Combatting AIT: Key learnings from Mobilesquared, Enea, and global enterprises

In recent years, Artificial Inflation of Traffic (AIT) has cast a shadow over the messaging ecosystem, leaving brands grappling with inflated costs and diminished trust.

AIT is a type of SMS fraud that generates high volumes of fake Application-to-Person (A2P) SMS traffic through mobile applications or websites. It distorts metrics and misleads everyone involved, from operators, to SMS service providers, to brands, and consumers.

Commonly, AIT is caused by scammers who create bots that requests large numbers of one-time password (OTP) requests to be sent via SMS to mobile numbers, without actually being delivered to an end user, and leaving application owners to pay the bill.

In this article, we’ll summarize key findings about the prevalence and impact of AIT from a February 2024 report from Mobilesquared and Enea called “A2P SMS Under Siege.” We’ll also share two stories of global enterprises fighting back against AIT and discuss future steps to protect the messaging ecosystem.

Let’s dive into four key findings from the report about how AIT is changing the way brands use messaging.

Finding 1: International termination rates (ITR) are on the rise

Over the last two years, international termination rates (ITR) have doubled. For clarity, ITR refers to the fee paid by one telecommunications carrier to another for terminating international calls on its network – essentially, it’s the charge incurred when a call originates in one country and terminates in another.  

The report found how much mobile operators have substantially increased their ITRs since 2021, specifically:  

• One quarter of mobile operators have upped their ITR by up to 49%.
• One fifth of MNOs increased their ITR by 50% to 100%.  
• More than one-third of MNOs increased their ITR by more than 100%.  

These increases in ITR have created a challenging environment for brands, particularly in regions where rates are already above average. And to add to this, many AIT attacks are being carried out precisely in these markets. 

Finding 2: OTPs are in high demand, creating a perfect avenue for AIT

SMS is a perfect channel for sending OTPs because consumers expect to receive these messages within seconds. SMS offers a level of reliability for sending OTPs that’s unmatched by any other communication channel because of its reach and immediacy.

According to the report, OTPs now constitute approximately 89% of total international traffic. Given that OTPs are primarily sent via international routes, brands must pay existing ITRs to ensure delivery.

When it comes to trends that define AIT, Lee Suker, Head of Authentication and Number Information at Sinch, says it best.

“It can take just one bad actor to disrupt parts of the mobile ecosystem and generate fake SMS OTP traffic. And the longer the chain of trust, the more opportunities there are for bad actors to take advantage of this system. Ultimately, this is an issue for the whole industry.” – Lee Suker, Head of Authentication and Number Information, Sinch

Finding 3: AIT is everywhere

The increase in ITRs and the number of brands that are sending OTPs via international traffic has created a “perfect storm” scenario for AIT. And it’s cause for significant concern.  

According to the report, over the last 24 months, AIT has emerged as the foremost threat to the monetization of A2P SMS, more so than even grey routes. Here are a few more of their findings:  

• Between 19.8 billion and 35.7 billion fraudulent AIT messages were sent in 2023 alone, constituting a significant chunk of total international traffic – nearly 5%.  
• AIT cost brands a staggering $1.15 billion in 2023 alone, illustrating its substantial financial ramifications. 

Furthermore, brands have been compelled to escalate spending on international traffic over the last couple of years, with expenditures ranging from 10% to 40% above the expected market growth rate. This spending is highlighting the need to address the threat of AIT to secure the messaging ecosystem.

Finding 4: AIT has hit its peak

The report presents that AIT had its peak in 2023, having a projected cost of $655.6 million in 2024. The cumulative impact of AIT from 2022-2024 is estimated to be around $2.4 billion.  

At the same time, brands are exploring other channels, like WhatsApp, in-app push notifications, and email. This may have to do with higher termination rates and the conversational nature of these channels. 

But when it comes to SMS, the report details, brands are going direct to mobile operators to strike long-term, fixed rate, A2P deals. This confirms that SMS remains in their long-term plans.

Here’s how brands are being strategic to navigate the evolving landscape of SMS while also combatting AIT.

While the report paints a growing picture of the impact of AIT on brands, big enterprises are stepping up to tackle AIT head-on. Understanding the critical importance of SMS, these brands implemented anti-bot protection and partnered with Sinch to proactively monitor conversions using both manual and automated methods.

How a global e-commerce business combats AIT

One global e-commerce company offers a compelling example of combatting AIT. They partnered with Sinch and started with manual detection methods, blocking suspicious traffic from going to specific destinations or based on volumetric alerts. Eventually, they transitioned to an automated AIT detection and prevention system which analyzes traffic patterns and identifies statistically unlikely activity within specific number ranges and destinations.  

As a result, they achieved significant results in combatting AIT. From May to December 2022, the company blocked 9.2 million AIT SMS messages, saving approximately $806,000.  

Building on this success, they estimate savings of around $5 million from January to October 2023. This case shows how being proactive can really make a dent in the financial impact of AIT.

Example of a last-mile delivery company combatting AIT

Noticing severely inflated traffic and low conversion rates with their previous CPaaS provider, a popular last-mile delivery company found itself at a crossroads. They decided to transition from their previous provider to Sinch, aiming to address the signs of AIT they saw head-on.  

They configured automated blocking rules designed to limit abnormal traffic behavior for all types of numbers and restore their messaging operations.  

Their switch had great results: When they compared traffic data, they realized they’d been experiencing 2.7 times more traffic than their actual volume due to AIT. And by migrating to Sinch Verification with automatic blocking rules, they achieved a remarkable 70% reduction in the number of SMS verification attempts globally.

Combatting AIT is a shared responsibility of the messaging ecosystem, from brands, to aggregators, and mobile operators. Our experience has shown the most successful businesses effectively combat AIT by partnering with a provider that has robust detection and mitigation strategies in place, like:  

• Automated AIT detection: The provider should have automated mechanisms that monitor conversion rates and trigger an alert when conversion percentages drop below expected norms.  
• A process in place on how to handle detected AIT: They should have a clear, standardized process for handling detected AIT instances. This includes protocols for investigation, escalation, and resolution.  
• A plan to block identified AIT based on country tier: They should have a structured plan to block AIT on destination network level and MSISDN range level.  

At Sinch, we prioritize combatting AIT and have implemented comprehensive measures to address this challenge. Our approach includes:  

• Having a zero-tolerance approach to AIT: This means that any instance of AIT is swiftly identified and dealt with.  
• Partner agreements: We uplift partner agreements to address AIT.  
• Routing strategy to exclude fraudsters: Our routing strategy is designed to exclude fraudsters to keep our network as clean as possible.  
• Proactive traffic monitoring: We proactively monitor traffic to identify abnormal usage patterns and inform clients if we detect it.   
• Over 600 direct carrier connections: With over 600 direct carrier connections to operators, we maintain a clean ecosystem and minimize opportunities for third parties to benefit from fake traffic.  

Join us in the fight against AIT. Learn more about our approach to SMS fraud and how we’re helping to safeguard the integrity of the messaging ecosystem.