Application-to-Person (A2P) messaging, or one-directional messaging from an application to a person where no reply is expected, has seen double digit growth from Mobile Network Operators (MNOs). In 2020, the COVID-19 pandemic drove significant business growth for A2P and messaging services, with many mobile carriers experiencing exponential growth. More and more enterprises, within the finance, retail, travel and healthcare arenas, are using A2P to communicate directly with their customers to send notifications, PIN codes, critical alerts and two-factor authentication messages. From the consumer side, you may have received an A2P with your online banking service, made an online purchase, ordered takeout, or more specific to the pandemic, received messages directing you to websites for information about COVID-19, including testing and vaccine locations.
Key trends in A2P
In the past year there were numerous trends that emerged in A2P messaging in direct relation to the COVID-19 pandemic. From a decline in promotional messages, such as within retail, travel and tourism directly related to stay-at-home orders, to an increase in delivery notifications and online banking that required A2P notifications. While travel and tourism SMS messages were down to almost zero in 2020, tracking service notifications, such as for packages and grocery deliveries, grew exponentially, leading to significant growth on the enterprise side of numerous companies.
From the beginning of the pandemic, the public faced a lot of fear and uncertainty with the general environment of the world and how to stay safe from COVID-19. Organizations turned to SMS more than ever to communicate and share information about how to protect yourself from COVID-19. Consumers embraced non-traditional, digital communication channels to replace day-to-day in person interactions.
A2P messaging played a crucial role in government communications around COVID-19. In Sweden, the local government developed a secure website with current COVID-19 information to keep the public informed about lockdowns, ways to stay safe and information about the virus. When it was launched, only 100,000 visitors were using the site daily. Once the local government sent out A2P messages to those living in the area, the traffic jumped to over 2 million visitors per day. By utilizing the messaging system, the government was able to effectively, inexpensively and securely direct individuals to a safe and secure website with current information. Using A2P messaging the government received a greater response over email, as consumer trust is greater in SMS text messaging.
Dangers of A2P: reputation loss, grey-routes and smishing
SMS is an extremely important service for businesses and local government to spread awareness, however it is very fragile in terms of building and maintaining confidence levels around the security of these messages. It’s essential for enterprises to choose the right vendor to work with. Choosing the wrong one can lead to poor messaging routes susceptible to fraudulent activities from illegal bypasses for traffic termination and attacks ultimately resulting in loss of data (personal and security data - like one time passwords), slow delivery times (leading to multiple retries which increases the overall service price) and bad customer experience. Some of the more recent security risks associated with the increase in data phishing are the new Flubot attacks. Flubots operated a fake FedEx website targeting Android users in Germany, Poland, and Hungary. By sending text messages with a parcel tracking URL that led to malware downloads.
One of the most prevalent and costly forms of fraud in SMS messaging is via grey route messaging where the A2P traffic is terminated using illegal routes/methods. The term grey route defines a route that is not authorized by the mobile operator for delivery of SMS to their subscribers. Grey route messaging fraud could lead to a loss of over $7 billion by 2024.
This increased danger and prevalence of phishing, or smishing (SMS phishing) is a larger concern for individuals and organizations moving forward. Consumers typically express greater trust in an SMS than an email, however with the increase in smishing during the pandemic more people are losing trust, with concerns about fraudulent links and A2P avoidance.
Smishing was more prevalent than ever during the pandemic because there were more opportunities for scammers to try and take your personal information. For example, if you know you are expecting a delivery and received a text that it is delayed or missing with a link provided to track it down you will probably click on it. This type of message wasn’t out of the ordinary and may not seem dangerous. But it provides scammers the opportunity to collect your sensitive information. With the increase in fraudulent SMS phishing attempts during the pandemic, governments and organizations were forced to alert the public about these scam notices, damaging reputation and public confidence in SMS.
The Bank of Ireland recently dealt with attacks and fraudulent activity targeting their customers through email and smishing. Fraudsters send texts posing as the Bank of Ireland redirecting to fraudulent websites to try to gain access to online banking or card details. It has become such a problem that the Bank of Ireland hosts a website with examples of what to watch out for to protect yourself.
Example of a smishing text from the Bank of Ireland Website:
Residents of the US also dealt with a smishing scam relating to IRS stimulus payments directly related to COVID-19 relief. In the Spring of 2020, the US government sent out millions of one-time $1,200 stimulus payments to individuals and families across the US. Later in the year, fraudsters sent a text messages to millions of Americans claiming to be from the IRS and stating they had deposited $1,200 into their account but needed them to click a link to confirm their account details in order to complete the transaction. This link redirected to a fraudulent site set up to collect confidential personal information.
The future of A2P: truly universal messaging platform
Continuing to build public confidence and tools to keep consumers safe is vital for the future of A2P messaging for enterprise. SMS messaging is an extremely important tool and service that has a long life ahead of it to reach audiences directly. To continue the growth there must be layers of security involved to protect users from smishing and retain brand confidence.
Because SMS text messaging is categorized as an “information service” and is not subject to regulatory burdens that apply to telecommunications and commercial mobile services - MNOs, government and enterprises need to self-regulate to ensure they are providing the security and confidence their consumer’s demand. SMS does not rely on data connection to work. Instead it uses dedicated channels that are not related to data networks. That is why we still can send and receive SMSs while switching off our data roaming services in a foreign country.
One way to increase the security of SMS text messaging is for MNOs to implement SMS firewalls and managed services as the best defense for A2P revenue. Enterprises and organizations need to work with a system that promotes security, perform due diligence analysis and follow industry forums such as MEF that has developed a code of conduct for business SMS. In addition, mobile operators can seek out backbone partners that will provide secure, cost-effective connection to high-quality termination with direct access for global players such as SMS providers, aggregators and enterprises. A trusted partner avoids the need for multiple routes or providers, while the traffic sent via direct access removes the risk of illegal termination.
While SMS messaging is a simple tool, it offers huge potential as the only universal messaging platform that can be sent to any device, requiring no data usage. A2P messaging will remain an integral part of the life of the digital consumer far beyond COVID-19, and with the right security and authentications measures put in place, organizations can help to secure consumer confidence.
