Fraud Risks
The growing interest in flash calling as an alternative way to authenticate users has sparked a lot of discussion in the business community. Should we see it as a legal form of scam or is it the new normal? After all, does this telecom trick pose a potential threat to end users?
According to Juniper forecasts, the number of flash calls as a part of 2FA will reach around 130 billion globally by 2026, as compared to less than 60 million in 2021. It seems that this new method of verification is gradually replacing the traditional way of sending messages with a one-time password, consequently cutting mobile operators’ revenue for A2P SMS traffic.
The lure of flash calls
The reason why companies are increasingly using flash calls is obvious – they are associated with significant cost savings. Such a call does not require an answer, it is dropped so quickly that the recipient simply does not have time to pick up the phone. The authentication password, previously delivered to users via SMS, is now built into the outgoing call number. Technically, this is just a missed call, which mobile operators do not charge.
Users might also find flash calls alluring. The functionality of Android smartphones allows applications to automatically read the passcode contained in the phone number of an incoming call. Customers do not need to enter it manually, which makes the authentication process seamless and practically hands-free.
Everyone seems to be happy, except mobile operators, for whom A2P SMS authentication traffic is a significant source of income. The potential shift to flash calls poses a significant threat to them. MNOs see this as an unfair way to bypass charges for A2P SMS.
Is flash calling a scam?
Currently, in most countries, there are no laws that directly ban flash calls. The only exception is Japan, where they are officially prohibited. Moreover, they do not seem to violate the terms of the mobile operators’ contracts either. This is more of an ethical issue. Companies using the flash-calling model continue to utilise operators’ service and network resources without bringing any benefits to MNOs. Which seems unfair and looks more like a trick than a cost optimization measure. To protect their profits, operators are increasingly using tools that can detect flash call traffic and return it to SMS routes or monetise in other ways by renegotiating contracts with companies.
What are the risks for end users?
At first glance, flash calls seem to provide a safer and more convenient authentication method than SMS passcodes. Yet there are some security concerns associated with them. Automatic verification via flash calls implies that the user must allow the application to examine the phone’s call log. This violates their privacy to some extent and can be potentially risky.
It’s also worth looking at the bigger picture. Flash calls normalise the practice of receiving unanswered calls from random numbers. This could open the door to a scam known by the Japanese word “wangiri”.
Attackers use what is essentially a flash call with the expectation that the person who finds a missed call on their phone will call back. If this happens, the user is redirected to a premium rate number and is charged accordingly losing money for nothing. Since the call was made voluntarily, it is difficult for the person to prove that they have been subjected to fraud.
Therefore, operators’ efforts to detect flash calls have to do not only with protecting their revenues but also with ensuring the safety and loyalty of their customers.
TelcoGuard proposes a customizable solution for detecting any kind of fraud, bypass, and manipulations with SMS traffic.
Connect us today to engage in discussions and explore the possibilities of mobile testing together.
Enhance Your SMS & Voice Security with our Solutions!