Understanding AIT Fraud and Its Impact

Welcome to another MEF webinar. Thanks for joining us today. Today we're going to have a very interesting topic, AIT Fraud, which stands for Artificially Inflated Traffic. Here with me to help me explore and uncover and this. topic is uh uro mija topic he's the vp of operation at mito uh thanks for joining us today um just before i go into the agenda and what we're going to cover today uh again my name is matt ikram i'm actually based in washington dc uh i'm one of the mea content director uh you know here and then um um you know before joining mef i spent about 20 years in messaging in many many of the messaging companies both in the US and globally. So happy to lead this conversation with Uros and maybe I'll let Uros introduce himself. Thank you, thank you Matt and again thank you for inviting me and having me on this very interesting webinar. As said my name is Uros Mijatovic, I'm VP of Business Operations here at Mito. I've been in the industry for around 15 years. Most of the time in the industry, in messaging industry, I spent around the security use cases, which coincided well with one of the things I'm focusing here in METO in the past two years since I joined, is around how we are coping, how we are fighting against this AIT trend. We're going to speak in more depth today. So, yeah, greetings from... Today very sunny and hot Belgrade, Serbia where I'm based. I hope everyone else is having at least similar weather and in advance to apologize for my a bit of a rough English as it's not my first language and also to underline this is also my first webinar so yeah I hope it will go smooth and easy as we move forward. So far so good, Uros, and I think you're just a natural to this. So just to recap, I mean, the title of this webinar is Combating AIT Fraud and How Business Can Prevent Loss. So in this, just to kind of give you an idea of what we will cover, I think Uros will help us understand AIT fraud, what it is, and why it's a growing concern for businesses across industries. How does it impact businesses? and how AIT fraud can affect operations and profitability. And what are the tools today, advancement to detect and prevent AIT fraud. And then I think we would love to hear from Mito, some of the example learning practice that, from Mito, on how you are adapting to this and other telco frauds with insights and real world example. So maybe the first question for Uros is, could you explain what is AIT fraud and why it has become a significant concern for Bitcoin today? Yeah, so yeah, it's a good way to start just from just explaining what it is. AIT is just an acronym which got widely adopted throughout the time as people are realizing the nature of this type of the fraud. There's also AGT, Artificially Generated Traffic, so we can call it in different ways, but essentially it's as any other type of fraud, it has financial benefit and unfortunately it reached very concerning levels in recent years. In essence, it's an abuse of two-factor authentication mechanism and SMS as widely adopted medium which again gained popularity for this use case. So, throughout the time, again, throughout my experience, more and more traffic was actually going to serve 2FA or one-time passwords compared to some other use cases. So, different technologies maybe took over some of the use cases where SMS remained pretty sticky as most the most deliverable, most available medium to deliver these critical one-time passwords leveraging again the mobile technology and also it I mean With more adoption of application, again, the use case grew in volume and more and more money was involved and as more money gets involved, there's always emerging trends of people trying to abuse. So it will always going to be, I'll say thieves and cops games between thrusters and people fighting against it. And AAT is no different compared to other types of the fraud. With one, I see. Big problem is that, again, it emulates regular end user behavior. So it's not someone compared to, let's say, phishing attacks, where someone needs to send a bulk of messages expecting a percentage of people will get caught, needs to invest money into actually sending those messages. And those messages can be distinguished with access to the content or also by some filtering. Here the message is completely the same as any other legitimate message. It came from the same customer from which every day we are getting the regular OTP codes. So that's why it's very hard to cope with this fraud. And to be very frank and direct, there is no silver bullet solution on the market. So whoever tells otherwise is not really genuine. if there was, whoever would have 100% bulletproof solution would really kill it, but no. And what we're going to talk about through the next topics is what are the different tactics that could be deployed in order to minimize the damage, to minimize the sheer volume of these attacks. Just a bit of the story, again, from my experience, I remember a case of one... Eurasian country, big Eurasian country, like I think eight years ago when I first encountered this type of the attack. So again, we were at that my position was a messaging company focused on the OTP use case where conversion ratio is the primary factor of how we were tracking quality combined with other parameters. But also it is a parameter that algorithmic customers are using in order to give different players different share of their volume for the country. So basically your price and your quality is measured by the conversion ratio. So the used PIN codes that were sent were granting you either primary position with 80% of the traffic, 90% of the traffic, or you just get the failover of a couple of percent. So we were fighting very heavily in order to come to the first place. Even again, at that moment, making losses using the direct connect. connectivity to all of the operators, but we were unable to get the traffic because our quality was at moments way below to whoever the competitor was. So that got us scratching our head what could be going on because there's nothing more we could do to improve the quality and we already went with the price pretty aggressive. And actually we then also, I mean, we're getting the information, the quality, which was worse. So how can someone be better? and not by a couple of percent but almost by double figures of it. And then after further analyzing we saw that at moments of time we would get an influx of the traffic from the customer, all going to bad numbers, which of course because they're bad numbers we were tracking with different tools they could never be converted. So our conversion ratio was going from 82, 83 I don't know at that moment to something like 50, 60. And of course At that same moment, the competitor was getting conversion ratio of 90 something percent, meaning in one way or another, they were able to convert traffic codes going to bad numbers. So essentially that was again the first moment I realized what type of the fraud we are fighting against. It's pretty new to us and only limited to few destinations. And it was not that present elsewhere in that sense. So again, this is something that happened eight years ago and we didn't saw again that happening too often to too many places. However, in past three years it's just going insane. So combining the increase of the price for SMS to different markets with likely greed from the companies I mean, speaking about bad players who got infiltrated somewhere in the delivery chain, all that came to this moment where we are speaking about a very serious threat to sustainability of the businesses and products. So that's, I think, why it's important for all of us to speak about this topic and to come together to find ways how we can, again, help, in the first place, our customers, but also to help ourselves to have... a sustainable business for the long term. Maybe I went too far with just this historical part, but again, another thing that makes it really complex in the fight against it is that it really comes in many different flavors from very basic attacks that can be detected as they will be concentrated around particular prefix ranges, prefix ranges belonging to some of the operators which don't really have end users or prefix ranges which are not allocated for actual retail service. So all of these can be easily distinguished, let's say. So they're easy to spot if you have at least some level of sophistication and experience in the area. To a very sophisticated attacks, similar to one I was mentioning before, where on top the final goal is not only to gain the revenue through the flow which is generated, but rather to use the fraud in order to get competitive advantage against your competitor, either in existing business with algorithmic customers, or in order to win a deal, to ruin the reputation of someone else. So again, the spectrum is really wide. And that's why different tactics are needed to be deployed in order to cope with those different flavors. in different, most effective ways. Well, thanks, Ruiz. That's a very, very detailed description. And you kind of cover a lot there. So I want to move on to the impact on businesses. So maybe my next question is, can you share taking the challenges and the vulnerability and the issues impacting telecom operators in general? when it comes to AIT fraud. Could you share some examples of how AIT fraud has impacted businesses and what kind of losses are typically involved? Yeah, it's a good question. Also, I mean, I could spend a couple of hours speaking about it, so I'll try to be as concise as possible. I mean, the number one is just impact to our customers. So the companies that are using this service of 2FA to authenticate their users, to ensure their users are real people and not bots. And we're talking about, in the first place, of course, financial damage. So it's very different for maybe a big enterprise which could get this 1% maybe incremental. expense under revenue versus a small like mom and pop shop, let's say in UK, which suddenly after paying one year each month invoice of 300 euros for their needs, suddenly