Multi-factor authentication has had a massive uptake in the past few years. Some 79% of people surveyed for Duo Labs’ 2021 State of Auth Report said they use it, up from only 28%% in the 2017 edition. In case you aren’t familiar — multi-factor authentication is an authentication method that necessitates the use of more than one separate method in order to be successful, for example a combination of your standard username and password with a code sent to you via SMS.
In two-factor authentication (2FA), the most commonly used second factor SMS with 85% of people choosing it. Juniper Research predicts that SMS authentication will generate $39 billion for the telecoms industry in 2022. However, in recent times, authentication via flash calls is rising in popularity, challenging operator SMS revenues.
A flash call can replace an SMS one-time password (OTP), allowing the company in question to authenticate users via the voice network of an MNO at no cost instead of paying to send an OTP via SMS. How does this work?
The impact on telcos revenue
Flash calls used for authentication do not actually connect to the user on the other end, making it difficult for MNOs to detect them. This also makes it very hard to either block them or monetise them. Many networks are currently unable to monetise flash calls at all, and are just losing out on all the OTP SMS revenue they would otherwise receive.
In November last year Juniper Research published a report entitled Flash Calling Authentication: Impact Analysis & Market Forecasts 2021-2026, which forecast that flash calls would rise in volume from just 60 million in 2021 to nearly 130 billion in 2026. This is a huge increase — and every single one of those flash calls could go un-monetised, resulting in MNOs losing a huge portion of their A2P SMS revenue.
What’s next for flash calls?
Currently, for many mobile users, SMS OTP is more convenient, as many mobile operating systems can automatically pull the OTP from an SMS and offer it as a shortcut when logging in without the user needing to even open or read the message. While this isn’t possible yet for flash calls, this is something that might be implemented in the future. Many cite Apple’s integration of SMS OTP copying in iOS 12 as the beginning of widespread usage for multi-factor authentication, so this is something to keep an eye out for.
With flash calls looking ever more likely to increase in usage, what can MNOs do to protect their revenue? According to Salman Nayyar, GMS’ Group Director Products, Strategy and Innovation, the key to monetising flash calls is being able to identify them. While such calls can be traced using emerging technology, managing them is not straightforward and as such needs to be dealt with carefully, he says.
While the long-term solution is likely to be technology-driven, Nayyar believes that the short-term solution to protecting your networks from revenue loss should be policy-based.
If you notice that the A2P SMS volume from a certain enterprise is going down, they may have started using flash calls. It’s time to renegotiate your commercial terms to officially include flash calls along with SMS authentication.
The first step in the journey to overcome the challenge that flash calling represents is to ensure that you have a clear view of the traffic on your network. Once you have that clarity, you can start to analyse the volumes of traffic from different customers and then re-examine the agreements that you have with them.
The rise of flash calling doesn’t have to mean the death of A2P SMS authentication, but it is a serious threat. To get clarity of what traffic is on your network, assistance with upgrading your policies, and protection against a variety of additional tactics intended to diminish MNO revenue, talk to our experts today about GMS Messaging Protection.