Signalling network presents next area of operator weakness as grey routes get locked down
Recent research from Mobilesquared reveals that operators’ failure to secure SS7 networks is costing them messaging revenue today and could see them lose share of the two factor authentication market in future, writes George Malim.
The report, ‘Global A2P SMS Messaging Forecasts By Country (2017-2022)’, kicks off with a dose of realism, predicting the potential revenue for application to peer (A2P) SMS messaging to be US$26.6bn in 2022. This is in contrast to earlier projections, published in 2014, for A2P SMS revenue of more than double this figure by 2018 from Juniper Research.
It’s fair to say, however, that A2P SMS has gone through something of a hype cycle in the intervening period with an accurate picture of true revenues obscured by the continued operator scourge of grey route traffic. The Mobilesquared report heralds the end of the grey route era, in which two operators or entities that do not have a commercial relationship or agreement could send SMS messages, typically in bulk, while failing to remunerate operators fairly.
The Mobilesquared report has found that the value of the grey route market is decreasing with white-route traffic accounting for 88% of revenues in 2017 even though it accounted for just over half of all A2P SMS traffic. Revenue share for grey routes is set to fall further with white route traffic accounting for 97% of total A2P SMS messaging revenues by 2022. Grey route traffic revenue is projected to experience recurrent declines in revenue year-on-year at a compound annual growth rate (CAGR) of -11.9%.
“It’s not quite the end for grey route traffic,” says Nick Lane, the chief insight analyst at Mobilesquared. “It’s fair to say grey route traffic is becoming under control as more mobile operators invest in a next-gen SMS firewall. Our research suggests that grey route traffic will always exist as a small percentage of a mobile operator’s A2P SMS traffic, because companies will always find a way, whether via a SIM farm, or by identifying a loophole that they are yet to exploit. Its cat and mouse, which means a mobile operator can never stop paying attention to their SMS firewall.”
Nevertheless, operators continue to lose substantial A2P SMS messaging revenue as a consequence of insecure messaging caused by the absence of firewalls. Mobilesquared’s research puts the losses at US$7.7bn in 2017 but projects these will decrease to US$3.9bn as more firewalls are deployed.
A growing proportion of operators are relying on SMS firewalls to protect their revenues and the report finds that 61% of mobile operators will have deployed an SMS firewall by the end of 2018. However, just 6% of these had deployed an SS7 firewall by the end of 2017. This suggests that operators’ priorities are to secure their A2P SMS messaging revenues rather than their customers’ traffic.
SS7, which stands for signalling system 7, firewalls protect mobile operators from attacks by tracking SS7 sessions and inspecting signalling traffic in real-time. Illicit messages and patterns can be blocked immediately, ensuring that third parties are unable to access subscriber information or change subscriber profiles. This means operators can protect both their revenues and their customers and networks from malicious attacks.
Mobilesquared’s findings reveal significant projected growth in SS7 firewall deployment, predicting that 54% of mobile operators will have invested in SS7 firewalls by 2022.
There’s a strong incentive to do so because the Mobilesquared research forecasts between 8.4% and 10.8% of total A2P SMS white route revenues could be lost to A2P rich communications services (RCS) messages by the end of 2022. A2P RCS has the potential to reduce total global A2P SMS traffic by 238 billion messages by 2022.
The forecast of almost 11% of A2P SMS traffic migrating to A2P RCS is based on the rapid adoption of RCS among enterprises for promotional and marketing types of messages only. A significant volume of A2P SMS traffic is for two factor authentication (2FA) messages utilised by financial institutions and other organisations to authenticate transactions. Should RCS adoption be rapid across all sectors and message types, including 2FA, the traffic that migrates over to RCS messaging could increase to 33% of total A2P SMS by 2022.
“With grey routes being locked down, the signalling network is the next area that potentially presents an area of weakness for mobile operators from rogue companies,” adds Lane. “2FA traffic is a major percentage of total A2P SMS traffic globally. It only takes one mobile operator to be attacked for major enterprise customers to lose faith and confidence in the security of the mobile operator’s network. Protecting their signally network with an SS7 firewall is a relatively small investment for the mobile operator when it comes to safeguarding their brand and trust, not only from its consumer customers, but from the banking community and digital conglomerates sending 2FA traffic.”