need to pay an invoice of 50,000 euros for sending traffic to Indonesia where they have zero business. So in first place, We're talking about a long and lengthy dispute process. We are talking about, again, fake accounts that can be then resold on the black market versus for these small companies, it's something that they cannot pay because it will ruin their business. And again, it's our duty to avoid that, of course, from happening. As at the end of the day, we are the ones exposed also financially throughout this happening. So speaking about, I mean, I cannot speak about exact names, of course, for contractual reasons, but we are easily speaking about, in some cases, I could see like five-figure losses, five-figure Euro loss in a day for a particular brand. And again, that's only a small part. I'm seeing for the share of traffic we are getting directly or indirectly. So the magnitude of this, I'm afraid, is much higher. Again, not to speak about particular nations, but anecdotically from conversations I'm having with my peers at different companies, in some places, it's easily five-folding or even ten-folding the traffic for a period of time for a brand. So, yeah, we're speaking about a lot of the financial losses there that can be bigger or smaller pain, depending again on the size. of the customer but again also we are speaking about using this for different purposes as like reputational attack so someone can orchestrate this around stealing a customer because the thing about this fraud one of the problems is it really doesn't require much in quote unquote investment to orchestrate so you're speaking about creating a bot you or having a group of people creating scripts that are again abusing this 2FA service from on the enterprise portal let's say directly so they're not spending any money to orchestrate the attack in the worst case they don't earn anything in best case they're positioned in a train where they will get the money but again because it doesn't require any investment it's easily for someone to orchestrate that create reputational damage for someone and coming again with a solution. Hey, I heard that you got attacked, you lost so much money, I can help you with this. So I think that's another big problem that can hurt us in this business. Also, when it comes to questions like why is the telecom sector more damaged here, especially, I mean, we are in our industry, this traffic is again by many means, emulates the real user behavior. By our contracts, we are not allowed to stop any of that. And I mean, we are, by contracts, especially coming in the wholesale, we are obliged to process all the traffic coming. So that's why it makes it even harder to address in that way. So, I mean, long story short, the biggest impact here is the financial one and following ones could be reputational and also security what i forgot to mention again the same mechanism as it's being used for this type of the fraud can also be unfortunately used for account takeover so it does represent also that risk to to enterprises instead of again using the maximum from this channel to to protect their customer base to assure these real people unfortunately leave this this mechanism leaves back door for account account takeover uh that could happen so magnitude of the risk and only benefit for small number of companies that are orchestrating these types of the of the attacks great so i think maybe going down to a specific type of business in your experience i mean you mentioned about you know a one-time password which is a typical traffic you know it's used across different businesses vertical today especially with sms so but you know what are your thoughts about the type of businesses that are most at risk of failing victim to ait fraud uh so i mean it's it's literally everyone is exposed uh depending again from how much they are aware of this threat and how many preventative measures they have taken in order to again reduce the impact of it. So it's not less of a risk for some of the biggest global social metrics compared to a small enterprise let's say in Sweden or Norway or Canada. So whoever didn't take all necessary measures to start with to really focus the use case for focus the reach speaking with their service enabler like we are so to again limit the access for only particular countries where they actually have the user base is open to get a i mean attack globally on the other side there's be global global global players do have traffic everywhere and for them it's a big risk not to have too many false positives by going too far with measures to prevent it. So they could be losing real users by getting too strict. with measures to prevent again even in good traffic they would usually send. So it's all across the place and I mean and also anecdotally and what I heard is even for some big companies if this was not going so crazy they will actually report the growth of their user base in different countries. So then you also had a conflict within those companies between anti-fraud team, let's say, who wants to prevent all of that fake account creation, and marketing team who needs to grow the user base in particular countries. So that's why it's a key that both of those departments are working closely with companies like VR to help them to find some rational place how to impose measures. to both mitigate the fraud but also to enable the legitimate growth of the user base. Perfect. So now that you've talked about the what and the why, let's maybe discuss how. What are some of the tool strategies that can be used to detect AIT fraud before it causes significant damage here? It's a great question, as it is like, what's the secret of Coca-Cola recipe, right? So again, I'm joking, but I can share to some extent, not to the very detail, as that would be our secret sauce, of course. But again, there is no single thing that you can apply that's going to cover all. It's all about applying as many layers of different approaches that you can. that will help each one of them will bring a particular impact to helping to mitigate with it. So that's where we are throughout our experience and I think what makes us unique here is our positioning in the value chain because we are both connected to, I mean, the biggest enterprises globally directly and we are servicing their traffic. directly. So there's no one in between us and them. Also, we are connected to a big number of mobile operators. And then also we have that luxury of not having anyone downstream where we need to have such a setup. And we are long time, I mean, the bread and butter of Mito starting was in the wholesale industry. So we are connected to most, I would say vast majority of the players. We can pick up different trends, again, coming directly from enterprises, coming from the wholesale community, and all of that combined with experience of people we have and being also very, let's say, lean and mean and agile company, we can adapt to trends as we are noticing them. So with all that said, we have built tools that can help us to detect these anomalies very fast. And based on that, we have also developed some level of automation. So I won't be lying here that we have advanced AI that catches everything and that's super powerful. No, we want to be there, but we're not there yet. And we are investing in the way how we can improve our automation, as that's required to cope with just more and more sophistication of these attacks. But we have very, let's say, precise alerting and also 24-7 attention from experienced people in the shift. So they will be noticing any anomalies that we are detecting pretty fast. I could say that pretty much within a couple of minutes we could detect an anomaly or after 200 messages, 500 messages, depending again on the sophistication of the attack, we are able to detect it and to either engage in automation we already had, again, depending on previous experience of years of particular destination, or to engage into further investigation and forensics in shortest time possible to validate is that false positive or that's indeed a very high probability of attack being orchestrated. And depending again on the customer in question. With some, we have arrangements that we only inform them about it and we leave to them to respond in the fastest way possible. With some, we do have arrangements that we can block such an instance and let them know what's being done so they can further investigate and validate. So all of these efforts helped us really to reduce occasions we are seeing a lot. especially this year compared to previous year as we really focused on this as we saw that that can be a value proposition to the market. We made a lot of improvements here and most of let's say low to higher medium level of sophistication we are effectively mitigating in very short period of time. Again nothing can be 100% but we are able to very early detect it and address such occasions. And again, it can be the thing that the attack, I'll say, quote-unquote cost 500 euro if we didn't address it together with the customer it could have easily been 50,000 euro. So it's not just about how much it was mitigated by the moment we addressed it. It's also a question how big that would be if we didn't react. So I think that's the goal. We want to minimize the time to reaction as, again, due to the nature of it, how this is blended in with organic and legitimate traffic, you can never address 100% of it unless you will also be damaging that legitimate flow. So again, it's constantly evolving approach from our side. we are striving for more and more automation, but I don't think we'll ever be able to replace a human element that is more aware again of what could be happening in the market. Also, I mean, another thing that we are doing as we are tracking all of these occasions, we know by using which type of the routes or names there are more occasions like this and where we have less. So we will be also like. having a yellow red card approach and if we see that placing traffic in a particular aggregator causes more instances to come, we might have higher suspicion that some, not again not