17th - May - 2016

The Cost of Fraud in the A2P SMS Ecosystem, A Back-Of-The-Envelope-Calculation

Fraud is headline news…why, because it costs businesses and consumers money, lots and lots of money.  Though fraud is not rampant in the A2P SMS ecosystem it exists and it is costly.  Today we are pleased to announce the launch of the A2P Messaging Fraud Framework by the MEF, it was developed by a working group of 25 companies and is part of the larger initiative the Future of Messaging.  To build on the announcement this article will explain where fraud occurs and hypothesize what fraud costs the ecosystem.  Before diving into the back-of-the-envelope calculation, we first have to understand the market size and the types of fraud that exist in the A2P SMS ecosystem.  So to begin we must first do the following –

  1. Define estimated A2P SMS market size

  2. Identify which fraud types are impacting the ecosystem

Market Size of A2P SMS – The size of the overall A2P SMS market is a hotly debated topic with estimates ranging from $3 billion to $70 billion USD and beyond.  For the sake of simplicity I am estimating the current overall size of the A2P SMS market as $10 billion USD, this is based on my intimate knowledge of key markets and players.  This market size differs depending from where in the ecosystem it is measured, and so this estimate is taken from the perspective of the Mobile Network Operator (MNO), i.e. the money an MNO sees in exchange for terminating a message to one of the subscribers.   

The volume of terminated traffic reported by various analysts is around 2 trillion A2P messages per year and this number we believe includes messages sent via fraudulent routes.  A quick calculation using these numbers suggests the average wholesale price charged per message (by an MNO) is $0.005 USD or ½ a penny US, which is lower than expected but a reasonable assumption given some very large markets like India are lower than this and other regions like Western Europe are higher.  

The $10 billion USD estimated market size takes into consideration that a reasonable portion of the 2 trillion messages sent are not charged for due to fraud, and leads to a lower than expected average wholesale price of $0.005 USD.  It is important to note Enterprises are paying higher than wholesale rates for messages terminated to blocked and filtered networks, and are paying significantly below wholesale rates for messages terminated to networks susceptible to fraud.  Since some messages are not charged for, or are charged far below wholesale rates, the market size is materially larger from the perspective of Enterprises paying to terminate messages to consumers, i.e. greater than $10 billion USD.  

Fraud Types – The A2P Fraud Framework, published today by the Mobile Ecosystem Forum (MEF) under The Future of Messaging initiative identifies 11 fraud types –

  • Spam

  • SMS Originator Spoofing

  • SMS Phishing

  • SMS Malware

  • Access Hacking

  • Grey Routes

  • MAP (Mobile Application Part) Global Title Faking

  • SCCP (Signaling Connection Control Part) Global Title Faking

  • SMSC (Short Message Service Center) Compromise Fraud

  • SIM (Subscriber Identify Module) Farms

  • AIT (Artificial Inflation of Traffic)

A Back of the Envelope Calculation

How much is fraud costing the A2P SMS ecosystem?  In this calculation, the types of fraud are grouped and then allocated to certain parties within the ecosystem, namely consumers and mobile network operators.  Consumers are most impacted by Spam, SMS Originator Spoofing,  SMS Phishing and SMS Malware, which are used alone or in combination to cheat consumers out of money.  Estimating the actual amount of this fraud is difficult but using email as a baseline, we know there are around 100 billion B2C emails sent every day (or 37 trillion email messages per year) globally.  Looking only at the UK, there are approximately 1 billion B2C emails sent every day (365 billion per year), and we know phishing emails cost consumers an estimated £174 million in the UK last year, so simply using the same percentage of fraud per email message and applying it to A2P SMS, gives us a cost of £4.5 million directly from SMS phishing in the UK per year.  This is a very conservative estimate given the higher read rate / open rate of SMS versus email.  Excluding the difference in open rate, and using the same percentage to calculate fraud costs for A2P SMS globally, yields $680 million USD per year globally from SMS phishing alone.

Grouping together SIM Farms, Grey routes, SCCP GT Faking and MAP GT Faking as all of these are often used in conjunction to terminate a message at low or no cost to the detriment of the MNO.  In this case, again it is a difficult number to calculate, but removing SIM farms, and estimating the impact of the remaining three fraud types and assuming the vast majority of the world’s largest operators have already implemented firewalls as per the Ovum / Mblox ‘Sustaining A2P SMS Growth’ article, then in Mblox’s experience we estimate roughly 20% of the traffic still manages to slip through firewalls due to incorrectly configured firewalls or faking.  Even if this is hard to believe, it can be argued that less than 80% of the world’s subscribers are protected behind SMS firewalls, leaving 20% still to be monetized.  This suggests the A2P SMS ecosystem is 20% short of the estimated market size of $10 billion USD due to these fraudulent practices, which comes out to $2 billion USD per year.

Focusing on SIM farms alone, which are rife in very large markets like Brazil and Mexico; and using the estimated size of the UK SIM farm market to extrapolate the global number, we estimate roughly 100 million UK messages are terminated per month to UK subscribers via SIM farms.  If we assume 75% of these messages get charged at interconnect (circa £0.02) and none of it is recouped by the operator sending the message, we get a total cost of $26 million USD per year of messages sent that are not charged for by the operator.  Assuming the same rate of SIM farm fraud per person in the UK and extrapolating it globally, we get $2.8 billion USD loss per year globally across all operators.  Now not every country in the world suffers from SIM farm usage, and the UK doesn’t have the most severe problem due to steps UK operators have taken, so I would revise the estimate to $1 billion USD to be fairer and attribute another $1 billion USD per year for Grey routes and other faking from the above assumption.  This results in an estimate totaling $2 billion USD of loss for Mobile Operators due to faking,  grey routes and SIM farms plus $680 million USD of loss for consumers due to phishing and malware.

For more information on The Future of Messaging and to understand the best practices it establishes to combat A2P SMS fraud, visit www.futureofmessaging.com.

About MEF

The MEF, Mobile Ecosystem Forum, a global trade body was established in 2000, whose goal is to accelerate the growth of a sustainable mobile ecosystem.  With chapters across Africa, Asia, Europe the Middle East, Latin America and North America the MEF acts as an impartial and authoritative champion for addressing issues affecting the mobile ecosystem.  It provides members a global and cross-sector platform to network, collaborate and advance industry solutions to drive inclusion for all and to deliver trusted services to enrich the live of consumers worldwide.

Sources:

Email Statistics Report 2013-2017

Phishing Scams Cost UK Consumers £174M in 2015

Author: Rob Malcolm, SVP Corporate Development at Mblox
Originally posted on mblox.com

Signup for Blog Updates