Not a flash in the pan; authentication challenges threaten SMS revenues


The rapidly proliferating practice of flash authentication is making call authentication, the mechanism that verifies the origin of a call, problematic. That’s because flash represents a serious threat to operator revenues.

More than a spoof; a growing problem for operators

Call authentication is designed to make the practice of spoofing – the preferred method used by scammers and robocallers to mask their true identities – a lot more difficult to engage in. For the call recipient, identifying a spoofed number is at best difficult (if not near impossible) and means that they can’t necessarily trust what the caller ID says when a phone call is received.

There are, of course, standard methods of authentication that mitigate the effectiveness of spoofing but these, such as SMS verification, One-Time Passcode (OTP), email verification OTP, callback, PIN or verbal passcodes, and others add a layer of complexity to the authentication process.

Authentication in a flash

Now, there’s a new fly in the authentication ointment: flash calling. This is a process through which users’ profiles are verified via a simple phone call. Rather than, for example, a user inputting a code manually that was delivered by SMS for authentication, flash calls use the last few digits of a phone number for authentication. This simplicity is attractive, and flash is fast becoming the most popular way to leverage phone numbers as a method of identifying users for brands and enterprises.

Up to a point, the idea behind flash – using mobile connections for authentication purposes – is nothing new. SMS has long been used by enterprises in this way. But the emergence of flash calling is a new and highly disruptive trend in the domain of authentication. Flash calling is quick and inexpensive for the user. But it’s a potentially big problem for service providers as there is no common legacy structure to bill or invoice a missed “flash” call. There’s also (generally) no infrastructure in place to determine which traffic is A2P or P2P via the originating identity. And, of course, there’s the ever-present threat of fraud.

The flash authentication market projected to reach 128 billion calls by 2026: for operators that’s a serious threat to SMS revenues

Worse, flash authentication is a problem that isn’t going away. A new study predicts that flash calling has the potential to threaten a significant part of operators’ SMS business messaging revenue. Juniper predicts that the number of calls used for flash authentication will near 130 billion globally by 2026, rising from less than 60 million in 2021. That’s a heady growth rate!

In dollar terms, this represents an urgent issue. Juniper concludes that authentication-based SMS revenue will reach $39 billion globally in 2022, representing 5% of total operator-billed revenue all of which flash places user threat. With more and more enterprises directing authentication traffic to voice, operators must find ways to protect SMS revenues by being able to detect unmonetised flash calling and thereby creating flash calling revenue streams.

If market demand for simpler authentication processes that reduce friction drives increased market demand for flash calling authentication in the future, then do operators have any choice but to act? For the enterprise, lower termination costs, user-friendly interfaces, and reduced risks of fraud make flash an attractive proposition, so the answer for operators is almost certainly “no. We have to act now”.

For network operators, there are challenges ahead

If flash calling looks a lot like the land of milk and honey for enterprises, for network operators the reverse may be true. A range of problems may about. For one, as flash authentication proliferates, attempts by fraudsters to disguise A2P traffic as P2P traffic in order to get better deals on their calls is likely to increase.

But what to do? As most MNOs do not presently have the technology required to identify and charge Flash Calls, they will have to take other steps quickly to protect their revenue streams, particularly if as Juniper’s research suggests, the volume of flash calling authentication for A2P voice with respect to A2P authentication increases over 25 times between the years 2022 and 2025.

Given the drivers, for network operators actions need to be taken quickly before the threat to revenue increases. And make no mistake, it will increase. IoT devices and 5G network rollout are likely to spur the flash authentication market even in the short term, in both developed and developing regions. Examples of why abound. For instance, the registration process for popular services such as WhatsApp are simplified by the implementation of flash call verification methods. The booming rate of adoption rate of smart devices will almost certainly further drive the shift.

Failing to act on fraud isn’t an option

With revenues under threat, network operators and telecommunications service providers can’t afford to sit on their hands. They must protect both their own interests and those of their customers by tackling in the former case the challenge of monetising flash authentication and, in the latter, the burgeoning threat of fraud, immediately. In the latter case, it’s inevitable that losses will increase as fraudsters become more sophisticated unless operators take aggressive steps now to counter their activities.

All of this means that for telcos, as flash proliferates, identifying and deploying the right technology from the right partner is critical. In the domains of both authentication and fraud prevention, one example of a platform that’s proven to make a significant difference comes from Utel.

If we can reasonably conclude that operators must ramp up their response efforts to better protect their revenue streams as well as users of their services in the face of the boom in flash authentication, then the time to discuss and understand the challenges and requirements of an effective strategy is now.  If you’d like to do so with the experts at Utel who are responsible for developing and delivering a platform that’s already delivering results, please get in touch.