pointing fingers at anyone, but that someone maybe down the chain of their delivery could be infiltrated by the orchestrator and by again in some cases just by switching the route the attack stops. So in different approaches here can help, but all needs to be well orchestrated within the team, also with our customers. Constantly also educating them about different things they could be doing, what we could be doing for them, as basically we are all working for the same goal. And that's to mitigate these things. Again, it could be damage to their budget. or it could be our exposure that at the end we won't be able to recover the damage that we will be getting here. So I think that's another way to say, coupled with all of these analytical tools that we're having, that we're using in automated, semi-automated or manual fashion, another great way to... Mitigating these attacks is what we saw is using our mobile intelligence service that helps us validate active versus inactive users. So that alone, in different cases, helped maybe to 90% of attack being mitigated, not by imposing any blocking of the traffic law, even though customer may have allowed us to. So rather by having the number flagged, it's invalid. So there's no way that... invalid number has asked for OTP code. So that's definitely one of the most successful, most automated tactics that's actually a part of traditional SMS delivery. Okay, perfect. So I want to shift gears about some of the, you know, you mentioned about, you talked about tools, strategies, looking at anomalies, you know, but I think also as a business How do you, I mean, are there emerging trends in AIT prod that businesses should be aware of? I mean, what are your thoughts on that? Yeah, definitely. As I said, the complexity is in the wide spectrum. from very basic. What I could say from my experience, let's say this year compared to previous years, is that there's more hit and run attacks. So generally, OTP traffic comes into a stream within business hours of the destination country. That's where users actually do authenticate themselves. what we were seeing more this year compared to previous years is that there'll be a bulk attempt. So someone noticed that people are reacting within a couple of minutes, let's say, within half an hour, and detecting the anomaly. So instead of trying to emulate stream with a higher volume, they basically just spam with 50k requests. And I mean, that's easily solvable working with a customer to limit basically the throughput for this traffic as it should not be coming in that highway. But again, something I'm seeing more and more that's, again, we are addressing by very simple tools, but it's happening more than before. And also moving from attacking particular ranges, as I said, that's as that's. relatively easy to notice and address. We see that there's more attacks where particular numbers are requesting OTP codes multiple times per day. Those numbers are not positioned in particular prefix that's then easy to spot rather in very different number ranges, each number with many attempts. So again, with the approach we were having before that was slipping under. But then of course, it took us long to find that and again to deploy different tactics together with the customer to limit the number of OTP calls that should be allowed for a number to request as for the legitimate users. And again, as I said, it's a lot of work educating customer and helping them to educate them about how they can do better together with us so that jointly as a team we mitigate these attacks. And again, process is getting smarter and smarter. Even in such occasions again where for a particular brand that we are working, we're helping them to block it. It's interesting that as compared to before, as soon as it's blocked after like two messages and stuff. So whoever is orchestrating is also monitoring what is happening much closer in this sense. So one thing is for sure, this is going to keep evolving as thrusters will always try to way how to outsmart people fighting against it. And that's, again, why we always also need to improve in our approach. our tech needs to outsmart them. So it's always going to be, let's see, a bit of a race. But then again, the best thing we could do is to keep our pace with that and to continue working with our customers to ultimately, again, protect this product and sustainability for everyone in the ecosystem. Great. So, yeah, I mean, I think the notion that, you know, we just have to be... Yeah, that's... the fraudster, I guess we call them, getting smarter and finding all kinds of loopholes. And, you know, and of course, the ecosystem, you know, including Mito and others need to just get smarter and work together, collaborate, you know, partner both, you know, with other, your mobile operators and your customers to be able to achieve it. But I, so on that note, I want to kind of... maybe go specifically on what Mito is doing. Maybe you can give some example use cases. How are you addressing the issue of AIT fraud? And maybe what makes your approach unique? I mean, maybe there are multiple approaches out there, but what makes your approach unique in the industry? Again, as we are in a position in the value chain is what does again makes us not completely unique but we do stand from the rest of the herd together with other players which might be similar. I think we are much more agile as just an organization. So we are not too big, too inert. We are not too small that we don't have capacity. I think we are running at appropriate capacity as a company, but also without having to suffer from too big of an organization. So we can easily internally adapt to different approaches, build new stuff that needs to be built in order to address emerging trends as we see them. So from the point we see a new type of the... attack happening and once we figure what do we need to address it effectively, it doesn't take too long for us to have that in place and deployed in order to protect against the trend. So I think that's the part maybe of the secret sauce that we have, coupled with very experienced team members which are working here, which are very very good at figuring out the ways once we see the advanced attack happening, figuring out the ways how we can mitigate it. And of course, as I said, all of these tools, alerting and everything we built is part of the story. The other part is also as our mobile intelligence is really state of the art in terms of capabilities, platform itself and how we are using that in very automated fashion for the traffic to mitigate things in the fastest way possible as they are happening even before some of the alerting kicks in. Good. So, yeah, so on that, I mean, you mentioned about the fraudsters are changing and they're constantly evolving. Yeah. yeah tactics and so so um so for me too i mean um i know you talk about you know you have the right capacity uh the agility to address this but what are the what are the other ways that you guys are staying ahead of these constantly evolving tactics used by frost i think experience experience and experience. It's all about it. I can say I'm personally also very operationally involved in this together with the people from the team. Even though I'm a VP of a part of an organization, I'm also working together closely with both of our support, our routing team and our anti-fraud team. We are all working closely together to address everything that's ... that's happening and joining all of our brains together to find the most creative way how we can adapt in order to address this part of same, I mean, how say, similar people elsewhere but with different ethical standards and different motivation in order to... it's yeah just a game of cups and thieves in that sense. So they're gonna keep evolving, we're gonna keep evolving. They have only financial reward as a motivation, we also have as a motivation that we are working together with our customers that helps us to have a very strong value proposition that helps us also stand better compared to... most of other legitimate players out there. So this trend is not happening from the most of the people in the value chain in this industry. So to be super clear about it, vast majority of the companies are against it. We are talking about small group of companies that found a way how to infiltrate either in very big organization or within the value chain. of the delivery and to get financial reward and they don't really care about sustainability. They just care about getting as much money as possible in shortest time possible. So yeah, we're speaking about again different motivation and I'm sure as all other trends do appear reach maximum and disappear that it's gonna happen the same with this trend. I just hope by the time it does. reached its minimum from what could be here speaking about maximum that we don't destroy the product, that we don't destroy the confidence from companies using this service in this medium for what's really designed to be in the best possible way to help their business. Okay so I think I'm gonna just pause here and maybe see if we have any questions so let me look at the chat here the Q&A side. Actually we do have one question so let me read that out. to you, Uros. How is the level of IAT correlated with SMS pricing and exclusivity deal destination? That's a pretty loaded question, but I'll let you answer that. That's actually a very good question and I would say it's highly correlated. As we are, again, being very closely involved myself and I can see the different trends at different destinations. First of all, as I already mentioned at the beginning of the talk, as the price of SMS was rising to the levels we see today, which are order of magnitude higher to what it used to be before, the reward was much bigger and bigger for the companies, fraudsters to start organizing this. We don't see this happening in some of the cheapest determination countries in the world. I didn't saw AAT happening, let's say, in Colombia. In Colombia, there's different fraud that's happening because it's one of the cheapest nations. There's a lot of