How Secure is Your A2P Messaging?
There was a time when A2P messaging was simply known as application-to-person messaging. In some spheres, it was even referred to as enterprise or professional SMS. It was a convenient way for companies to reach out to numerous customers at one time, sending out deals and other offers to those who had subscribed to the service. However, A2P messaging, like too many other good things, has been tinged by the exploits of malevolent actors.
As we’ve discussed previously, grey routes are one of the most common causes of fraudulent A2P messaging. Grey route messaging occurs when A2P messages that originate outside of authorized networks infiltrate service provider networks. They do this by exploiting traffic channels that are meant for P2P (person-to-person) messaging. Essentially, people who did not sign up for alerts from a company start getting spammed with unwanted texts. Since it’s almost impossible for businesses to realize they’ve been infiltrated without the help of anti-fraud solutions, it’s difficult to stop the messages from going out. This ultimately results in heavy fines on the companies, a loss of reputation, and some very angry customers.
However, according to the Mobile Ecosystem Forum (MEF) there are 10 additional types of fraud that put genuine A2P messaging at risk—let’s take a look at a few of the most common techniques.
Oddly enough, some of these fraudulent activities are caused by the companies themselves. For instance, Spam occurs when overzealous marketers knowingly send promotional messages to bought or farmed lists of telephone numbers in order to increase sales. It can also occur if the company does not manage its customer data correctly by failing to verify that customer numbers are correct or by not obtaining consent from said customer to send messages. Meanwhile, SMS Originator Spoofing hides the company’s true identity by making the receiver think the message is from someone they know. These two aren’t particularly harmful, just annoying.
On the other hand, there are various forms of fraud that are out to steal from/harm the customer. SMiShing (SMS Phishing) combines Spam and SMS Originator Spoofing, along with social engineering techniques, to text customers in an attempt to gain access to their online systems, accounts or data (ie. credit card information). On the same note, SMS Malware can be distributed through A2P messaging in an attempt to gain access to a mobile subscriber’s OS and sensitive information such as banking passwords.
Although there are various ways in which A2P messaging can be taken advantage of, the results are always the same. As MEF states, “Fraud within the messaging ecosystem affects everyone, be it directly or indirectly, no matter where you sit within the value chain. If consumers lose faith in SMS, or consumer complaints drive the imposition of overbearing regulations, then this quick, nimble, immediate and effective means of communication may be lost.”
A2P messaging was once an easy, trustworthy way to contact customers who had subscribed to the service. Now, each message sent out is a potential danger to the customer on the receiving end. It would be a shame to give up on this form of communication entirely, though, given that texting is so convenient. That’s why it’s important for companies to invest in anti-fraud solutions, to protect themselves and their customers.
Edited by Maurice Nagle