridden, the highest generators of A2P revenue – enterprises – will often seek alternative networks to protect their customers against potential losses.

To protect themselves, MNOs must primarily implement SMS firewall systems to secure their networks and customers. This should be coupled with continuous learning, as fraud patterns and techniques evolve almost daily. SMS firewalls monitor the type of traffic that is coming onto a mobile network and can track the destination. These solutions scan all SMS traffic coming to a mobile network based on content, the sender and the route via which messages are sent amongst other message parameters as the complexity of curbing some of these vulnerabilities increases.

The criteria for filtering messages initially needs to be pre-set and MNOs should work with a firewall vendor that can implement these rules. Additionally, operators must work with a vendor that continuously updates these rule sets to ensure they filter out all unwanted traffic from a network. Advanced firewall systems feature Artificial Intelligence (AI) and Machine Learning (ML), which enable the system itself to keep building a database and criteria for filtering messages.

SMS firewalls remain the golden standard for preventing fraud and spam on mobile networks. There are multiple firewall vendors in the market, but the most effective solutions are a managed solution, where MNOs work together with their vendor. This ensures constant upgrading of the firewall to keep up with the latest trends, as well as to create new rules to cover any emerging fraud mechanisms.

Accordingly, and owing to the significant vulnerabilities posed by grey routes, spam, phishing and other SMS based attacks, MNOs are projected to significantly increase their investment of next generation SMS firewalls from 48.3% in 2018 to 81.3% in 2023 of all MNO deployments. While majority of the investments were in Europe at 38.8% of total deployments, Middle East and Africa  (MEA) accounted for 27.4%. Going forward, we also anticipate an increased investment by MNOs locally in uniformity with the global trend.

Click below to share this article

Browse our latest issue

Intelligent CIO Middle East

View Magazine Archive