Learn more about Fingerprint
- Streamline user experiences for trusted traffic
- The highest accuracy device identification for mobile and web
- Improve visitor analytics on mobile and web
You can’t ignore the massive business benefits to be had by using short message service (SMS) messaging — aka “text messaging” — instead of (or in addition to) email for customer communications.
| SMS/text messaging | ||
|---|---|---|
| Open rate | 98% | 20% |
| Response rate | 45% | 6% |
| Response time | 3 minutes | 90 minutes |
| Click-through rate | 19% | 4% |
But SMS pumping fraud — e.g., SMS traffic pumping, artificial traffic inflation (ATI), artificially generated traffic (AGT), and SMS OTP fraud — is casting a big cloud over all of text messaging’s positive outcomes. And it’s costing businesses like yours every year.
Fortunately, device intelligence technology can help you minimize the amount of money your business loses to SMS fraud. But only if you select a technology solution with the utmost care.
Here’s what you need to know.
SMS traffic pumping — 2023’s top SMS fraud threat
In SMS traffic pumping, fraudsters exploit premium rate numbers, two-factor authentication (2FA), and/or one-time password (OTP) mechanisms in order to generate fake SMS traffic through mobile apps and websites.
Since they earn a commission on every text message sent this way, fraudsters can reap huge financial gains for themselves and the mobile network operators (MNOs) with whom they collude — and pass on huge financial losses to the corporate victims responsible for paying inflated text messaging bills (Twitter, for instance, admitted in February 2023 to being scammed out of about $60 million per year by fake two-factor authentication SMS messages).
Unfortunately, it’s all too easy for bad actors who work with fraudsters to hide in plain sight. That’s because, for better connectivity, networks purchase traffic from each other in a layered set of routes. So, the organization from whom you buy your traffic isn’t the only entity that will handle your traffic. And that shared access exposes your traffic, and your business, to fraud like SMS pumping.
Watch for these symptoms of SMS traffic pumping
Your business might be a victim of a SMS pumping scam if:
- Your web traffic sharply increases.
- The number of SMS messages that are autogenerated suddenly, significantly increases.
- Your business starts sending large numbers of text messages to unusual countries.
- Texts are being triggered to send to batches of phone numbers in numerical order.
- “Visitors” are abandoning your web forms before fully completing them.
Fortunately, there’s a way to use modern device intelligence technology to stop SMS pumping fraud in its tracks.
Fingerprint device intelligence — a better way to prevent SMS pumping fraud
These two key “Smart Signals” in Fingerprint’s device intelligence Platform can help you prevent SMS pumping fraud.
Device identification
Fingerprint’s device intelligence collects more than 100 raw device signals representing various browser and system characteristics (e.g., browser version, installed plugins, screen resolution, time zone, etc.) for each customer device, then processes those signals into a single, unique identifier that’s 99.5% accurate — a device ID.
To prevent SMS pumping, Fingerprint can associate each SMS verification request with the device ID associated with each specific browser or mobile device. You also can program Fingerprint to limit the number of verification requests received from a single browser or mobile device, so you’ll still know they’re from a fraudster even if the fraudster switches accounts.
Bot detection
Fingerprint’s bot detection Smart Signal prevents bad bots from accessing your website altogether. By collecting vast amounts of the browser data that bots leak — data like errors, network overrides, browser attribute inconsistencies, and API changes — it can reliably distinguish human visitors and good bots (e.g, a Google indexing bot) from the bad bots (e.g., headless browsers, search bots, browser automation tools, stealth plugins, etc.).
Fingerprint’s bot detection then continuously monitors user interactions and activities in real time, alerting you when, based upon browser configurations during 2FA or OTP verification processes, it detects suspicious bots.
Although a fraudster can still technically perform SMS pumping on your website when you have Fingerprint’s bot detection, you’ve made it incredibly more difficult and expensive for them to do because they’ll need to switch accounts and manually click the “Send SMS” button. And that extra time and effort makes you a significantly less attractive — i.e., less profitable — target for this kind of fraud.
Three other Fingerprint capabilities that help prevent SMS fraud
| Fraud detection | Risk assessment | Account linking |
|---|---|---|
| Fingerprint’s device ID helps detect patterns of suspicious behavior, like multiple accounts created from the same device, frequent changes in device configurations, and an unusually high number of requests originating from a particular fingerprint. | Fingerprint can flag a device as “high-risk” if it has a history of suspicious activity or matches a known, fraudulent visitor ID. From there, you can require devices flagged as high-risk to undergo additional scrutiny or additional security measures during the 2FA process. | Fingerprint can link multiple accounts or activities to a single device in order to uncover potential fraud networks or identify the fraudsters that create multiple accounts in order to carry out SMS pumping fraud across different services. |
Fingerprint device intelligence — your comprehensive solution
Complies with complex regulations/standards
GDPR, CCPA, SOC 2 Type II, ISO 27001
Learn more on our security page.
Provides a wide array of device intelligence capabilities
- Browser bot detection
- Incognito detection
- IP geolocation
- VPN detection
- Browser tampering detection
- IP blocklist matching
- Android emulator detection
- Android tamper detection
