EN
ES
  1. Home
  2. AIT Prevention

AIT Prevention

Detect and Block Artificial SMS Traffic with AI Shield

Stop sending SMS OTP to fake users

Protect revenues and restore the integrity of user acquisition and behavior analytics

See how AI Shield detects inflated SMS traffic and fake user accounts

HOW MUCH ARE YOU PAYING FOR FAKE 
USERS?

Artificial SMS Traffic Inflation, also known as Artificial Traffic Generation or SMS Pumping, is a scheme that costs 
businesses billions. Fraudsters (usually using bots) create fake accounts and generate OTPs, 2FA, and welcome 
messages to users who don’t exist. Telecom expertise and behavioral analysis can help businesses block fraudulent 
SMS and restore the integrity of their acquisition and user analytics.

  • AIT COSTS OVER $1.15 BILLION  
    EVERY YEAR DUE TO FAKE OTPs  
    ALONE

    • 30-60% of many leading brands' SMS traffic is fraudulent
    • Up to 80% of OTP requests for international business are fraudulent*


    * Mobilesquared A2P SMS Market Research Report 2023

  • AIT SKEWS USER ANALYTICS

    A growth in new users might seem like a success, but this is only the beginning of the story. When these new users fail to convert or become active, both the product and UX are called into question. Resources are allocated to solve the customer journey, but the app was never the problem.

DETECT SMS FRAUD
AND BLOCK THE BOTS

AI SHIELD FOR SMS INTEGRITY

AI Shield integrates with your SMS application via API and monitors all outgoing SMS attempts and delivery reports.

Our advanced AI detection applies behavioral analysis to SMS traffic and sends an API call for each SMS to allow legitimate SMS and block fraudulent SMS.

img
img

SIMPLE, SECURE INTEGRATION

The system can be cloud-based or on-prem for added security. AI Shield employs both self and supervised learning, becoming more efficient and effective as it learns from actual data.

The system can work inline or in parallel with other FMS and SMS systems and does not require any changes to traffic or routing.

IN SOME CASES, 60% OF ALL NEW USERS
WERE FOUND TO BE FAKE ACCOUNTS,
CREATED BY AIT SCHEMES

  • “IF YOU DON’T HAVE A PROPER FRAUD MANAGEMENT SYSTEM, YOU LACK BOTH RELIABLE PRODUCT ANALYTICS AND RELIABLE CUSTOMER ACQUISITION ANALYTICS.”

  • HIDDEN COSTS OF FAKE USERS:

    • Extra application analytics
    • OTP delivery investigation
    • Excessive testing
    • Customer journey hypothesis checks
    • Acquisition hypothesis checks

CASE STUDY

  • 150K

    A SaaS platform sending over 150K messages per month to a global user base for OTP and 2FA

  • +50%

    AI Shield detected that over half of all SMS traffic was fraudulent, generated using fake accounts

  • Є18,000

    By blocking these messages, they saved over €18,000 in the first month alone

Schedule a free assesment to see how much you could be saving

See Results Fast

  • img

    Weeks 1-2 
    Average time to set up API calls is 2 weeks

  • img

    Week 3
    PoC with AI Shield in monitoring mode to confirm results

  • img

    Weeks 4
    Active blocking delivers significant savings in SMS

  • img

    Months 2-6
    Customers frequently reach 100% ROI within the first month of active blocking

AI FOR SUPERIOR FRAUD DETECTION

Fraud detection depends on over 200 parameters that must be cross-referenced to find fraudulent patterns of activity. It is difficult and slow to do manually, and fraud experts in the IP domain seldom have the necessary expertise in telecom protocols like SS7, which is used to transmit SMS traffic.

Bad actors are constantly modifying their tactics and changing behavior to defeat firewalls and circumvent blocklists. AI, trained extensively on SMS traffic data with telecom fraud expertise, is the most effective way to detect fraudulent traffic in real time, while keeping false positives to an absolute minimum. This level of accuracy minimizes disruption to real users and ensures access for all customers in all regions.

img

LIMITS OF EXISTING APPROACHES

Current approaches to user authentication fail to address the real problem: The incentives to create fake accounts are
in the SMS, not the IP. To detect fraudulent behavior, you need telecom expertise.

