I’ve been kept busy with TADHack and TADSummit through October, so we’ve had a break from the podcasts. But we’re getting back into them and today we are talking with Muhammad Wahab Sultan (Wahab).
He’s a great supporter for the work we’re doing in helping the industry understand the reality of CPaaS. Wahab has been educating me on the reality of the frauds committed across Africa and Asia. We’ve been rather western centric so far, and not appreciating the center of CPaaS fraud is shifting.
Wahab is a test engineer that now consults to the A2P industry. In his experience, if there is an exclusive hub connected to the carrier, then most probably there will be AIT on the network. If there are preferred partners, not exclusivity, then AIT is less likely. In The Honest CPaaS Review, that was one of our recommendations – use multiple partners to keep hubs (CPaaS) honest.
The exclusive CPaaS partner has to use AIT to hit the agreed revenue targets. It’s important to remember AIT is customer theft, and theft where the perpetrator does not get caught. Its theft that has been running for almost one decade.
There remains finger pointing on who is a fault, the carrier, the brand, the CPaaS. The entity doing the theft is the CPaaS. As Daniel Gill explained, we’re 20 years late on introducing certification and governance in SMS that would have closed this issue down.
This is not a poor little CPaaS being bullied by a carrier into committing customer theft. It is their choice, and as Wahab points out, the carrier chooses not to look into what is going on. It’s like the delayed / ignored blood test to determine your cholesterol level, there’s no cholesterol issue if you do not test.
When a CPaaS claims they can double the A2P traffic for the carrier, there is no questioning of how that is even possible. Ignorance in bliss! With that said, a few carriers are taking control as I’ve explained with BT Group, T-Mobile US, Deutsche Telekom, 3UK and many others in creating islands of honesty. BUT it’s a handful of carriers versus the 1650 MNOs and MVNOs shows we have a massive hill to climb.
Wahab links the extremity of the AIT situation to the COVID crisis which drove traffic (2020-2022) and CPaaS accelerated the feeding frenzy. But after the pandemic, the decline was much less than anticipated, due to AIT.
Johnny pushes on the carrier culpability. Carriers know what’s going on, and the work of the carriers mentioned above show they are taking action. BUT many carriers have been slow to act. Here the failure of the industry bodies in exposing the truth and forcing customer-centric action has been evident. Codes of conduct mean nothing, and should not have been signed in the first place.
Johnny and Wahab then discuss the relative sizes of Vox Solutions and GMS. An important point is CPaaS often run multiple A2P networks, an official one that’s generally clean but not too clean, and multiple that run fraudulent traffic. Twitter has suffering an annual loss of $60M, and there are thousands of brands. There’s billions being made from fraud to fund multiple networks.
Johnny and I get into a tussle on AIT can not stop. DT could say, our price is X, if you are offered less, please let us know as it means someone is commiting fraud. Published pricing can help reduce fraud. A2P assurance, governance, and certification can confirm good routes.
Brands do pay more, they’ve moved to WhatsApp, though WhatsApp is now cheaper for conversations, it’s still slightly more per message compared to SMS. It’s easy to make the claim, we can’t do anything except robbery to make CPaaS work. That is not true, and carriers can interconnect islands of honesty, fine and then kick out any CPaaS that does not abide by their terms and conditions. This could shift the fraud away from some regions or countries.
You can see Wahab found himself in the middle of a spirited discussion.
Across some countries in Asia and Africa, villages can be used to generate organic AIT (hard to detect). Unfortunately, lack of regulation means organized crime tends to get involved. But for some villages it does enable them to feed their families.
Wahab shared how AIT fraud is possible using a $2 TV screen to generate thousands of 2FA on Netflix. There are remedies such as having a back off time from the first OTP request of 5 mins, then 7 hours, and then account blocking for a few weeks. A coordinated approach to fraud blocking is possible.
There remains the privacy issue of AIT, Wahab was clear, that’s a Western-only problem.
Wahab reviewed the problems Google and Microsoft have faced in closing down fraud from Pakistan. Recently Pakistan was receiving high PayPal traffic, officially Payal is not available in Pakistan, it could be someone who spends time in the UK using PayPal in Pakistan. But the volume of transactions would be low.
Wahab was clear to try and solve the fraud over SMS, only a collective approach can work. However, even though WhatsApp is secure, carriers will send requests to CPaaS asking them to send SMS in preference to WhatsApp. As the CPaaS is dependent on carrier connections, they will comply. The telco ecosystem is hooked on SMS for the foreseeable future. Same with flash calls, carriers will block number ranges for such calls, so the CPaaS finds there is no alternative but SMS. It’s going to be around in some countries for a long time.
Jazz in Pakistan now charges around 30c (US) per A2P messaging. The average monthly wage in Pakistan is $300. That’s only 1000 A2P messages! As Robert Vis described, SMS has moved to end of life pricing. Wahab worked for Dexatel, an omni channel messaging provider in Pakistan, who refused it use AIT.
Wahab wrapped up that SMS is not going away, which means AIT is not going away. But we must take effective steps to reduce the volume. That is steps which include sanctions for customer theft.
One point we discussed before the recording that Wahab sees in the market, but we missed discussing it. A niche boutique messaging consultancy firm is trying to make some sense of the situation by being neutral but is running on a treadmill thinking signing pacts will reduce AIT. It’s the same issue as codes of conducts. Actions must have consequences (financial ones, prison would be better), carriers are in the best position enact liquidated damages, and are most aligned to their customers (brands and consumers).
AIT is customer theft, where the perpetrators do not get caught.
