Sick of SIM box fraud? It’s time to think beyond the SMS Firewall

How many SIM cards do you own? Most likely one, maybe two.

So why did Comfort Gbedebo need 8,600?

The Ghanaian police wanted to know. So they raided her flat to find out. The answer surprised no one: she was a fraudster.

More precisely, a SIM box fraudster.

SIM box fraud is a particular type of scam – also called interconnect bypass fraud – designed to rob mobile networks of the legitimate income they earn from overseas message traffic.

Here’s how SIM Box fraud works.

Fraudsters (or their partners) sell bulk international messages for a premium rate that reflects the true cost of carrying this traffic. Then they intercept these messages and route them using IP (or some other method) to the destination country for little or no cost.

There, they receive the messages to a SIM box. This is a piece of hardware that can house thousands of prepaid SIM cards from a variety of MNOs.

Fraudsters use these SIMs to send on the messages to their final destination at cheap local rates. They then pocket the difference between the money they get in (premium international tariffs) and the money they pay out (local fees).

Regrettably, SIM box fraud is not a new problem (Gbedebo was arrested in 2016). And it’s not going away either. Buying a SIM Box has never been easier. Criminals can now purchase the kit from online stores, watch tutorials, visit forums and even get customer support from dubious vendors.

For MNOs, the primary impact of SIM Box fraud is financial. It represents a significant chunk of the money lost to illegitimate traffic every year. Indeed, when market analyst Mobilesquared surveyed 66 MNOs in 2020, it found that one-fifth of them believed they had lost between 15 and 20 percent of their revenue to fraud.

But it’s not just about money. SIM Box traffic can be slow and of poor quality, which prevents operators and enterprises from meeting service level agreements and trashes the customer experience.

So, what’s to be done?

Well, the traditional approach to fight against SIM boxes is to deploy an SMS firewall. This is a technology that monitors the SMS traffic in an MNO network, identifies illegal A2P traffic, and blocks it.

By setting rules within the SMS firewall to filter the traffic, MNOs can prevent network abuse and allow only billable ‘white’ route traffic.

SMS firewalls do good work. But they are not the perfect answer. It costs a lot of money and time to install an SMS firewall. MNOs need investment, specialised resources, A2P messaging expertise, and legal/regulatory know-how to deploy them. As a result, not every MNO is monetizing A2P SMS effectively.

Moreover, the fraudsters are getting smarter. They have developed strategies to avoid detection by firewalls. Some even allocate a proportion of their SIM Box cards to be deliberately identified to make the MNOs believe they are winning – and then reduce their anti-fraud activities.

So is there a simpler and cheaper alternative/complement to the firewall?

Yes there is. Many MNOs are now investigating the use of their firewall activities in combination with Network Penetration Testing (NPT).

NPT allows the MNO to track precisely how A2P traffic is terminated – and thereby identify any revenue leaks impacting the network. An NPT project will study all traffic to see where the sender’s ID or the content of the message has been modified. It can also help to determine the base station where a SIM box is located, and extract SMS traffic from that specific station.

Finally, it will combine all this intelligence to create a profile that can identify SIM cards that display similar behaviours.

It’s a manual task, but it can be very effective if performed correctly. After all, the MNO can repeat the process according to the available resources, and then track any improvement over time.

So, who does this network penetration testing?

The question of who provides NPT is important. Often it’s the messaging aggregators themselves – and there are some obvious flaws with this approach.

Firstly, most aggregators can only test their own routes. This gives them a limited view of the traffic running across the global networks.

Second, in a small number of cases, there is a conflict of interest. It might suit an aggregator to overlook bypass activity if the fraud contributes to its own margins.

At GTC, we have the advantage of being entirely neutral. We track traffic via multiple providers. And we have no incentive to massage the data.

We take NPT very seriously, and we’ve thought hard about all the cheats and workarounds that mask the true results.

Regrettably, fraudsters will always be out there, devising new workarounds. Traffic monitoring and network testing can’t completely stop them. But it can quickly sniff out and snuff out their scams. 

Bad news for the likes of Comfort Gbedebo who, we hope, now owns 8,599 fewer SIM cards than she did in 2016.

Global Telco Consult (GTC) is a trusted independent business messaging consultancy with deep domain knowledge in application-to-person (A2P) services. GTC provides tailor-made messaging strategies to enterprises, messaging service providers, operators and voice carriers. We have expertise in multiple messaging channels such as RCS, Viber, WhatsApp, Telegram and SMS for the wholesale and retail industry.

GTC supports its customers from market strategy through service launch, running the operations and supporting sales and procurement. The company started in 2016 with a mission to guide operators and telcos to embrace new and exciting opportunities and make the most out of business messaging. For more information or industry insights, browse through our blog page or follow us on LinkedIn.

Any questions?