phishing fraud because you don't need to spend much money to send a bulk of messages and hope, again, for a percent of users to catch it, right? So it's very low investment in that sense, but still some investment. But there's also close to no reward for orchestrating artificial inflated traffic attack on something that's very cheap. So... highly correlated with the price of destinations, price of the market, and that's again where we see the most of coming. As SimpleMath does say, if process inflated 1 million messages in Colombia versus Indonesia, there's a whole lot of different reward coming from the attack. However, interesting part as well is related to the associated destinations, as again, And those were one of the main drivers also for the price of SMS going up. And we would often see an influx of attacks happening at moments where there's a change in exclusivity partner and particular operators. Again, we can only see to the share of traffic we will be getting either from our direct enterprises or from the wholesale, so it does not represent the full picture. But again, if we see that correlation only on a part of the traffic that we are processing, I'm sure there's much more of it happening in total. So we only see a part of the picture and it's not happening at all sub-destination, but I could see a correlation of that for sure. And I mean, as all other players here, Mito is also participating in RFPs opened by mobile operators for exclusivity partner that will help them to capture all of the traffic that's on the market. And to be very honest, we are coming in with our offers which are in the realm of reality, what's possible, what really exists in the market. Because nowadays there's not, let's say, compared to eight years, ten years ago, where most of the traffic was going through grey routes and the biggest opportunity in this exclusivity business was actually to monetize, to block all of the grey routes and put that into monetized flows. Nowadays, most of the traffic is already in monetized flows. It's pretty much known what's the customer base of the operators, what's realistic traffic flowing in the market and in that sense what would be the profitable or at least bad main breaking even figure for RFP. And unfortunately, to our surprise, we are in some cases not even getting shortlisted as someone is coming swinging with multiple, multi-hire offer in that sense. So that directly indicates that there might be fall attentions. from someone who came with that offer, as well maybe, how to say, silent acceptance from operator not to support but to be okay with someone coming with that offer and either burning a lot of money or maybe trying to pull a lever of this behavior in order to move that moves the deal to profitability yeah yeah yeah exactly so um let's see i was actually i have a question as i'm thinking about this topic uh we haven't touched on regular regulation or regulatory or their involvement i mean any uh i mean you know when it comes to fraud and fraudster and and and you know and financial damages do you i mean do you have an opinion about you know what or if you see any regulations or regulatory or any kind of around this or is it still that just no nothing that could penalize anybody who misbehave I guess. So again to be honest to my own awareness I haven't heard anyone being penalized by any of regulatory body or even by some of the again organization. The only penalization happening in the process might be to is to enterprises who are paying the bill or if they refuse to pay the bill by whoever in the value chain is the closest to the one who also doesn't want to pay. So financial damages are there and that's the price being paid by everyone except the who orchestrated the attack to be fully honest. But regulation play a big part is also in fact in some markets regulation does prohibit anyone to be positioned as such player as exclusive gateway. Let's say mostly in EU countries. And there's definitely much less of these attacks happening in such occasion because no one is granted to be positioned in such way. I would have big... from GSMA and organizations like, I mean, I know, I mean, at MEF, we are speaking now about a topic, which is great. However, at the end of the day, regulators within the country should have a big saying in how they can help in order to stop this. Because again, it's in everyone's best intention who is into this business legitimately and on a long run to stop this happening. And... Again, we can speak to the length of how we can have technical approaches here to mitigate, ideally prevent, which might not be possible, but at the end of the day, I think the whole everyone needs to come together and in some way or form squeeze out what could be the bad seeds of the industry and in only that way I think we can prevent this type of fraud happening. And I think to your point, you made a point earlier that you know it's not that majority of the players are good at you know providing, doing the best they can and you know following the you know their best practice and but there's only like a few so I think if we can if regulation can help to remove some of these few bad actors that would actually help. also you guys mitigate this problem significantly. So I think it's not like we have to cut the whole industry in a way, but it's just trying to put a position to specific providers that are using it and probably doing it, getting away and doing it again and again because they are never getting penalized and never got caught to do this. So I think that's probably the message. Correct, yeah. Uros, I think we kind of lost you, but... Uros, can you hear me? Okay, so I guess we have a technical... So what I want to do is just... Oh, there you are. Yes, there you go. Luckily it's now. Almost had a session, not before. No worries. So I think what we're going to do... I'm just going to kind of do a big... conclusion and maybe your last thoughts about what will be your takeaway to the audience and to the industry, to the ecosystem in general. So I'll just summarize some of the key things that we covered today. You mentioned about what is AIT fraud, understanding that telecom sector is particularly vulnerable to AIT fraud compared to other type of industries. what is the impact on businesses, what are the losses, financial reputation. security in general. And then, you mentioned some of the tools and strategies that can be used today to detect AIT fraud before it becomes significant damage. Some of the emerging trends, for example, the hit and run, you mentioned that a lot of the, some of these players, they hit and run and then they moved on to other routes or other region or other ways to do this. And then you also talk about what is Mito doing? How are you approaching this problem? What makes your solution unique? And how are you constantly evolving to the head of tactics used by fraudsters? So we cover all that today. And I know you've talked a lot, but maybe you have, what are your takeaway for the audience? Your message, if you have something to summarize. I mean, I think we covered well to the timing availability we had. Topic is pretty complex, deep and definitely it could have lasted for many hours if we really want to dig into the details. So, I mean, the whole message is like everyone should be trying the best to do their part to mitigate this. I don't want to point any fingers and I will not mention names, but again, from my personal experience. It's almost obvious where it's happening more often by using against some suppliers, where it's not happening at all. It's pretty stable. So we should, as a community, come to the point where some measures are taken against such players for, again, for just the sake of this industry and product sustainability. So, I mean, I'm going to all of the biggest conferences, so whoever would like to have deeper talk in all this. approach me, they can reach out to my LinkedIn, we can always get a call. So I want, I want, I mean, just to have as a fact that Mito, me at Mito and Mito as a company is fighting against it. And we are more than willing to partner with everyone else who wants to do the good thing about preventing this, this, this fraud from happening. Yes, perfect. So on... on the MEF side, I just want to share actually we MEF provide or produce an anti-fraud yearbook. So we have released an MEF anti-fraud yearbook 2024. You can go to our website and download it. I believe it's free. So you just have to put your name, address and phone number, your email and company name to download that and I might even share you the the the screen of that so if you can see it so you can find this on our website this MAF anti-fraud yearbook and obviously we do have events programs such as this across the globe and anti-fraud is always a session that we produce that we that seems to generate some of the most interesting conversation And I think part of what you're saying, Uro, this is just a landscape that's changing. And, you know, and I think there's always tactics and, you know, we, and I think the industry and ecosystem has to be on top of this. So again, so again, just to repeat, you can download the MEF Anticorps Yearbook 2024. Just go to the website and then you should be able to find that. on our website or you can contact me for that. And I think to summarize, I do want to thank tremendously Uros and Mito for sharing this session, providing your insight. And again, so thank you again. And please, I think... part of the what i want to say is that you know i mean rose you are available so anybody who has who wants to kind of continue the discussion learn about uh the topic address look at what they can do they can obviously contact you directly and to and reach out to you and uh get continue this conversation so i would say with that i would say again thank you again uh this has been very informative, very insightful for all of us. On behalf of MEF, I again want to thank Uros and Mito for sharing your expertise and spending an hour with us. And with that, I bid goodbye to everybody and have a good rest of your week. Bye, everyone. Thank you. Bye-bye.