Current Methods:

  • CAPTCHAs and email 2FA complicate the customer journey and add unnessesary steps to UX

  • Blocking IP/SMS per country restricts growth in potentially lucrative markets

  • Firewalls have high false positive rates and disrupt legitimate services  

  • Number validation services only detect the 25% of fraud cases that use invalid numbers  

AI Shield:

  • Invisible to the user, does not affect UX or deliverability of legitimate traffic

  • Allows granular blocking of only fraudulent activity in every country

  • Extremely accurate detection minimizes service disruption by only blocking fraudulent traffic

  • Detects fraud from both invalid numbers as well as the 75% of cases that use legitimate numbers fraudulently

USER INTERFACE AND 
REPORTING

The intuitive dashboard gives the user a clear picture of total traffic, blocked traffic, and the fraudulent charges prevented as a result of blocking.

Detailed reporting per incident is available, including fraud type, sender, destination number and network, device model and platform, and more.

img

YOU'RE IN SAFE HANDS

AB Handshake’s excellence is recognized worldwide, as evidenced by 
our association memberships in the industry’s largest communities:

INSIGHTS FROM OUR EXPERTS

Explore in-depth insights into voice traffic analysis and various telecom 
fraud types through articles from our experts:

FAQ

  • What kind of companies are affected by this fraud?

    Companies in virtually every sector can be affected by AIT. Fraudsters target apps and platforms that have high volumes of international users and use SMS for 2FA and OTP. From social media and travel apps to major banks, tech giants, and e-commerce sites, this fraud can affect nearly any large user-based business. 

  • How do fraudsters benefit from generating SMS traffic?

    The rewards are in the SMS delivery chain. SMS aggregators or other entities in the delivery chain benefit by charging to carry and terminate generated SMS traffic. Sometimes the traffic is generated using fake numbers, and therefore cannot be delivered, however another common practice is to use valid (real) numbers, and then “trash” the messages before they ever reach the recipient. The bad actor profits by charging upstream for messages that they never deliver downstream. 

  • Aren't my authentication procedures enough?

    CAPTCHAs and other validation techniques such as 2FA emails add unnecessary steps to the user experience, and are increasingly defeated as fraudsters improve their techniques. The incentives for SMS traffic inflation are in SMS and only by “following the money” can you really detect fraudulent activity effectively. 

  • Can my SMS platform protect me?

    The business model of SMS platforms and SMS aggregators is based on total traffic volumes. To put it simply: they lack incentives to detect and block SMS generation of any kind. While they may offer fraud detection, it is difficult to prove the efficacy of a carrier-based solution or the validity of the entire message chain. Carrier-neutral solutions remove the inverse system of incentives that fuel AIT in the first place.

  • Is this compliant with GDPR and user privacy standards?

    Yes. There is no need to access the content of SMS messages in order to detect fraudulent patterns. By monitoring and analyzing the behavior patterns of the messages, AI shield is able to fingerprint normal traffic fluctuations and identify artificially generated SMS. When configuring the API query, message parameters can be fully anonymized for analysis. The solution can be integrated on-prem or in a compliant or local cloud environment to comply with data privacy standards.

  • Does the API query cause latency?

    The latency added to any message delivery is milliseconds and is completely unnoticeable by the end user. Deliverability of legitimate messages is not affected by the API query. 

  • Can this solution be white-labeled?

    Absolutely. Offering fraud prevention as a service to enterprise customers creates value for app analytics, CPaaS platforms, and more. 

  • Can I use an allow-list in case of false positives?

    Fraudsters frequently use real numbers to generate fake accounts, so using standing allow lists would effectively defeat the security. Complaints about non-delivery of OTP and 2FA from legitimate users is very unlikely. 

  • Do attacks stop when blocking starts?

    Yes and no. We see that in most cases, fraudsters shift their efforts to easier targets, but leave a smaller probe campaign running. If this probe attack becomes successful, they return to a full-scale attack. It is important to maintain the deterrent in place to discourage the return of these attacks.

Ready to start? 

Book a meeting with us to find the easiest way to get started.

DISCOVER THE SYSTEM

Learn more about our solutions for mobile network operators and communication service providers.

Get in touch

Simply fill in the form below and our representative will 
answer your questions ASAP.

*
*
*
*
*
*