In the world of business messaging, where countless partners, networks, gateways, and protocols converge to ensure messages reach their intended destinations, the importance of safety and trust cannot be overstated.

In an era marked by increasing complexity and the persistent threat of fraud, maintaining the integrity of this messaging chain necessitates unwavering vigilance and collaborative efforts at every turn.

One particular fraudulent scheme that has been gaining notoriety is known as Artificially Inflated Traffic (AIT). This is a growing concern that demands our collective attention and proactive measures to minimise and prevent its impact.

Understanding Artificial Inflation of Traffic (AIT)

AIT, also referred to as SMS traffic pumping, is a form of fraud that involves the generation of substantial volumes of counterfeit traffic through mobile applications or websites. In this nefarious practice, fraudsters exploit phone number input fields to receive one-time passcodes (OTPs), app download links, or other information via SMS. Without adequate safeguards and controls in place, these attackers can artificially inflate traffic by sending SMS messages to a range of numbers controlled by a specific mobile network operator (MNO) and subsequently receive a share of the revenue generated.

AIT, along with other threats like grey routes and SMS phishing, poses significant risks within the business messaging ecosystem. The financial losses incurred by MNOs and users due to AIT are substantial, but the impact extends further to the erosion of trust in your organisation and the relationships you’ve cultivated with your customers.

Recognising AIT Fraud

One common scenario where AIT fraud can occur is when individuals input their mobile numbers to set up online accounts. They may receive OTPs to verify their numbers, facilitating smooth onboarding. While expedited sign-up processes are beneficial for businesses and consumers alike, they also create opportunities for fraudsters to initiate fake sign-ups and exploit businesses for the cost of SMS.

Detecting AIT fraud

To detect AIT fraud across your accounts, be on the lookout for telltale signs such as a surge in messages sent to adjacent numbers, often targeting remote destination countries. If your SMS usage involves OTPs, you might notice incomplete verification cycles. Unfortunately, awareness of such activity may only come after the fact.

Why partner with a business like Esendex?

At Esendex, we prioritise the highest standards of accountability, as demonstrated by our ISO27001 certification. We collaborate closely with our customers to mitigate the risk of fraud through various strategies, including:

1) Pattern detection and real-time monitoring: Utilising metrics and data analytics tools to identify anomalies and potential AIT fraud.

2) Security measures: Implementing multi-factor authentication to enhance security.

3) Robust routing strategies: Minimising intermediaries in the trust chain and continuously analysing send and destination country activity by account.

4) High-risk destination management: Maintaining a register of known high-risk SMS send destinations.

5) Information sharing: Supporting customers by sharing information about in-country threats, fraudulent practices, current legislation, best practices, and the risks associated with poor procurement processes.

Mitigating risk in your business

Balancing data privacy, security, and the need for faster, seamless connectivity with consumers is a formidable challenge. To minimise risk, consider these proactive steps:

  • Implement Multi-Factor Authentication to enhance user security.
  • Use CAPTCHA and Similar Tools to thwart fraudulent bots on mobile number collection forms.
  • Limit SMS sends to the countries where your business operates.
  • Set up Payment Thresholds with your Esendex account manager to cap potential liabilities.
  • Consider Sub-Accounts to separate SMS OTP sends from high-volume marketing accounts, reducing the likelihood of AIT traffic going undetected.
  • Establish Rate Limits to control message frequency per same number range/prefix.
  • Monitor Conversion Rates for indicators of AIT fraud, especially if conversion rates drop unexpectedly in a particular country.

Jonathan Walsh is general manager for Asia Pacific at Esendex.