The purpose of this CXTech Week 39 2024 newsletter is to highlight, with commentary, some of the news stories in CXTech this week. What is CXTech? The C stands for Connectivity, Communications, Collaboration, Conversation, Customer; X for Experience because that’s what matters; and Tech because the focus is enablers.
You can sign up here to receive the CXTech News and Analysis by email or by my Substack. Please forward this on if you think someone should join the list. And please let me know any CXTech news I should include.
Covered this week:
- Podcast 93: Truth in Telecoms, AIT, Kevin Graham and Daniel Gill
- Updated TADSummit Agenda with “Is Security in Programmable Communications ready for the post Quantum Era?” from Kevin Graham
- Coming next week is Part 2 of Truth in AIT
- The Guardian, Meet the scrappy tech company (Matrix) taking on Slack
- TNID Pre-TADHack Session #2 on 1st Oct, API Walk Through
- People, Gossip, and Frivolous Stuff
Podcast 93: Truth in Telecoms, AIT, Kevin Graham and Daniel Gill
Before we begin, everyone on this call is independent, does not work for a CPaaS company, the most common AIT (Artificially Inflated Traffic) generators.
Kevin Graham made an important statement at the start of the conversation, AIT is a nuanced topic. The source of the data is critical, 80% of the discussion will seem straightforward and clear, but it’s the 20% that is not mentioned can flip the story.
People who blame the brands for wanting low prices fail to point out the brands have no metrics. There simply is no regulation, no standard for the governance of SMS. For 30 years this gap has resulted in today’s poor situation for business and consumers using SMS.
Brands are fleeced and CPaaS companies make money, see Elon Musk’s rant. He tried to close down routes to those companies defrauding him, but without governance, he had no control, they used alternative routes.
AIT in the beginning was simply using an app to create fake accounts to drive traffic. Simply, using SMS OTPs (One Time Passwords) to drive traffic and hence revenue. AIT is pure and simple fraud.
The evolution beyond revenue generation is to influence conversion rates, quality perceptions of a route. That is ‘customers’ receive the SMS OTP and sign up, conversion. Then AIT traffic can make alternative routes appear poorer, with lower conversion. And hence the fraudster wins traffic from the brand being subjected to AIT. The brand has no way to know what is being done to them, as there is no governance in SMS.
Money is spent to make competitive routes look poorer, so overall the brand spends more than before AIT was being applied within a specific time period.
Another change in AIT is its democratization , that is an account management within a cPaaS company can spend their own cash on AIT, say $2k, receive a kickback. Win new business from the brand, appear a hero and receive a bonus. While the brand is spending more annually.
The lack of audit / governance common in many transaction based industries like financial services and banking, is missing in messaging. We had a discussion around where can the driver for an A2P 3.0 governance model come from? GSMA is unlikely to mandate it. Perhaps with the rise of RCS, Google could be the driver. To differentiate RCS from legacy SMS.
Kevin made an important point, he would not sign the MEF code of conduct as he knew his company could not meet the conduct’s requirements. Yet others he knew were not meeting the code’s terms did!
Daniel’s experience with Augnet brings a wealth of knowledge on the challenges of selling compliance / governance in messaging. Messaging is moving into a dangerous phase, on the dark web there are real time APIs to receive live OTP, its 3 Euro per SMS.
With that information a fraudster can call the customer and potentially steal their credit card details, as the have the OTP to confirm identity. Daniel pointed out that’s in violation of ISO27001 (information security management systems). Cybersecurity could become the driver for compliance and governance in messaging.
We’ll be discussing this more next week, there must be a way to protect grandma from all the AIT generated by CPaaS companies.
Updated TADSummit Agenda with “Is Security in Programmable Communications ready for the post Quantum Era?” from Kevin Graham
Thank you to our sponsors: Strolid, Inc. (Thomas McCarthy-Howe and vConVinnie Vin Micciche) and TSG Global, Inc. (Noah Rafalko, the creator of TNID)
10:30 Is Security in Programmable Communications ready for the post Quantum Era?
Kevin Graham, Mobile Technology and Cloud Communications Leader Mobile Engagement | A2P Messaging | Network APIs | CPAAS
*Why quantum computing poses a threat today
*Addressing the evolving threat of malicious actors
*Geopolitical, Legal and Regulatory factors
Coming next week is Part 2 of Truth in AIT
Given the reality exposed in Podcast 93: Truth in Telecoms, AIT, Kevin Graham and Daniel Gill, https://blog.tadsummit.com/2024/09/23/kevin-graham-and-daniel-gill/. CPaaS were the main instigators of AIT, it’s now democratized to the point account managers in CPaaS can use it to meet their goals. Given the dark web, consumers’ OTPs (One Time Passwords) can be exposed in real time thanks to AIT.
How can the industry work together to combat AIT across all stakeholders? Covering up the problem has resulted in brands walking away from SMS. Unenforceable codes of conduct, where signatories were in violation as they signed, did nothing. AIT is endemic in the industry. Wishing for all white traffic is a pipe dream, it has no pathway to implementation. Fraudsters will continue to innovate and take advantage of the lack of compliance and governance in the messaging industry.
What are the practical, meaningful steps the industry can take? Yes its a complex problem, but we’ve now exposed the reality of the situation, and the emerging threats. We can move on to an informed expert discussion on the path foreward.
Check out the Definitive Truth in A2P SMS, https://blog.tadsummit.com/2024/08/12/definitive-truth-in-a2p-sms/, as it provides some useful background as well.
The Guardian, Meet the scrappy tech company (Matrix) taking on Slack
Sending props to the The Matrix.org Foundation team for their The Guardian article. Matthew Hodgson, Amandine Le Pape.
The title is perhaps a little misleading, but grabbing a journalist’s attention is tough, so well done! Their impact is far beyond Slack, its across the whole communications industry.
The project is one decade old. Its deployed wherever security critically matters. Across many government departments, yes military, around the world.
They are the irritant to all the privacy invasive messaging applications and to regulators that user privacy can be protected.
Read their blog, https://matrix.org/blog/, the article on interop with WhatsApp is interesting. Matrix is the pinnacle of protecting users, a yardstick to the rest of the communications industry.
I’m looking forward to the next decade of Matrix. Like Wikipedia, they are here for the long term.
TNID Pre-TADHack Session #2 on 1st Oct, API Walk Through
TADHack 2024 runs 19-20 October. Before then we are running a pre-TADHack sessions, both live and recorded. This is a chance to learn about TNID (by TSG Global, Inc.).
Our second pre-TADHack session with TnID is on the 1st October at 10AM NYC time, 4PM Central European Time, and 5PM East Africa Time.
This session will walk through the TnID API. You can see the video and slides from the first TnID session on 17th Sept, here. https://blog.tadhack.com/2024/09/17/tnid-pre-tadhack-session/
Just send an email to info@tadhack.com and I’ll send to you the dial-in details for the second TnID Pre-TADHack Session. It’s the same as the first session.
TNID (by TSG Global) puts you in control of your personal, self-owned digital identity.
Remember TnID requires that you publish your hack publicly to a GitHub repository for review.
People, Gossip, and Frivolous Stuff
Sachin Hegde is now Senior Director of Engineering at Smartsheet. I’ve known Sachin since he worked at Vidyo and was part of TADHack.
Marc Roisin is now Enterprise Architect at NRB. I’ve known Marc for 15 years, since he was SDP Chief Architect at Huawei.
Ram Chella is now Founder & CEO at Foodie Bot. I’ve known Sam all the way back to his start-up Smart Voicemail over 10 years ago.
You can sign up here to receive the CXTech News and Analysis by email or by my Substack.