Welcome to another MEF webinar. Thanks for joining us today. Today we're going to have a very interesting topic, AIT Fraud, which stands for Artificially Inflated Traffic.

Here with me to help me explore and uncover and this. topic is uh uro mija topic he's the vp of operation at mito uh thanks for joining us today um just before i go into the agenda and what we're going to cover today uh again my name is matt ikram i'm actually based in washington dc uh i'm one of the mea content director uh you know here and then um um you know before joining mef i spent about 20 years in messaging in many many of the messaging companies both in the US and globally. So happy to lead this conversation with Uros and maybe I'll let Uros introduce himself.

Thank you, thank you Matt and again thank you for inviting me and having me on this very interesting webinar. As said my name is Uros Mijatovic, I'm VP of Business Operations here at Mito. I've been in the industry for around 15 years.

Most of the time in the industry, in messaging industry, I spent around the security use cases, which coincided well with one of the things I'm focusing here in METO in the past two years since I joined, is around how we are coping, how we are fighting against this AIT trend. We're going to speak in more depth today. So, yeah, greetings from... Today very sunny and hot Belgrade, Serbia where I'm based. I hope everyone else is having at least similar weather and in advance to apologize for my a bit of a rough English as it's not my first language and also to underline this is also my first webinar so yeah I hope it will go smooth and easy as we move forward.

So far so good, Uros, and I think you're just a natural to this. So just to recap, I mean, the title of this webinar is Combating AIT Fraud and How Business Can Prevent Loss. So in this, just to kind of give you an idea of what we will cover, I think Uros will help us understand AIT fraud, what it is, and why it's a growing concern for businesses across industries.

How does it impact businesses? and how AIT fraud can affect operations and profitability. And what are the tools today, advancement to detect and prevent AIT fraud. And then I think we would love to hear from Mito, some of the example learning practice that, from Mito, on how you are adapting to this and other telco frauds with insights and real world example. So maybe the first question for Uros is, could you explain what is AIT fraud and why it has become a significant concern for Bitcoin today?

Yeah, so yeah, it's a good way to start just from just explaining what it is. AIT is just an acronym which got widely adopted throughout the time as people are realizing the nature of this type of the fraud. There's also AGT, Artificially Generated Traffic, so we can call it in different ways, but essentially it's as any other type of fraud, it has financial benefit and unfortunately it reached very concerning levels in recent years. In essence, it's an abuse of two-factor authentication mechanism and SMS as widely adopted medium which again gained popularity for this use case. So, throughout the time, again, throughout my experience, more and more traffic was actually going to serve 2FA or one-time passwords compared to some other use cases.

So, different technologies maybe took over some of the use cases where SMS remained pretty sticky as most the most deliverable, most available medium to deliver these critical one-time passwords leveraging again the mobile technology and also it I mean With more adoption of application, again, the use case grew in volume and more and more money was involved and as more money gets involved, there's always emerging trends of people trying to abuse. So it will always going to be, I'll say thieves and cops games between thrusters and people fighting against it. And AAT is no different compared to other types of the fraud. With one, I see.

Big problem is that, again, it emulates regular end user behavior. So it's not someone compared to, let's say, phishing attacks, where someone needs to send a bulk of messages expecting a percentage of people will get caught, needs to invest money into actually sending those messages. And those messages can be distinguished with access to the content or also by some filtering. Here the message is completely the same as any other legitimate message. It came from the same customer from which every day we are getting the regular OTP codes.

So that's why it's very hard to cope with this fraud. And to be very frank and direct, there is no silver bullet solution on the market. So whoever tells otherwise is not really genuine.

if there was, whoever would have 100% bulletproof solution would really kill it, but no. And what we're going to talk about through the next topics is what are the different tactics that could be deployed in order to minimize the damage, to minimize the sheer volume of these attacks. Just a bit of the story, again, from my experience, I remember a case of one...

Eurasian country, big Eurasian country, like I think eight years ago when I first encountered this type of the attack. So again, we were at that my position was a messaging company focused on the OTP use case where conversion ratio is the primary factor of how we were tracking quality combined with other parameters. But also it is a parameter that algorithmic customers are using in order to give different players different share of their volume for the country. So basically your price and your quality is measured by the conversion ratio.

So the used PIN codes that were sent were granting you either primary position with 80% of the traffic, 90% of the traffic, or you just get the failover of a couple of percent. So we were fighting very heavily in order to come to the first place. Even again, at that moment, making losses using the direct connect. connectivity to all of the operators, but we were unable to get the traffic because our quality was at moments way below to whoever the competitor was. So that got us scratching our head what could be going on because there's nothing more we could do to improve the quality and we already went with the price pretty aggressive.

And actually we then also, I mean, we're getting the information, the quality, which was worse. So how can someone be better? and not by a couple of percent but almost by double figures of it. And then after further analyzing we saw that at moments of time we would get an influx of the traffic from the customer, all going to bad numbers, which of course because they're bad numbers we were tracking with different tools they could never be converted.

So our conversion ratio was going from 82, 83 I don't know at that moment to something like 50, 60. And of course At that same moment, the competitor was getting conversion ratio of 90 something percent, meaning in one way or another, they were able to convert traffic codes going to bad numbers. So essentially that was again the first moment I realized what type of the fraud we are fighting against. It's pretty new to us and only limited to few destinations.

And it was not that present elsewhere in that sense. So again, this is something that happened eight years ago and we didn't saw again that happening too often to too many places. However, in past three years it's just going insane. So combining the increase of the price for SMS to different markets with likely greed from the companies I mean, speaking about bad players who got infiltrated somewhere in the delivery chain, all that came to this moment where we are speaking about a very serious threat to sustainability of the businesses and products.

So that's, I think, why it's important for all of us to speak about this topic and to come together to find ways how we can, again, help, in the first place, our customers, but also to help ourselves to have... a sustainable business for the long term. Maybe I went too far with just this historical part, but again, another thing that makes it really complex in the fight against it is that it really comes in many different flavors from very basic attacks that can be detected as they will be concentrated around particular prefix ranges, prefix ranges belonging to some of the operators which don't really have end users or prefix ranges which are not allocated for actual retail service. So all of these can be easily distinguished, let's say.

So they're easy to spot if you have at least some level of sophistication and experience in the area. To a very sophisticated attacks, similar to one I was mentioning before, where on top the final goal is not only to gain the revenue through the flow which is generated, but rather to use the fraud in order to get competitive advantage against your competitor, either in existing business with algorithmic customers, or in order to win a deal, to ruin the reputation of someone else. So again, the spectrum is really wide.

And that's why different tactics are needed to be deployed in order to cope with those different flavors. in different, most effective ways. Well, thanks, Ruiz.

That's a very, very detailed description. And you kind of cover a lot there. So I want to move on to the impact on businesses.

So maybe my next question is, can you share taking the challenges and the vulnerability and the issues impacting telecom operators in general? when it comes to AIT fraud. Could you share some examples of how AIT fraud has impacted businesses and what kind of losses are typically involved?

Yeah, it's a good question. Also, I mean, I could spend a couple of hours speaking about it, so I'll try to be as concise as possible. I mean, the number one is just impact to our customers. So the companies that are using this service of 2FA to authenticate their users, to ensure their users are real people and not bots.

And we're talking about, in the first place, of course, financial damage. So it's very different for maybe a big enterprise which could get this 1% maybe incremental. expense under revenue versus a small like mom and pop shop, let's say in UK, which suddenly after paying one year each month invoice of 300 euros for their needs, suddenly need to pay an invoice of 50,000 euros for sending traffic to Indonesia where they have zero business.

