A global online payment company, known for its convenience and widespread acceptance by merchants, was facing significant losses due to international revenue share fraud (IRSF). Fraudsters were able to exploit a weakness in the company’s SMS validation process by collaborating with telcos and using automated bots to create accounts with phone numbers. They profited from every SMS message sent to these numbers, resulting in thousands of dollars in fraudulent SMS charges for the company. In order to protect against this type of fraud, the company implemented Arkose Labs as a protective measure in the SMS validation process.
The Business Problem
As the online payment platform gained in popularity, it became a target for frequent and significant attacks at registration and login. To protect against unauthorized access, the platform implemented the use of one-time passwords (OTPs) sent via SMS or email to verify a user’s identity during registration and login. However, attackers targeted the platform specifically to exploit the OTPs during registration, a tactic known as IRSF (also known as SMS pumping).
IRSF occurs when attackers hijack multi-factor authentication (MFA) at login or registration for financial gain. In this case, fraudsters used bots to automate attacks on digital touchpoints, such as account registrations and logins, to trigger OTPs to premium numbers, earning a per-message payout of $0.01 or more. These volumetric attacks resulted in significant costs for the company, as the attacks caused an increase in SMS charges from fraudulent verifications. The company needed a cybersecurity solution that not only prevented fake account signups, but also significantly reduced the amount of SMS fraud on the platform in order to save costs.
The Arkose Labs Solution
Arkose Labs approaches the problem of IRSF and user authentication with the goal of removing the financial motivation for fraudsters and producing a material return on investment for businesses. The online payment platform implemented Arkose Labs at any touchpoint protected by OTPs in the login and registration processes, such as the login flow and new account registration, in order to detect fraudulent traffic.
To protect against SMS toll fraud and its associated losses, Arkose Labs deployed a variety of data points related to device, network, behavior, and location to identify suspicious traffic. This included preventing script attacks, which are critical for fraudsters to profit, and using data from past attacks in the Arkose Labs Global Network, as well as custom “telltales” tailored to the specific needs of the company. Based on the likelihood that traffic is legitimate, bot-generated, or maliciously generated by a human, the solution determines whether further screening is necessary.
By implementing Arkose Labs, the online payment company saw over $450,000 per month savings in fraudulent SMS charges. Implementing Arkose Labs as a protective measure in the SMS flow resulted in a reduction of infrastructure costs due to the removal of a large volume of malicious bot traffic.
Arkose Labs helps businesses detect bogus account sign-ups and malicious logins, and eliminate the persistent attacks on user touchpoints that trigger OTP verifications. With Arkose Labs’ distinct approach, the company saved hundreds of thousands of dollars on downstream benefits, such as reducing support time managing compromised accounts, decreasing fraud case management for payment teams, lowering disruption rates for new customers and reducing infrastructure costs by removing high volumes of bad bot traffic.
The implementation of Arkose Labs’ advanced technology and expertise allowed the online payment platform to successfully defend against IRSF, ensuring the safety and integrity of its user data, while demonstrating significant ROI through cost savings and reduced overhead.
Now your business can estimate the cost savings associated with stopping SMS Toll Fraud, also known as IRSF.
SMS Toll Fraud (IRSF) is a type of cybercrime in which hackers use stolen accounts/numbers to send large volumes of SMS messages to premium rate numbers, resulting in significant charges for the account owner. IRSF can disrupt business operations, damage a company's reputation, and lead to major financial losses, as well as a diminished ROI.
Quickly and easily estimate the potential cost savings associated with stopping SMS toll fraud, to make better decisions about cybersecurity strategies for the new year.
Use our calculator to estimate the potential cost savings from stopping SMS toll fraud in the new year!
Request a customized demo to learn more.
REQUEST A DEMO CLOSE