Global Technology Pioneer Slashes SMS Toll Fraud Costs in High-Risk Countries Working with Arkose Labs

Key Results

Summary

SMS toll fraud was costing one of the world’s largest consumer technology and media companies hundreds of thousands of dollars each month in four high-risk countries alone. The attackers began with malicious bots but shifted to coerced human labor when Arkose Labs blocked their progress, prompting a collaboration between Arkose Labs and the company to implement more aggressive countermeasures. Arkose Labs was able to detect, isolate, and completely mitigate these attacks even after the pivot to human labor, resulting in significantly reduced SMS toll fraud costs and a superior legitimate consumer experience.

The Business Problem

To safeguard their online platform from unauthorized access, the company implemented one-time passwords (OTPs) via SMS to verify consumer identities during registration. But attackers targeted the platform using a tactic known as SMS toll fraud to exploit OTPs for financial gain. In this scheme, scammers acquire phone numbers from colluding carriers who provide expensive SMS services. Attackers initiate SMS flows using the compromised numbers, the carrier charges the business for the expensive telephone numbers, and the attacker and colluding carrier share the profits.

In this particular case, bad actors registered massive numbers of fake new accounts and utilized bots to trigger OTPs to premium numbers. With hundreds of thousands of fraudulent OTPs each month, at an average cost of $.095 per SMS message in these high-risk countries, the company was at risk of losing millions of dollars each year to SMS toll fraud. The problem was so pervasive that the company contemplated shutting down operations in one high-risk country because the scale of SMS toll fraud determined the difference between profitability and unprofitability in that country.

To counter this threat, the company sought a comprehensive solution that not only prevented fake account signups but also significantly curtailed SMS toll fraud, aiming to achieve a substantial return on investment.

The Arkose Labs Solution

Arkose Labs offers a comprehensive approach to tackle SMS toll fraud and enhance user authentication. By integrating Arkose Labs across all touchpoints secured by OTPs during account registration, while leveraging data from past attacks in the Arkose Labs global network and customized telltales, the company now effectively detects and mitigates attacks. The deployment involved a sophisticated use of various data points, including device, network, behavior, and location, to identify suspicious activities and prevent script attacks commonly used by attackers.

When suspicious sessions are detected, users are presented with Arkose MatchKey challenges, the strongest CAPTCHA ever made. Because bots struggle to solve MatchKey challenges, attackers then either give up or, more often, pivot to human fraud farms to try to bypass defenses, which Arkose MatchKey also stops.

Demonstrated Results

Implementing Arkose Labs led to significant cost savings for the consumer technology and media company. The solution detected fake sign-ups, eliminated persistent attacks on OTP verifications, and offered downstream benefits such as decreased support time and a greatly improved user experience. The company achieved a substantial return on investment, and the platform’s security improved, providing a secure and nearly frictionless login process for legitimate customers.

• Substantially reduced costs
  • Savings range of $500,000 to $1.5M from SMS spend alone for four high-risk countries on an annualized basis
  • 72% reduction in SMS toll fraud spend in targeted country
  • The company went from not profitable to profitable in one high-risk country
• 95% reduction in abusive registrations for high-risk sessions
• Completely eliminated human fraud farms from exploiting the SMS flow in targeted regions
• Improved detection of malicious traffic while generating a positive ROI
• Superior user experience with less user friction and fewer false positives
• Major improvements to data visibility at top of funnel (device fingerprint, location, network forensics, risk score, etc.)
• Partnership with Arkose Labs provides custom analysis for customer transactions and a designated 24/7/365 security operations (SOC) team