So in first place, We're talking about a long and lengthy dispute process. We are talking about, again, fake accounts that can be then resold on the black market versus for these small companies, it's something that they cannot pay because it will ruin their business. And again, it's our duty to avoid that, of course, from happening.

As at the end of the day, we are the ones exposed also financially throughout this happening. So speaking about, I mean, I cannot speak about exact names, of course, for contractual reasons, but we are easily speaking about, in some cases, I could see like five-figure losses, five-figure Euro loss in a day for a particular brand. And again, that's only a small part.

I'm seeing for the share of traffic we are getting directly or indirectly. So the magnitude of this, I'm afraid, is much higher. Again, not to speak about particular nations, but anecdotically from conversations I'm having with my peers at different companies, in some places, it's easily five-folding or even ten-folding the traffic for a period of time for a brand.

So, yeah, we're speaking about a lot of the financial losses there that can be bigger or smaller pain, depending again on the size. of the customer but again also we are speaking about using this for different purposes as like reputational attack so someone can orchestrate this around stealing a customer because the thing about this fraud one of the problems is it really doesn't require much in quote unquote investment to orchestrate so you're speaking about creating a bot you or having a group of people creating scripts that are again abusing this 2FA service from on the enterprise portal let's say directly so they're not spending any money to orchestrate the attack in the worst case they don't earn anything in best case they're positioned in a train where they will get the money but again because it doesn't require any investment it's easily for someone to orchestrate that create reputational damage for someone and coming again with a solution. Hey, I heard that you got attacked, you lost so much money, I can help you with this. So I think that's another big problem that can hurt us in this business.

Also, when it comes to questions like why is the telecom sector more damaged here, especially, I mean, we are in our industry, this traffic is again by many means, emulates the real user behavior. By our contracts, we are not allowed to stop any of that. And I mean, we are, by contracts, especially coming in the wholesale, we are obliged to process all the traffic coming.

So that's why it makes it even harder to address in that way. So, I mean, long story short, the biggest impact here is the financial one and following ones could be reputational and also security what i forgot to mention again the same mechanism as it's being used for this type of the fraud can also be unfortunately used for account takeover so it does represent also that risk to to enterprises instead of again using the maximum from this channel to to protect their customer base to assure these real people unfortunately leave this this mechanism leaves back door for account account takeover uh that could happen so magnitude of the risk and only benefit for small number of companies that are orchestrating these types of the of the attacks great so i think maybe going down to a specific type of business in your experience i mean you mentioned about you know a one-time password which is a typical traffic you know it's used across different businesses vertical today especially with sms so but you know what are your thoughts about the type of businesses that are most at risk of failing victim to ait fraud uh so i mean it's it's literally everyone is exposed uh depending again from how much they are aware of this threat and how many preventative measures they have taken in order to again reduce the impact of it. So it's not less of a risk for some of the biggest global social metrics compared to a small enterprise let's say in Sweden or Norway or Canada.

So whoever didn't take all necessary measures to start with to really focus the use case for focus the reach speaking with their service enabler like we are so to again limit the access for only particular countries where they actually have the user base is open to get a i mean attack globally on the other side there's be global global global players do have traffic everywhere and for them it's a big risk not to have too many false positives by going too far with measures to prevent it. So they could be losing real users by getting too strict. with measures to prevent again even in good traffic they would usually send. So it's all across the place and I mean and also anecdotally and what I heard is even for some big companies if this was not going so crazy they will actually report the growth of their user base in different countries. So then you also had a conflict within those companies between anti-fraud team, let's say, who wants to prevent all of that fake account creation, and marketing team who needs to grow the user base in particular countries.

So that's why it's a key that both of those departments are working closely with companies like VR to help them to find some rational place how to impose measures. to both mitigate the fraud but also to enable the legitimate growth of the user base. Perfect.

So now that you've talked about the what and the why, let's maybe discuss how. What are some of the tool strategies that can be used to detect AIT fraud before it causes significant damage here? It's a great question, as it is like, what's the secret of Coca-Cola recipe, right? So again, I'm joking, but I can share to some extent, not to the very detail, as that would be our secret sauce, of course.

But again, there is no single thing that you can apply that's going to cover all. It's all about applying as many layers of different approaches that you can. that will help each one of them will bring a particular impact to helping to mitigate with it. So that's where we are throughout our experience and I think what makes us unique here is our positioning in the value chain because we are both connected to, I mean, the biggest enterprises globally directly and we are servicing their traffic.

directly. So there's no one in between us and them. Also, we are connected to a big number of mobile operators.

And then also we have that luxury of not having anyone downstream where we need to have such a setup. And we are long time, I mean, the bread and butter of Mito starting was in the wholesale industry. So we are connected to most, I would say vast majority of the players. We can pick up different trends, again, coming directly from enterprises, coming from the wholesale community, and all of that combined with experience of people we have and being also very, let's say, lean and mean and agile company, we can adapt to trends as we are noticing them. So with all that said, we have built tools that can help us to detect these anomalies very fast.

And based on that, we have also developed some level of automation. So I won't be lying here that we have advanced AI that catches everything and that's super powerful. No, we want to be there, but we're not there yet.

And we are investing in the way how we can improve our automation, as that's required to cope with just more and more sophistication of these attacks. But we have very, let's say, precise alerting and also 24-7 attention from experienced people in the shift. So they will be noticing any anomalies that we are detecting pretty fast.

I could say that pretty much within a couple of minutes we could detect an anomaly or after 200 messages, 500 messages, depending again on the sophistication of the attack, we are able to detect it and to either engage in automation we already had, again, depending on previous experience of years of particular destination, or to engage into further investigation and forensics in shortest time possible to validate is that false positive or that's indeed a very high probability of attack being orchestrated. And depending again on the customer in question. With some, we have arrangements that we only inform them about it and we leave to them to respond in the fastest way possible.

With some, we do have arrangements that we can block such an instance and let them know what's being done so they can further investigate and validate. So all of these efforts helped us really to reduce occasions we are seeing a lot. especially this year compared to previous year as we really focused on this as we saw that that can be a value proposition to the market.

We made a lot of improvements here and most of let's say low to higher medium level of sophistication we are effectively mitigating in very short period of time. Again nothing can be 100% but we are able to very early detect it and address such occasions. And again, it can be the thing that the attack, I'll say, quote-unquote cost 500 euro if we didn't address it together with the customer it could have easily been 50,000 euro.

So it's not just about how much it was mitigated by the moment we addressed it. It's also a question how big that would be if we didn't react. So I think that's the goal.

We want to minimize the time to reaction as, again, due to the nature of it, how this is blended in with organic and legitimate traffic, you can never address 100% of it unless you will also be damaging that legitimate flow. So again, it's constantly evolving approach from our side. we are striving for more and more automation, but I don't think we'll ever be able to replace a human element that is more aware again of what could be happening in the market. Also, I mean, another thing that we are doing as we are tracking all of these occasions, we know by using which type of the routes or names there are more occasions like this and where we have less.

So we will be also like. having a yellow red card approach and if we see that placing traffic in a particular aggregator causes more instances to come, we might have higher suspicion that some, not again not pointing fingers at anyone, but that someone maybe down the chain of their delivery could be infiltrated by the orchestrator and by again in some cases just by switching the route the attack stops. So in different approaches here can help, but all needs to be well orchestrated within the team, also with our customers.

