Securing and Monetizing Enterprise SMS

Fabio Bottan, Senior Messaging Specialist, Telia Carrier

If you have downloaded an app, made an online purchase, taken a COVID-19 test, or ordered takeout in the past year, chances are high that you have used A2P (Application-to-Person) Messaging. This is a type of one-directional message generated by an application rather than a person using SMS. Otherwise known as Business SMS or Enterprise SMS, A2P Messaging is commonly used for customer communication when no reply is expected. Common examples include sending marketing messages, appointment reminders, activation codes and one-time passwords (OTPs) or PIN codes.

With A2P Messaging, the interaction between the sender and receiver is direct, easy, cost-effective and exceedingly popular in almost all business verticals, in particular finance, retail, travel and healthcare. In today’s digitalized world, A2P Messaging can help enterprises to automate processes to authenticate and communicate with customers in real-time. Securing and monetizing the potential for A2P on a global scale is a challenge the telco industry is working to address.

Why is SMS universally different?

A2P does not require an Internet connection. P2P (Person-to-Person) instant messaging services such as WhatsApp and Skype operate over an IP network and require Wi-Fi or data. When traveling, many people turn off roaming services to avoid heavy fees, but SMS is always available.

SMS is device-agnostic; it does not matter if your users are on iOS or Android, as any phone running on at least a 2G connection can receive an A2P message. SMS is a powerful tool because it is so universal: according to MEF (Mobile Ecosystem Forum), 73% of smartphone users usually receive messages from businesses. And 2.1 billion users – 38% of the world’s adult population – receive A2P Messaging.

Global A2P Messaging Market
The A2P market is large and steadily growing. Source: Research and Markets.

Is there intelligence involved? Does latency matter?

Yes, and yes. For example, when a bank sends an authentication code to verify a purchase, the One-Time-Password (OTP) usually gives a user 30 seconds to reply, i.e. enough time for two attempts. A2P SMS travels through the backbone network and sometimes uses aggregators, thus the path it takes can have several hops. Every time you add a hop between your user and content generator, there is a delay. If the delay is too long, the time for the user to make a second attempt to enter the code may have expired, resulting in a poor user experience.

When selecting a messaging partner for business, it is important to ensure a direct connection for A2P SMS delivery. A direct connection is a route that is established directly with an operator or network within a country. This is the strongest type of routing available in the A2P SMS market because the SMS is routed directly to the operator, without compromising on reliability, security or latency. In short, the goal is to be as close as possible to the target operator as possible.

Too good to be true? SMS fraud, grey routes and illegal routing

The simplicity, convenience and reach of SMS has also made it vulnerable to fraudulent activity. One of the most prevalent and costly forms of fraud is grey route messaging where A2P traffic is hijacked by fraudsters. The term grey route defines a route that is not authorized by the mobile operator for delivery of SMS to their subscribers. According to a recent study by Mobilesquared, revenue leakage to grey routes could reach an annual average of $7.69 billion by 2024.

SMS fraud profits from the fact that international text messages can be routed in various ways to reach their destination and each route is charged differently. Taking a circuitous route can save on profit margins. Typically, such methods are difficult to detect because they circumvent lawful interception requirements in the local country.

In more recent headlines, fraudulent SMS phishing attempts during COVID-19 caused governments and public bodies to alert the public to scam notices. These attacks can damage reputations and create confusion.

Phishing attacks, spam and use of non-official grey fiber and illegal routes can be the pitfalls of poor partner choice.


Some wholesale companies benefit from using lower prices and send SMS traffic to non-official routes. Even if they have some direct activity, they use illegal routes to reroute a portion of traffic to reduce costs and improve profit margins, keeping customers unaware. This is the type of fraudulent activity that the industry needs to prevent and educate against.

Protecting your A2P messaging routes

Unlike voice services, which are regulated by bodies such as the FCC (Federal Communications Commission), SMS text messaging is categorized as an “information service” and is not subject to regulatory burdens that apply to telecommunications and commercial mobile services. The messaging ecosystem must self-regulate to prevent fraudulent spam and impose an aggregator-led code of conduct. Mobile Network Operators (MNOs) must implement SMS firewalls and managed services as the best defense for A2P revenue. Collaborative approaches are also important such as whitelisting, blacklisting and consulting to educate users about the risks of fraud.

From an enterprise perspective, it is important to perform due diligence and follow industry forums such as MEF that has developed a code of conduct for business SMS. The focus on educating and building transparency in the sector through collaboration can help to accelerate market clean-up and educate potential buyers about the threats of fraudulent practices and poor procurement processes.

Securing the Enterprise SMS network

Our goal is to provide a better user experience by stopping SMS fraud and we are helping mobile operators through a unique approach.

Telia Carrier’s Messaging Hub provides a secure, cost-effective connection to high-quality termination with direct access for global players such as SMS providers, aggregators, and enterprises. This single connection avoids the need for multiple routes or providers, while the traffic sent via direct access to Telia’s operators removes the risk of illegal termination. We are applying best-in-class test and analytical systems to detect illegal termination and a strong security platform SMS Firewall. Our extensive experience as a leading player in the global market means we care about customer experience, performance, and reliability – all based on Telia Carrier’s world-leading IP backbone.

Monetizing A2P Messaging

While advances in digitalization and automation give rise to new possibilities, new apps and new experiences, Enterprise SMS represents a truly agnostic communication tool with huge potential. Nevertheless, there are important considerations for businesses that go far beyond the cost per message.

If you are interested in A2P Messaging, we will be launching new anti-phishing services in the coming weeks. Watch the recording of our recent A2P webinar ‘Can’t Get Your Message Across?’ to learn more.

Fabio Bottan
Senior Messaging Specialist