How Can MNOs Handle Flash Calls?

The A2P messaging revenue losses faced by mobile operators often stem from multiple factors, including the lack of awareness, visibility, and proper tools to either counter emerging threats or make the most out of existing opportunities.

While most operators are generally aware of the more common tricks like grey routes and SIM farms, lesser-known bypasses often go unnoticed. Flash calling is one such bypass type that can pose an immense direct and indirect threat to operators’ revenues. At the same time, they offer an opportunity for diversifying income flows. In this article, we take a closer look at how flash calls can be used, the threats they pose, and how MNOs can regain control over their network.

What are flash calls, their applications, and what threats do they pose?

Flash calls are mostly zero-duration calls that are dropped instantly before the subscriber can answer (in some instances, there are text-to-speech-based flash calls or robocalls as well). And since there is no call termination, there is no termination charge either. This brings us to the first flash call application and, thus — the first potential blow to MNOs’ A2P revenues: the use of flash calling as a vehicle for two-factor authentication (2FA).

From the Enterprise perspective, flash calls are highly convenient for user authentication. When subscribers initiate a scenario that calls for 2FA, they receive a call that is immediately disconnected. All that is left is to use the number from the flash call as an authentication code. While reminiscent of robocalls, the process is much more user-friendly, as it does not require interactions like picking up the call or listening to a generated voice message. Moreover, most modern mobile devices can automatically detect the necessary codes within the call logs. This makes the authentication process even more unobtrusive and improves the customer experience. 

And finally, there is pricing: since flash calls are usually not recognized as such by unsuspecting MNOs, flash call providers can offer prices that are far cheaper compared to those of A2P SMS. 

All the above make flash calling a potential disruptor. For instance, Juniper Research estimates that the number of calls used for flash authentication will near 130 billion globally by 2026, rising from less than 60 million in 2021.

Finding the best-fit solution

Knowing is half the battle. If the operator notices that their A2P messaging volumes have suddenly dwindled, it might be a sign of flash calling in effect. When dealing with flash calls, there are two ways to handle them: block the flash calls altogether or embrace them as a part of MNO revenues, modifying the commercial agreement terms accordingly. 

While the MNO industry still needs to be fully ready for flash call blocking, monetisation calls for an even more advanced approach that currently only exists in theory. Still, both tasks call for a proper tool, as operators are usually not equipped to detect and prevent flash calls reliably. Fortunately, just like with SMS, a seasoned team of experts can manage Voice traffic in a way that allows for superb visibility and control, blocking or redirecting it as needed. 

The management process should start with detecting call prefixes consistent with flash-call profiles — just like you compare incoming A2P SMS profiles with an international service profile database to verify the message origins. The next step would be rules application — blocking or redirecting flash calls via legal routes. 

Since a sudden decline in premium traffic volumes might be the first sign of flash calls flooding your network, monitoring the bounce back in A2P SMS traffic after rules implementation will allow you to further scale the rule application. As a result, the operator gains much-needed flexibility: now they can choose whether to block the flash calls completely and reroute A2P authentication flows back to SMS or start billing the flash calls.

Building a reliable defence

Like with any other communication channel, criminals can use voice calls to prey upon operators’ audiences in various ways. There is a likelihood that fraudsters can also employ flash calls for certain illegal use cases. For instance, for a flash call to work, it is required that the application requests permission to monitor all incoming calls, which is a potential customer data privacy abuse. Similarly, sometimes flash call providers can use spoofing the “Calling Party Number” in place of the OTP code, which is a clear breach of ITU rules — and number spoofing is also illegal in most markets. 

While voice scams above might not hurt A2P messaging revenues directly, they cause the erosion of trust. Let us take a closer look at the most common scams that threaten the subscribers, examine how they damage the MNO revenues — and how you can fight them.

• Robo calls: If you answer an incoming call and a recorded message plays instead of a real person speaking, you have just picked a robocall. While many businesses use autodialling software and prerecorded messages to remind users about appointments, deliver booking details, and more, robocalls just as regularly serve as a vehicle for voice spam and scams. In parallel to flash calls, enterprises also use robocalls to deliver One-Time Passwords (OTPs).

• Wangiri: “Wangiri” is a Japanese word meaning “one (ring) and cut” (and flash calling is actually a half-way Wangiri technique). It is a telephone scam where criminals trick subscribers into calling premium rate numbers. This is how it works: a person finds a missed call on their phone, and if they call back, they will be rerouted to a premium rate number overseas and will be charged for the expensive call as a result.

• Caller ID spoofing: Caller ID (or CLI) spoofing is the practice of causing the telephone network to indicate to the receiver a caller ID different from the telephone from which the call was actually placed, allowing fraudsters to trick enterprises and subscribers into sharing sensitive information or performing actions that benefit the criminals. Flash call providers may use CLIs spoofing technique to insert the last 4 digits of the OTP for subscriber authentication purpose. 

All the methods above are both incredibly prevalent and harmful to your subscribers. And thus, rumours of fraud or security breaches caused by voice calls within your network will inevitably reach the audience, making them question the security measures in effect, and ultimately resulting in churn and revenue losses.

This is where dedicated technical solutions can help once again. Proper tools used to manage flash calls come with an added benefit of being able to cut out any malicious voice traffic, preventing potential disruption in the customer experience and ultimately protecting operators’ future incomes.

Finding the right partner

Since flash calls have hit the mainstream recently, there are different ways to manage them. Quite a few solutions in the market are based on the reactive approach, namely the extraction of flash call prefixes through offline CDR analysis and subsequent blocking implementation. Likewise, some flash call detection mechanisms are governed through TCG (Test Call Generator) solution, similar to a standard SIM-box detection solution mechanism. 

An ideal and more effective solution should be based on Artificial Intelligence and Machine Learning. This way mobile operators will have an opportunity to manage flash calls and effectively deal with other voice-related revenue threats in real-time. A proactive approach like this supports both full flash call detection and blocking, and accounts for various manipulations that flash call providers may employ. Therefore, MNOs must carefully evaluate the effectiveness of different options and solutions before making any deployments.

Here at GMS, we ensure that our Flash Call Management solution is safely deployed and carefully tuned to cater to our client’s specific needs and requirements. If you want to learn more, do not hesitate to contact us today.