The Problem of Flash Calls

Man looking at his phone with a concerned expression, featured in an article about the risks of flash calls.

As part of my job at TMT ID I often discuss with customers about problems they are experiencing. More and more one of the problems that has been coming up more frequently is the issue of ‘Flash Calls’.

What Are Flash Calls?

In a nutshell, a Flash Call uses a missed call as a way of bypassing using an SMS to provide a one-time password (OTP). The sender calls the subscriber and hangs up very fast so the subscriber can’t answer it.

The Caller ID from the call forms a one-time password. If the subscriber uses an Android phone and gives the receiving app permission to manage phone calls, the app will read the Caller ID and authenticate the user. On IOS, user input is required.

Recent research by Juniper predicts the number of calls used for flash authentication will be near 130 billion globally by 2026.

How Does Flash Calling Work?

This procedure is different from traditional 2FA methods. Most traditional methods require users to enter a code from a text message. However, this procedure uses digits from the incoming call number as the passcode through an entirely automated process.

Technically, there are 3 ways of doing Flash Calls:

Spoof the A-number (Caller ID) into a one-time password (typically a 4-5 digit pin).
Spoof the A-number (Caller ID) into a number that looks valid. The OTP is then either the last 4-5 digits or a combination (digits 1,3,7,2 of the Caller ID form the OTP)
Use a valid, assigned caller id from a range owned by the company offering the product. The OTP is then formed as in the previous point.

Obviously, the main parties in this scenario are the End user and the Enterprise using Flash Calls to authenticate the End User. But they are not the customers and prospects I mentioned earlier; they are the users of a service that involves multiple parties with different interests. The customers and prospects I have spoken with include:

CPaaS providers – They offer Flash Call service to the Enterprises. As some operators are increasing the A2P SMS fees, CPaaS players started offering this service as an alternative to avoid these fees. Unlike SMS or a call with an IVR (Interactive Voice Response) dictating an OTP, a missed call doesn’t have a direct cost, so it is a great alternative for CPaaS providers to make money as the Flash Calls are 100% gross margin for them.
Voice transit carriers – They pass the calls to the mobile operators. They don’t like Flash Calls as the transit carriers incur real costs for routing, investing in capacity to support quality of service requirements, etc. Voice transit carriers get revenue by charging a per minute fee for completed calls. Since Flash Calls do not register as a completed call, these carriers receive no compensation for the use of their network facilities.
Mobile Network Operators (MNOs) – they are the most affected by the introduction of Flash Call services by their customers since they are losing money they would have received from the handling of A2P SMS. Their Revenue Assurance and Fraud Groups have been building awareness of the Flash Call phenomenon, and are trying to work with their Firewall vendors or companies like TMT Analysis to find solutions to identify Flash Calls so they can be charged.
Signaling firewall vendors – they are being pushed by the MNOs to find solutions for stopping Flash Calls.

So, How Can TMT Help?

Some Flash Calls can be identified and then stopped by using the TeleShield. With TeleShield, Voice transit carriers and MNOs of firewall vendors can do a real-time check of the Caller ID and if it’s a spoofed OTP, the call can be dropped.
In a similar way, if the Caller ID is spoofed to look like a real number, the number may not be in an allocated range. A Live or Enhanced TeleShield query can be performed to find out if there’s a subscriber behind that number. But there’s a caveat to this – random real subscriber numbers can be used as Caller ID and there’s no way to identify and stop them.
If the call comes from a valid range of numbers that the CPaaS player owns and operates, the transit carrier, MNO or firewall vendor needs to know those ranges in order to be able to stop these Flash Calls.

The Future Of Flash Calling

My personal opinion is Flash Calls won’t be stopped and MNOs shouldn’t try to stop them, but rather the focus should be on identifying ways to monetise these calls.

As initiatives to authenticate the Caller ID are advancing, such as STIR/SHAKEN in the US and Canada, some of the spoofed Caller IDs may go away in the near term. But it will take quite a lot of time to do that everywhere. If MNOs want to stop losing revenue with Flash Calls, there needs to be a joint effort which I see like this:

With TMT’s big telco data analytics capabilities, we can help MNOs measure average levels of legitimate missed calls on incoming trunks and identify obvious Flash Calls.
MNOs should change their wholesale voice contracts to charge Flash Calls that are detected and also allow % missed-calls and consider everything above that % as Flash Calls.
TMT can identify Flash Calls on spoofed Caller IDs that belong to unallocated ranges or to numbers that don’t belong to real subscribers so that MNOs can charge them accordingly.
Using Artificial Intelligence (AI) driven data analytics, TMT Analysis can identify and correctly flag Flash Calls from valid, allocated ranges of Flash Calls providers.
The remaining missed calls per voice trunk then can be calculated and anything above normal thresholds can be charged as Flash Calls.

In conclusion, I think Flash Calls are here to stay, although I don’t think it will have as much traction as the A2P SMS. As it can be considered “cherry-picking” for now, it is a valid service that some Enterprises and end-users like.

I don’t think MNOs can stop them, but rather they should try to monetise Flash Calls just like they have monetised A2P SMS. Similarly, AIT is another growing problem that MNOs and internet providers will struggle to handle in the future due to the returns they offer to cyber criminals.

For more information on our range of products email us info@tmtid.com

For helpful advice on number spoofing, you can read our related article.

Last updated on January 30, 2025

A smartphone displays an "unknown caller" notification alongside an article about nuisance calls with the author's name, Fergal Parkinson, prompting to read now.

The Scourge of Nuisance Calls

The problem of Flash Calls

Graphic banner for an article discussing the differences between 3D-Secure v2 and the issues with 2FA, featuring an author's name and a prompt to read the article on authentication

2FA Alternatives: 3D-Secure v2 and the problem with 2FA

Find out about TeleShield

TeleShield is a powerful telephone fraud prevention API which protects both your business and your genuine customers. It provides robust and dependable security against a range of telephone-based fraudulent activities such as flash calls, International Revenue Share Fraud (ISRF), Origin Based Rating (OBR), ‘Wangiri’ scams, premium rate number fraud, telephone number spoofing and more.

Learn about TeleShield

What Our Customers Are Saying

"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."

MaxMind

"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”

Business Telecommunications Services

"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."

Six Degrees Labs

"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."

LATRO

"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."

Global Message Service

"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."

Global Voice

"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."

Alberto Grunstein - CEO

"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."

Luisa Sanchez - VP of SMS and Messaging Solutions, Identidad Technologies

"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."