Fraud costs businesses and consumers money – but the size of the loss is often hard to quantify. As MEF launches a new Messaging Initative, Rob Malcolm, SVP of Corporate Development at Mblox, one of the 25 programme founders, explores what fraudulent activity is really costing the A2P SMS ecosystem…
Fraud is headlines news…why, because it costs businesses and consumers money, lots and lots of money. Though fraud is not rampant in the A2P SMS ecosystem it does exist and in this article we explain where it occurs and hypothesize what it costs. Before diving into the back-of-the-envelope calculation, we first have to understand the market size and the types of fraud that exist in the A2P SMS ecosystem.
So to begin we must first do the following –
- Define estimated A2P SMS market size
- Identify which fraud types are impacting the ecosystem
Market Size of A2P SMS – The size of the overall A2P SMS market is a hotly debated topic with estimates ranging from $3 billion to $70 billion USD and beyond. For the sake of simplicity I am estimating the current overall size of the A2P SMS market as $10 billion USD, this is based on my intimate knowledge of key markets and players. This market size differs depending from where in the ecosystem it is measured, and so this estimate is taken from the perspective of the Mobile Network Operator (MNO), i.e. the money an MNO sees in exchange for terminating a message to one of the subscribers.
The volume of terminated traffic reported by various analysts is around 2 trillion A2P messages per year and this number we believe includes messages sent via fraudulent routes. A quick calculation using these numbers suggests the average wholesale price charged per message (by an MNO) is $0.005 USD or ½ a penny US, which is lower than expected but a reasonable assumption given some very large markets like India are lower than this and other regions like Western Europe are higher.
The $10 billion USD estimated market size takes into consideration that a reasonable portion of the 2 trillion messages sent are not charged for due to fraud, and leads to a lower than expected average wholesale price of $0.005 USD. It is important to note Enterprises are paying higher than wholesale rates for messages terminated to blocked and filtered networks, and are paying significantly below wholesale rates for messages terminated to networks susceptible to fraud.
Since some messages are not charged for, or are charged far below wholesale rates, the market size is materially larger from the perspective of Enterprises paying to terminate messages to consumers. I.e. greater than $10 billion USD.
MEF’s new Messaging initiative identifies 11 fraud types:
- SMS Originator Spoofing
- SMS Phishing
- SMS Malware
- Access Hacking
- Grey Routes
- MAP (Mobile Application Part) Global Title Faking
- SCCP (Signaling Connection Control Part) Global Title Faking
- SMSC (Short Message Service Center) Compromise Fraud
- SIM (Subscriber Identify Module) Farms
- AIT (Artificial Inflation of Traffic)
A BACK OF THE ENVELOPE CALCULATION
How much is fraud costing the A2P SMS ecosystem?
In this calculation, the types of fraud are grouped and then allocated to certain parties within the ecosystem, namely consumers and mobile network operators. Consumers are most impacted by Spam, SMS Originator Spoofing, SMS Phishing and SMS Malware, which are used alone or in combination to cheat consumers out of money. Estimating the actual amount of this fraud is difficult but using email as a baseline, we know there are around 100 billion B2C emails sent every day (or 37 trillion email messages per year) globally.
Looking only at the UK, there are approximately 1 billion B2C emails sent every day (365 billion per year), and we know phishing emails cost consumers an estimated £174 million in the UK last year, so simply using the same percentage of fraud per email message and applying it to A2P SMS, gives us a cost of £4.5 million directly from SMS phishing in the UK per year. This is a very conservative estimate given the higher read rate / open rate of SMS versus email.
Excluding the difference in open rate, and using the same percentage to calculate fraud costs for A2P SMS globally, yields $680 million USD per year globally from SMS phishing alone.
Grouping together SIM Farms, Grey routes, SCCP GT Faking and MAP GT Faking as all of these are often used in conjunction to terminate a message at low or no cost to the detriment of the MNO.
In this case, again it is a difficult number to calculate, but removing SIM farms, and estimating the impact of the remaining three fraud types and assuming the vast majority of the world’s largest operators have already implemented firewalls as per the Ovum / Mblox ‘Sustaining A2P SMS Growth’ article, then in Mblox’s experience we estimate roughly 20% of the traffic still manages to slip through firewalls due to incorrectly configured firewalls or faking.
Even if this is hard to believe, it can be argued that less than 80% of the world’s subscribers are protected behind SMS firewalls, leaving 20% still to be monetized. This suggests the A2P SMS ecosystem is 20% short of the estimated market size of $10 billion USD due to these fraudulent practices, which comes out to $2 billion USD per year.
Focusing on SIM farms alone, which are rife in very large markets like Brazil and Mexico; and using the estimated size of the UK SIM farm market to extrapolate the global number, we estimate roughly 100 million UK messages are terminated per month to UK subscribers via SIM farms.
If we assume 75% of these messages get charged at interconnect (circa £0.02) and none of it is recouped by the operator sending the message, we get a total cost of $26 million USD per year of messages sent that are not charged for by the operator.
SVP Corporate Development
Assuming the same rate of SIM farm fraud per person in the UK and extrapolating it globally, we get $2.8 billion USD loss per year globally across all operators. Now not every country in the world suffers from SIM farm usage, and the UK doesn’t have the most severe problem due to steps UK operators have taken, so I would revise the estimate to $1 billion USD to be fairer and attribute another $1 billion USD per year for Grey routes and other faking from the above assumption. This results in an estimate totaling $2 billion USD of loss for Mobile Operators due to faking, grey routes and SIM farms plus $680 million USD of loss for consumers due to phishing and malware.
Sources: Email Statistics Report 2013-2017 , Phishing Scams Cost UK Consumers £174M in 2015