Key Results
Summary
SMS toll fraud was causing a rising star in global payments solutions to lose hundreds of thousands of dollars each month. With attacks quadrupling each year, the fintech company selected Arkose Labs to deploy more stringent countermeasures. Arkose Labs effectively detected, isolated and neutralized these threats, significantly cutting the costs associated with SMS toll fraud while maintaining a seamless experience for legitimate consumers.
The Business Problem
SMS toll fraud poses a significant and escalating threat to businesses, costing nearly $39 billion in 2023, according to the Communications Fraud Control Association. Data from Arkose Labs underscores the severity of the issue, indicating an unprecedented surge in such attacks. Specifically, SMS toll fraud saw a 386% increase in the first half of 2023 compared to previous periods. Often, businesses are unaware of the problem until they experience symptoms like increased registration abandonment.
A rapidly expanding global payments fintech was facing this critical and escalating business challenge. SMS toll fraud was not only costing the company hundreds of thousands of dollars each month but was also increasing at an alarming rate, quadrupling year over year with no signs of slowing down. With potential annual losses running into millions, the company’s extensive operations across several countries introduced additional complexity due to varying regulatory and technological landscapes.
SMS toll fraud involves the exploitation of one-time passwords (OTPs) for financial gain. In this sophisticated scheme, attackers acquire phone numbers from colluding carriers that offer expensive SMS services. By initiating OTP requests through these numbers, the payments company was charged for illegitimate premium SMS services, with the profits then split between the attackers and the complicit carriers.
The primary challenge for the business was distinguishing legitimate customer registrations from fraudulent ones. Initially, the company relied on basic bot mitigation systems and downstream mitigation tactics. However, these measures proved insufficient, often either blocking legitimate sign-ups or allowing fraudulent ones to slip through, thereby harming the customer experience and the company’s financial health.
The Arkose Labs Solution
In response to these sophisticated SMS cyberattacks, the company implemented the Arkose Labs holistic solution. Arkose Bot Manager is a dynamic bot detection and mitigation platform designed to identify and manage bot- and human-driven fraud and abuse. Monitoring more than 125 risk signals, it uses advanced device and behavior fingerprinting technologies that help detect and stop fraud attempts before they can make an impact. By continuously analyzing traffic patterns and device behavior, Arkose Bot Manager can identify anomalies indicative of automated bots and manual human fraud farm attempts, and it includes an adaptive challenge-response suite to determine the authenticity of a user interaction.
After the implementation of Arkose Bot Manager, there was a significant and immediate drop in SMS requests, confirming the success of the countermeasures. Over time, bogus registration attempts also showed a steady decline, underscoring the long-term effectiveness of the implemented solutions. Here’s how it played out.
Initially, Arkose Bot Manager deployed basic challenges to filter out automated attacks. However, the bad actors quickly adapted, employing machine learning techniques to solve these challenges. Recognizing this, Arkose Bot Manager escalated the complexity of the challenges to a level that was resistant to machine-learning attacks, thereby nullifying this tactic.
The attackers then shifted to using human solvers from fraud farms. Arkose Bot Manager detected this shift in activity patterns to slower, more human-like interactions, raising the alert of unusual behavior. The Arkose Labs SOC team then adjusted the strategy to include more nuanced, behavior-based challenges that were resistant to human fraud efforts, effectively mitigating this threat.
This adaptive response not only neutralized the attack but also demonstrated the robust capability of Arkose Bot Manager to dynamically respond to evolving threats across different levels of sophistication.
Throughout the attack, the efficacy of the responses was clearly observable through the changes in SMS request volumes and registration rates in the following graph. It visually captures the impact of each strategic shift, showcasing a direct correlation between the bot management platform’s interventions and the decrease in fraudulent activities.
Demonstrated Results
The implementation of Arkose Bot Manager proved to be highly effective, demonstrating material results immediately upon going live. Within the first 3 days, there was a marked 70.2% reduction in SMS triggers. This immediate and substantial decrease highlights the effectiveness of the bot management solution in mitigating unwanted traffic and potentially fraudulent activity.
The financial implications of these results are substantial. The fintech company achieved an estimated annual savings of up to $3.7 million. This range indicates the potential variability in savings, depending on factors such as fluctuating SMS costs and the volume of prevented fraudulent transactions.
- Estimated savings of up to $3.7M from SMS spend on an annualized basis
- Near-immediate 7o.2% reduction in overall SMS volume
- 99.9% success rate in stopping sophisticated SMS toll fraud attacks
- Improved detection of malicious traffic while generating a positive ROI
Book a Meeting
Meet with a fraud and account security expert
