23rd January 2020

Mobile operators must educate their RCS users to protect them from fraudsters

Mobilesquared believes a grey market is already starting to emerge in RCS, driven by A2P spam traffic over RCS P2P, and will traverse RBM sooner rather than later. A lack of consistency regarding sender verification is likely to allow rogue companies to gain official RBM status and send spam as RBM.

Sender verification is viewed as critical to ensure the RBM (Rich Communication Service business messaging) channel remains clear from spam and fraudulent traffic that has, and continues to have, a negative impact on the A2P SMS space. With every brand or business undergoing a verification process, it is believed that this will be sufficient to prevent unwanted practices occurring over RBM, and the development of a “grey” market.

But spam is already prevalent on P2P RCS. Analytics shared with Mobilesquared from AdaptiveMobile observing a single live RCS deployment, revealed there were 6,000 active spammers operating on the network. In one instance, the top 20 senders issued 31,000 messages between them. Given that P2P traffic remains very low over RCS, incoming spam messages will create a very negative consumer perception of the channel, even before RBM is up and running.

In a separate incident, AdaptiveMobile also identified evidence of high-volume attacks (which are very attractive to spammers), with 10,000+ messages being sent within minutes via SIM Farms over RCS, with multiple senders of the same message working in concert.

The fact that tens of thousands of messages can be sent in minutes over RCS, compared to thousands via SMS, means a different level of security responsiveness will be required. The fact that P2P RCS is also free makes it an irresistible proposition for spammers and fraudsters.

It was not surprising, that for a period during 2019, a number of mobile operators active within the GSMA RCS standardisation working groups were studying the feasibility of applying a “termination charge” for P2P RCS as a means to counter RCS spam; in the same way as white-route SMS has reduced unwanted grey-route traffic.

However, the introduction of a ‘cost’ for P2P RCS would not eradicate spam in itself and would not go down well with industry which is adamant that P2P RCS should be free to the end user in order to help counter the migration of messaging traffic from the mobile operator to OTT messaging platforms. Not to mention acting as an enabler for RCS business messaging by creating scale.

Moreover, combatting P2P RCS spam with price will only target casual spam, it will do nothing to overcome other abuses such as SIM banks pumping out tens of thousands of messages in minutes.

Mobilesquared believes a grey market will emerge in RBM, driven by A2P spam traffic over RCS P2P and migrating on to RBM. Unless a unified and consistent sender verification process can be applied and adopted globally, any inconsistencies will potentially allow rogue companies to gain official RBM status and send RBM spam.

To tackle spam head-on, mobile operators must ensure their RCS networks are locked down and protected with a relevant firewall. Mobilesquared has been told by a number of mobile operators that have launched RCS, that there is no budget available to invest in an RCS firewall, leaving their platform vulnerable to attack.

Mobile operators need to lock-down their RCS platforms from the get go, but it is also incumbent on them to educate their customers what RBM is and what sender verification means. Mobilesquared recommends that every mobile operator launching RCS, or for every new RCS registration, the user/s receive a standardised mandatory RBM clearly explaining what they need to look for, such as the brand’s logo at the top of the message (and not in the body of the message which is happening in P2P RCS spam today), as well as the verification “tick”.

Data from RCS Monetisation: P2P Report, part of our RCS Monetisation series of reports.

nick@mobilesquared.co.uk

Author Jo Hall

More posts by Jo Hall