In Podcast 93 we reviewed AIT (Artificially Inflated Traffic) from an independent perspective. Feedback was complementary on the openness, depth, breadth, and forward looking discussion on the threat that is AIT to the whole ecosystem.
We reviewed the ecosystem, the responsibilities, what can and can not be done to enable compliance.
A common refrain from people who attend SMS industry events is the public discussion is on managing AIT. While the private discussions are focused on generating AIT. Should there be a code of conduct at events? But how can it be enforced? The sponsors paying the event organizers are in control?
We see that across many events, where notorious AIT generators present on how enterprises can protect themselves from AIT. We covered in Podcast 93 how enterprises are not in a position to protect themselves, they have no metrics, there is no governance. Codes of conduct do not work, they are window dressing.
Daniel raised the idea of independent certification bodies could hold CPaaS to account, like ISO, GDPR, etc. Kevin explained at MEF discussions on certification, with 28 people in attendance, the discussion always stalled on who pays? Especially as A2P SMS is a leaky bucket with many ways to introduce AIT and other gray traffic.
Daniel raised the idea of a push:pull model. With an accreditation certification from an independent audit. Or perhaps brands could publish their internal accreditation, like BT’s traffic light system with its A2P partners. But then other businesses could ride off their investment, so they will likely keep it private.
Google and Facebook are responsible for about half the A2P traffic. Because SMS lacks governance they can not audit the supply chain. Hence why Google has led passkey adoption to move their customers away from A2P SMS. Google in particular is a “telco”, they dominate RCS, employ the smartest people in the industry, so likely already have an AIT strategy. The challenge is letting SMS die on the vine is in their best interests, given RCS and WhatsApp. Perhaps this is too negative an opinion?
The core elements of the ecosystem are Brands (Google and Meta (WhatsApp) are a special case as they are telcos), CPaaS, and Operators (Telcos).
The biggest risk with the biggest fines is exposure of consumer data. As Daniel mentioned that last week. Perhaps this should be the focus to motivate action?
There is a geographic diversity. In North America, within the next 3-5 years, RCS is likely to dominate with Google in control, with the cooperation of carriers. Remember, Google has suffered at the hands of CPaaS AIT, so their trust will be low with that part of the messaging ecosystem.
Can shame be a driver? Unlikely. Elon Musk shamed the industry, they shrugged and continued with AIT.
Kevin described the 3 channels: RCS (small but growing), SMS (decline by volume, static by revenue for now), and WhatsApp (growing).
The fraudsters call their category SMS Monetization, e.g. SMS firewalls. The commercial deals for SMS firewalls usually end up with the highest bidder, who use AIT to make that deal possible. Telco commercial decisions are not in the best interests of their operations.
BT’s lead in owning their firewall, an enforceable code of conduct, in addition to many other process has enabled a positive impact. Though it takes time to build out the carrier route, and the GSMA will likely add politics into the mix. Making coordination even slower.
This was an excellent review of the problem space. Next we’ll map it out and see if there’s a way to use consumer privacy as a driver, or perhaps Google/Meta could be motivated into action, or some of the other ideas mentioned. The answer is not easy, the current situation is unacceptable, and inaction accelerates the decline of SMS, and brings more focus on how to bring fraud into RCS and WhatsApp.
5 thoughts on “Podcast 94: Truth in Telecoms, What to do about AIT, Kevin Graham and Daniel Gill”