Constantly also educating them about different things they could be doing, what we could be doing for them, as basically we are all working for the same goal. And that's to mitigate these things. Again, it could be damage to their budget. or it could be our exposure that at the end we won't be able to recover the damage that we will be getting here.

So I think that's another way to say, coupled with all of these analytical tools that we're having, that we're using in automated, semi-automated or manual fashion, another great way to... Mitigating these attacks is what we saw is using our mobile intelligence service that helps us validate active versus inactive users. So that alone, in different cases, helped maybe to 90% of attack being mitigated, not by imposing any blocking of the traffic law, even though customer may have allowed us to. So rather by having the number flagged, it's invalid. So there's no way that...

invalid number has asked for OTP code. So that's definitely one of the most successful, most automated tactics that's actually a part of traditional SMS delivery. Okay, perfect. So I want to shift gears about some of the, you know, you mentioned about, you talked about tools, strategies, looking at anomalies, you know, but I think also as a business How do you, I mean, are there emerging trends in AIT prod that businesses should be aware of?

I mean, what are your thoughts on that? Yeah, definitely. As I said, the complexity is in the wide spectrum. from very basic.

What I could say from my experience, let's say this year compared to previous years, is that there's more hit and run attacks. So generally, OTP traffic comes into a stream within business hours of the destination country. That's where users actually do authenticate themselves.

what we were seeing more this year compared to previous years is that there'll be a bulk attempt. So someone noticed that people are reacting within a couple of minutes, let's say, within half an hour, and detecting the anomaly. So instead of trying to emulate stream with a higher volume, they basically just spam with 50k requests.

And I mean, that's easily solvable working with a customer to limit basically the throughput for this traffic as it should not be coming in that highway. But again, something I'm seeing more and more that's, again, we are addressing by very simple tools, but it's happening more than before. And also moving from attacking particular ranges, as I said, that's as that's. relatively easy to notice and address. We see that there's more attacks where particular numbers are requesting OTP codes multiple times per day.

Those numbers are not positioned in particular prefix that's then easy to spot rather in very different number ranges, each number with many attempts. So again, with the approach we were having before that was slipping under. But then of course, it took us long to find that and again to deploy different tactics together with the customer to limit the number of OTP calls that should be allowed for a number to request as for the legitimate users. And again, as I said, it's a lot of work educating customer and helping them to educate them about how they can do better together with us so that jointly as a team we mitigate these attacks. And again, process is getting smarter and smarter.

Even in such occasions again where for a particular brand that we are working, we're helping them to block it. It's interesting that as compared to before, as soon as it's blocked after like two messages and stuff. So whoever is orchestrating is also monitoring what is happening much closer in this sense. So one thing is for sure, this is going to keep evolving as thrusters will always try to way how to outsmart people fighting against it. And that's, again, why we always also need to improve in our approach.

our tech needs to outsmart them. So it's always going to be, let's see, a bit of a race. But then again, the best thing we could do is to keep our pace with that and to continue working with our customers to ultimately, again, protect this product and sustainability for everyone in the ecosystem. Great.

So, yeah, I mean, I think the notion that, you know, we just have to be... Yeah, that's... the fraudster, I guess we call them, getting smarter and finding all kinds of loopholes. And, you know, and of course, the ecosystem, you know, including Mito and others need to just get smarter and work together, collaborate, you know, partner both, you know, with other, your mobile operators and your customers to be able to achieve it. But I, so on that note, I want to kind of...

maybe go specifically on what Mito is doing. Maybe you can give some example use cases. How are you addressing the issue of AIT fraud?

And maybe what makes your approach unique? I mean, maybe there are multiple approaches out there, but what makes your approach unique in the industry? Again, as we are in a position in the value chain is what does again makes us not completely unique but we do stand from the rest of the herd together with other players which might be similar.

I think we are much more agile as just an organization. So we are not too big, too inert. We are not too small that we don't have capacity.

I think we are running at appropriate capacity as a company, but also without having to suffer from too big of an organization. So we can easily internally adapt to different approaches, build new stuff that needs to be built in order to address emerging trends as we see them. So from the point we see a new type of the...

attack happening and once we figure what do we need to address it effectively, it doesn't take too long for us to have that in place and deployed in order to protect against the trend. So I think that's the part maybe of the secret sauce that we have, coupled with very experienced team members which are working here, which are very very good at figuring out the ways once we see the advanced attack happening, figuring out the ways how we can mitigate it. And of course, as I said, all of these tools, alerting and everything we built is part of the story.

The other part is also as our mobile intelligence is really state of the art in terms of capabilities, platform itself and how we are using that in very automated fashion for the traffic to mitigate things in the fastest way possible as they are happening even before some of the alerting kicks in. Good. So, yeah, so on that, I mean, you mentioned about the fraudsters are changing and they're constantly evolving.

Yeah. yeah tactics and so so um so for me too i mean um i know you talk about you know you have the right capacity uh the agility to address this but what are the what are the other ways that you guys are staying ahead of these constantly evolving tactics used by frost i think experience experience and experience. It's all about it. I can say I'm personally also very operationally involved in this together with the people from the team.

Even though I'm a VP of a part of an organization, I'm also working together closely with both of our support, our routing team and our anti-fraud team. We are all working closely together to address everything that's ... that's happening and joining all of our brains together to find the most creative way how we can adapt in order to address this part of same, I mean, how say, similar people elsewhere but with different ethical standards and different motivation in order to... it's yeah just a game of cups and thieves in that sense.

So they're gonna keep evolving, we're gonna keep evolving. They have only financial reward as a motivation, we also have as a motivation that we are working together with our customers that helps us to have a very strong value proposition that helps us also stand better compared to... most of other legitimate players out there.

So this trend is not happening from the most of the people in the value chain in this industry. So to be super clear about it, vast majority of the companies are against it. We are talking about small group of companies that found a way how to infiltrate either in very big organization or within the value chain. of the delivery and to get financial reward and they don't really care about sustainability.

They just care about getting as much money as possible in shortest time possible. So yeah, we're speaking about again different motivation and I'm sure as all other trends do appear reach maximum and disappear that it's gonna happen the same with this trend. I just hope by the time it does. reached its minimum from what could be here speaking about maximum that we don't destroy the product, that we don't destroy the confidence from companies using this service in this medium for what's really designed to be in the best possible way to help their business.

Okay so I think I'm gonna just pause here and maybe see if we have any questions so let me look at the chat here the Q&A side. Actually we do have one question so let me read that out. to you, Uros. How is the level of IAT correlated with SMS pricing and exclusivity deal destination?

That's a pretty loaded question, but I'll let you answer that. That's actually a very good question and I would say it's highly correlated. As we are, again, being very closely involved myself and I can see the different trends at different destinations. First of all, as I already mentioned at the beginning of the talk, as the price of SMS was rising to the levels we see today, which are order of magnitude higher to what it used to be before, the reward was much bigger and bigger for the companies, fraudsters to start organizing this.

We don't see this happening in some of the cheapest determination countries in the world. I didn't saw AAT happening, let's say, in Colombia. In Colombia, there's different fraud that's happening because it's one of the cheapest nations.

There's a lot of phishing fraud because you don't need to spend much money to send a bulk of messages and hope, again, for a percent of users to catch it, right? So it's very low investment in that sense, but still some investment. But there's also close to no reward for orchestrating artificial inflated traffic attack on something that's very cheap.

