GSMA’s Fraud Services Product Director Jordi Castellvi, responsible for our recently introduced GSMA IRSF Prevention service, explains some of the misconceptions around large scale SMS AIT and voice fraud.
Old solutions to IRSF are no longer viable
Numbering plan information was once a potent weapon against International Revenue Share Fraud (IRSF). Fraudsters predominantly exploited unassigned number ranges or easily identifiable blocks of ‘invalid’ number ranges. By simply cross-checking against numbering plan databases, then, potential threats could be flagged. For years, this provided strong protection against fraud. However, a quick look at recent data paints a different picture – all signs point now to a threat which has adapted to old defences.
New data points to a shift in criminal behaviour
Our data on fraudulent attacks committed from 2020 to 2023 suggests the overwhelming majority of attacks have targeted valid destinations. In 2020, a staggering 91.13%* of attacks targeted valid telephone numbers, with only 8.87% exploiting invalid number ranges. This trend shows no sign of changing – in 2023, 90.99% of attacks to date have been on valid numbers. This has led to the stark realisation among industry analysts that numbering plans – particularly in their current form and use – are not enough. The reality is that today’s telecommunications are far more complex than when this defence was conceived, and so we must evolve too if we are to be effective in our efforts to prevent IRSF.
*Source: GSMA IRSF Prevention
Why updated numbering plans and hotlists cannot prevent IRSF
Part of the problem is the misconception that IRSF is a static threat, meaning it relies on numbering plans that are not regularly updated, or hotlists of risky destinations. In truth, the reliance on static numbering plans has become as convenient for the industry as it has for fraudsters to adapt to. Updating numbering plans and identifying high-risk regions are of course important measures that must be taken, but they only address part of the issue – that is, known threats.
Identification of threats by these means also differs across regions. For example, the lack of transparent numbering plans and limited information-sharing in certain regions can create more opportunities for fraudsters to exploit. Unscrupulous organisations can actively produce and enable numbers, then, with the sole purpose of defrauding telecom operators and communications companies.
Sharing intelligence is a fundamental countermeasure, but it’s becoming increasingly important to do so quickly. In too many cases, frankly, fraudsters are managing to stay a step ahead, and reacting more quickly than industry efforts to share updated numbering plans.
Preventing IRSF means being more agile than the thief
Fraudsters are often agile, pivoting to a new approach as quickly as needed – for instance, as soon as a number is flagged or blocked. When one approach fails, it is in their DNA to adopt an entirely different tactic. The latest data on IRSF in telecoms illustrates this vividly — updating numbering plans might slow down the fraudster, but it certainly won’t halt them.
With nearly 90% of attacks aimed at valid numbers, it’s clear that updating numbering plans alone is simply not viable. Combine this with ever-rising cases and sheer cost of IRSF – which numbers in the billions of dollars in each year – and there is an urgent need for a new solution.
Traditional methodologies, while foundational, no longer offer the comprehensive protection they once did. The future of fraud prevention lies in a multifaceted approach to defence, which makes it more likely that criminals will trip and falter. But, more than this, combatting IRSF requires real-time threat intelligence, continuous monitoring, and adaptive countermeasures. Only through such an advanced and holistic approach can the telecoms industry hope to stay ahead of the sophisticated and relentless threats it now faces.