Details

Published on 14 August 2023

(Credit: Tetra Images / Alamy Stock Photo)

Still used to cut costs, Gray routing of SMS messages opens enterprises to security, legal, and brand damage risks.

Companies using so-called gray routing to save money with application-to-person (A2P) messaging for enterprise SMS risk crippling security attacks, unhappy customers, and a tarnished brand.

A2P messaging is a type of SMS messaging whereby texts are sent from a software application run by an enterprise to consumer devices.

What is gray routing?

SMS gray routing is when text messages are sent through a legal channel initially but, at some point, travel through illegal channels before reaching their destination. By sidestepping SMS laws and fees, gray routing reduces the cost of sending messages, according to JT Global. The name comes from the combination of white routing (legal SMS) and black routing (illegal SMS).

Using gray routes is akin to opening Pandora’s box of problems. The enterprise impact of grey route usage varies, including financial losses, quality and reliability issues, security risks, compliance breaches, loss of visibility, and customer dissatisfaction (leading to further revenue loss).

SMS gray routing accounted for 65% of all A2P traffic in 2016, according to Comviva, a Tech Mahindra company. That figure was expected to drop to 29% in 2020.

Since around 98% of all text messages are opened by the receiver, A2P messaging is a cost-effective way for businesses to increase engagement with consumers. Popular forms of A2P messages include marketing campaigns, promotional codes, appointment reminders, account pin codes, bank alerts, and shipping notifications. Many major industries have adopted A2P technology, such as retail, banking, telecom, healthcare, and travel.

The cellular networks identified a large volume of traffic going to their individual subscribers but hardly any traffic coming back. Moreover, there was a huge number of bounces in these SMSes resulting in massive revenue loss. At that time, the amount of spam messaging was also extremely high. These SMSes thus started to be coined as grey route SMS.

Gray routing risks aplenty for enterprise IT

The enterprise impact of grey route usage varies, including financial losses, quality and reliability issues, security risks, compliance breaches, loss of visibility, customer dissatisfaction (leading to further revenue loss), and more.

By bypassing official carrier networks, enterprises lose control and visibility over their communication traffic. It becomes impossible to monitor and manage the flow of messaging data, which can impact troubleshooting, capacity planning, and overall network optimization.

Cutting costs comes at a price

With gray routes, mobile network operators are not compensated for the use of their transport facilities, hence saving enterprises lots of money. However, cutting costs often comes at a price.

“Since grey routes bypass traditional carrier networks, service providers cannot bill for the traffic, resulting in revenue loss for legitimate telecom operators,” explained Dirk Wetzel, Head of Commercial Operation A2P Messaging at Syniverse, a global service provider. “This loss has a cascading effect on the ecosystem, leading to increased service costs for legitimate enterprises and their customers.”

But it can get far worse for enterprises using gray routes to deliver business SMS traffic, he cautions. “Gray routes are also usually unmonitored and unregulated, leading to potential issues with delivery quality, reliability, and security. Messaging traffic transmitted through grey routes may experience degraded message delivery failures. Such issues can adversely affect business communications, customer experience, and employee productivity.”

Carriers experience revenue leakage

Since grey routes bypass traditional carrier networks, service providers cannot bill for the traffic, resulting in revenue loss for legitimate telecom operators. This loss has a cascading effect on the ecosystem, leading to increased service costs for legitimate enterprises and customers.

Grey routes are also usually unmonitored, and since these routes are operated by unverified and untrusted entities, there is an increased likelihood of fraudulent activities, identity spoofing, and interception of sensitive information, Wetzel added. This compromises the confidentiality, integrity, and availability of communications, potentially leading to data breaches or unauthorized access to company systems.

Worst Case Scenarios

Enterprises found to be utilizing grey routes may face legal consequences, including fines and reputational damage due to violations of regulatory requirements and licensing. Gray route use can also lead to issues with delivery quality, reliability, and security. Messaging traffic transmitted through gray routes may experience message delivery failures. Such issues can adversely affect business communications, customer experience, and employee productivity.

How can enterprises stop and sidestep the woes of gray routes?

Gray route use for A2P messaging is not new and has continued for several years. The good news is that there are solutions for this menacing problem for enterprises and carriers. IT managers are urged to take a hard look at SMS firewalls to regain control of SMS messes.

SMS firewalls were developed to protect mobile networks against SMS’s vulnerable security flaws, according to ReportLinker. They offer protection and control over all messages on the network and safeguard mobile networks against all SMS-based messaging assaults. Every Message is forwarded through the security system, where it is evaluated and categorized. It takes action to block threats and grey routes.

The research firm maintains that the fast-growing global market for SMS firewalls which it estimates to balloon to 4.1 billion in 2028, can allay security concerns, including solving gray route problems.

• Defending mobile networks from all SMS-based messaging attacks
• Offering complete security and protection over all messaging networks
• Accurately identifying and blocking spam, and
• Ensuring all received message traffic is monitored to prevent SMS fraud.

The final word on gray routing Cutting expenses has always been a high priority for enterprises. But at what cost? Opening Pandora’s box of risks by using gray routes results in damage that likely exceeds any possible savings. And mobile network operators lose through revenue leakages.

Related articles:

• Employees: The Next Security Frontier?
• Threat Hunting: From Passive to Active Information Security
• Internal Network Security Mistakes to Avoid