So... highly correlated with the price of destinations, price of the market, and that's again where we see the most of coming. As SimpleMath does say, if process inflated 1 million messages in Colombia versus Indonesia, there's a whole lot of different reward coming from the attack.

However, interesting part as well is related to the associated destinations, as again, And those were one of the main drivers also for the price of SMS going up. And we would often see an influx of attacks happening at moments where there's a change in exclusivity partner and particular operators. Again, we can only see to the share of traffic we will be getting either from our direct enterprises or from the wholesale, so it does not represent the full picture.

But again, if we see that correlation only on a part of the traffic that we are processing, I'm sure there's much more of it happening in total. So we only see a part of the picture and it's not happening at all sub-destination, but I could see a correlation of that for sure. And I mean, as all other players here, Mito is also participating in RFPs opened by mobile operators for exclusivity partner that will help them to capture all of the traffic that's on the market. And to be very honest, we are coming in with our offers which are in the realm of reality, what's possible, what really exists in the market. Because nowadays there's not, let's say, compared to eight years, ten years ago, where most of the traffic was going through grey routes and the biggest opportunity in this exclusivity business was actually to monetize, to block all of the grey routes and put that into monetized flows.

Nowadays, most of the traffic is already in monetized flows. It's pretty much known what's the customer base of the operators, what's realistic traffic flowing in the market and in that sense what would be the profitable or at least bad main breaking even figure for RFP. And unfortunately, to our surprise, we are in some cases not even getting shortlisted as someone is coming swinging with multiple, multi-hire offer in that sense. So that directly indicates that there might be fall attentions.

from someone who came with that offer, as well maybe, how to say, silent acceptance from operator not to support but to be okay with someone coming with that offer and either burning a lot of money or maybe trying to pull a lever of this behavior in order to move that moves the deal to profitability yeah yeah yeah exactly so um let's see i was actually i have a question as i'm thinking about this topic uh we haven't touched on regular regulation or regulatory or their involvement i mean any uh i mean you know when it comes to fraud and fraudster and and and you know and financial damages do you i mean do you have an opinion about you know what or if you see any regulations or regulatory or any kind of around this or is it still that just no nothing that could penalize anybody who misbehave I guess. So again to be honest to my own awareness I haven't heard anyone being penalized by any of regulatory body or even by some of the again organization. The only penalization happening in the process might be to is to enterprises who are paying the bill or if they refuse to pay the bill by whoever in the value chain is the closest to the one who also doesn't want to pay.

So financial damages are there and that's the price being paid by everyone except the who orchestrated the attack to be fully honest. But regulation play a big part is also in fact in some markets regulation does prohibit anyone to be positioned as such player as exclusive gateway. Let's say mostly in EU countries.

And there's definitely much less of these attacks happening in such occasion because no one is granted to be positioned in such way. I would have big... from GSMA and organizations like, I mean, I know, I mean, at MEF, we are speaking now about a topic, which is great.

However, at the end of the day, regulators within the country should have a big saying in how they can help in order to stop this. Because again, it's in everyone's best intention who is into this business legitimately and on a long run to stop this happening. And... Again, we can speak to the length of how we can have technical approaches here to mitigate, ideally prevent, which might not be possible, but at the end of the day, I think the whole everyone needs to come together and in some way or form squeeze out what could be the bad seeds of the industry and in only that way I think we can prevent this type of fraud happening. And I think to your point, you made a point earlier that you know it's not that majority of the players are good at you know providing, doing the best they can and you know following the you know their best practice and but there's only like a few so I think if we can if regulation can help to remove some of these few bad actors that would actually help.

also you guys mitigate this problem significantly. So I think it's not like we have to cut the whole industry in a way, but it's just trying to put a position to specific providers that are using it and probably doing it, getting away and doing it again and again because they are never getting penalized and never got caught to do this. So I think that's probably the message. Correct, yeah.

Uros, I think we kind of lost you, but... Uros, can you hear me? Okay, so I guess we have a technical... So what I want to do is just... Oh, there you are.

Yes, there you go. Luckily it's now. Almost had a session, not before. No worries.

So I think what we're going to do... I'm just going to kind of do a big... conclusion and maybe your last thoughts about what will be your takeaway to the audience and to the industry, to the ecosystem in general. So I'll just summarize some of the key things that we covered today. You mentioned about what is AIT fraud, understanding that telecom sector is particularly vulnerable to AIT fraud compared to other type of industries.

what is the impact on businesses, what are the losses, financial reputation. security in general. And then, you mentioned some of the tools and strategies that can be used today to detect AIT fraud before it becomes significant damage. Some of the emerging trends, for example, the hit and run, you mentioned that a lot of the, some of these players, they hit and run and then they moved on to other routes or other region or other ways to do this. And then you also talk about what is Mito doing?

How are you approaching this problem? What makes your solution unique? And how are you constantly evolving to the head of tactics used by fraudsters? So we cover all that today. And I know you've talked a lot, but maybe you have, what are your takeaway for the audience?

Your message, if you have something to summarize. I mean, I think we covered well to the timing availability we had. Topic is pretty complex, deep and definitely it could have lasted for many hours if we really want to dig into the details. So, I mean, the whole message is like everyone should be trying the best to do their part to mitigate this.

I don't want to point any fingers and I will not mention names, but again, from my personal experience. It's almost obvious where it's happening more often by using against some suppliers, where it's not happening at all. It's pretty stable.

So we should, as a community, come to the point where some measures are taken against such players for, again, for just the sake of this industry and product sustainability. So, I mean, I'm going to all of the biggest conferences, so whoever would like to have deeper talk in all this. approach me, they can reach out to my LinkedIn, we can always get a call. So I want, I want, I mean, just to have as a fact that Mito, me at Mito and Mito as a company is fighting against it. And we are more than willing to partner with everyone else who wants to do the good thing about preventing this, this, this fraud from happening.

Yes, perfect. So on... on the MEF side, I just want to share actually we MEF provide or produce an anti-fraud yearbook.

So we have released an MEF anti-fraud yearbook 2024. You can go to our website and download it. I believe it's free. So you just have to put your name, address and phone number, your email and company name to download that and I might even share you the the the screen of that so if you can see it so you can find this on our website this MAF anti-fraud yearbook and obviously we do have events programs such as this across the globe and anti-fraud is always a session that we produce that we that seems to generate some of the most interesting conversation And I think part of what you're saying, Uro, this is just a landscape that's changing. And, you know, and I think there's always tactics and, you know, we, and I think the industry and ecosystem has to be on top of this. So again, so again, just to repeat, you can download the MEF Anticorps Yearbook 2024. Just go to the website and then you should be able to find that.

on our website or you can contact me for that. And I think to summarize, I do want to thank tremendously Uros and Mito for sharing this session, providing your insight. And again, so thank you again. And please, I think... part of the what i want to say is that you know i mean rose you are available so anybody who has who wants to kind of continue the discussion learn about uh the topic address look at what they can do they can obviously contact you directly and to and reach out to you and uh get continue this conversation so i would say with that i would say again thank you again uh this has been very informative, very insightful for all of us.

On behalf of MEF, I again want to thank Uros and Mito for sharing your expertise and spending an hour with us. And with that, I bid goodbye to everybody and have a good rest of your week. Bye, everyone.

Thank you. Bye-bye.

Transcript for:Understanding AIT Fraud and Its Impact

Transcript for:
Understanding AIT Fraud and Its Impact