Mobile malware is one of the biggest concerns for today’s enterprises looking to invest in mobile marketing and, at best, an annoyance for mobile users on the receiving end of attacks. Unlike traditional PC based ‘viruses’ such as ‘The Anna Kournikova’, which gained large scale media attention when it attacked millions of computers in the early naughties, mobile malware operates in a more elusive manner. JF Sullivan, EVP of Product and CMO, Acision explains.
Perhaps more worrying is the fact that the vast majority of mobile malware is designed to make its creator a profit. According to security firm F-Secure’s 2013 Threat Report, of all Android malware seen in the first half of 2013, 77% was profit motivated. The report highlighted the rise to prominence of the Stels malware, which works to steal mobile Transaction Authentication Numbers (mTANs) for banking logins via SMS.
With Ericsson’s latest mobility report estimating that there are now 6.4 billion cellular subscriptions in use worldwide , and the ongoing reliance of consumers on their mobile phones to carry out tasks such as banking and purchases, the prominence of fraudulent or ‘spam’ SMS activity is only likely to increase.
The rise in this unlawful activity is bad news for legitimate organisations whose business models are based on attempting to carve out a unique position, niche or vertical in the mobile messaging space. To highlight this issue further, Acision’s findings show that, on average, 5% of all messages are spam or fraud related, while the GSMA reports this number may be as high as 20%.
For operators, this illegitimate traffic has a range of undesirable outcomes. At the top of this list is revenue loss or leakage, which happens as a result of unexpected costs and imbalances in their interconnect agreements. The additional traffic created by unwanted text messages also squanders network resources and pushes staffing and support costs upwards. For subscribers who are targets of these attacks, unsolicited messages don’t exactly promote customer satisfaction, leading to customer care complaints and increases in churn. In the worst cases, excessive fraudulent activity has even resulted in regulatory intervention from government organisations.
The boom in SMS related marketing across the consumer landscape has altered what customers see as acceptable and unacceptable spam, with some marketing seen to ‘cross the line’ of legitimacy.
This is especially true in regards to low-cost, bulk SMS delivery.
Such delivery providers’ primary business model is to send message traffic at lower costs than MNOs. The quality of service is not always guaranteed, as these companies offer different levels of price and performance, depending on connection agreements, if these are even in place. While not always resulting in illegitimate activities, the pressure often results in the extension of lawful boundaries.
Illegitimate messaging traffic can originate from a range of sources, including peer-to-peer traffic, application traffic and traffic from black market SIM boxes (or SIM farms) and other (foreign) networks. Some traffic or message content also contravenes operator agreements or violates content provider regulations and local laws. Gaining control of these threats requires a solution with multiple levels of control.
So how can today’s operators ensure their network, service and revenues are protected, and their customers remain happy? Closing fraudulent access allows operators to minimise direct revenue leakage and encourages legitimate connection channels, improving revenue potential and ensuring that market pricing is enforced and maintained.
Understanding the complexity of the mobile ecosystem is challenging. A holistic approach is needed to deliver a comprehensive solution that detects and then prevents all fraud and spamming techniques. Intelligent analytical tools based on traffic patterns can be used to help operators detect issues and minimise their revenue leakage, allowing them to quickly respond to the continuous exploitation of weakness in the mobile network and mobile devices, and actively put protection methods in place.
Keeping control of revenue streams is more important for operators today than it has ever been before. Finding a solution that ensures leaks from unsolicited services are plugged as effectively as possible is more important than ever. Such an approach not only guarantees correct charging for services but also prevents the abuse of inter-operator agreements.
Such a solution also needs to protect the network and subscribers alike in order to reduce customer dissatisfaction and comply with industry regulations. It should also operate across an array of technology, core networks, messaging platforms and handset variations. Such multi-layered solutions can be delivered at a network level, effectively filtering a range of potential threats, from SIM box fraud to phishing attacks and everything else in between.
SMS’s unique ubiquity and reach has turned it into an integral part of everyday life for millions of people worldwide. It has also become a valuable marketing and communications tool for organisations from hairdressers to multinational conglomerates and even schools and colleges. However, the same benefits have proved attractive for the mobile industry’s dark side. Mobile operators must stay ahead of these cyber criminals and ensure their customers are kept safe from unsolicited approaches. Achieving this will ensure revenues stay high and keep churn levels low.