Verify

Verify and validate customers globally using their phone number.

Velocity

Discover the network provider for every mobile number globally.

Authenticate

Protect customers, accounts, and transactions within your app.

Live

Discover if a mobile number is assigned to a subscriber.

Score

A real time phone number credibility score.

TeleShield™

Identify if a number has the propensity to be used for fraud.

Banks and Financial Services
E-Commerce
Insurance
Mobile Messaging
Gaming & Gambling
Communication and Service Providers
Identity & Verification Providers
eBooks
News
Developers
Viteza
FAQ
About us
Events
Careers
Contact us
Articles

The problem of Flash Calls

Lucian Gheorghe

4 min read
Man looking at his phone with a concerned expression, featured in an article about the risks of flash calls.

As part of my job at TMT ID I often discuss with customers about problems they are experiencing. More and more one of the problems that has been coming up more frequently is the issue of ‘Flash Calls’.

What Are Flash Calls?

In a nutshell, a Flash Call uses a missed call as a way of bypassing using an SMS to provide a one-time password (OTP). The sender calls the subscriber and hangs up very fast so the subscriber can’t answer it.

The Caller ID from the call forms a one-time password. If the subscriber uses an Android phone and gives the receiving app permission to manage phone calls, the app will read the Caller ID and authenticate the user. On IOS, user input is required.

Recent research by Juniper predicts the number of calls used for flash authentication will be near 130 billion globally by 2026.

How Does Flash Calling Work?

This procedure is different from traditional 2FA methods. Most traditional methods require users to enter a code from a text message. However, this procedure uses digits from the incoming call number as the passcode through an entirely automated process.

Technically, there are 3 ways of doing Flash Calls:

  1. Spoof the A-number (Caller ID) into a one-time password (typically a 4-5 digit pin).
  2. Spoof the A-number (Caller ID) into a number that looks valid. The OTP is then either the last 4-5 digits or a combination (digits 1,3,7,2 of the Caller ID form the OTP)
  3. Use a valid, assigned caller id from a range owned by the company offering the product. The OTP is then formed as in the previous point.

Obviously, the main parties in this scenario are the End user and the Enterprise using Flash Calls to authenticate the End User. But they are not the customers and prospects I mentioned earlier; they are the users of a service that involves multiple parties with different interests. The customers and prospects I have spoken with include:

  • CPaaS providers – They offer Flash Call service to the Enterprises. As some operators are increasing the A2P SMS fees, CPaaS players started offering this service as an alternative to avoid these fees. Unlike SMS or a call with an IVR (Interactive Voice Response) dictating an OTP, a missed call doesn’t have a direct cost, so it is a great alternative for CPaaS providers to make money as the Flash Calls are 100% gross margin for them.
  • Voice transit carriers – They pass the calls to the mobile operators. They don’t like Flash Calls as the transit carriers incur real costs for routing, investing in capacity to support quality of service requirements, etc. Voice transit carriers get revenue by charging a per minute fee for completed calls. Since Flash Calls do not register as a completed call, these carriers receive no compensation for the use of their network facilities.
  • Mobile Network Operators (MNOs) – they are the most affected by the introduction of Flash Call services by their customers since they are losing money they would have received from the handling of A2P SMS. Their Revenue Assurance and Fraud Groups have been building awareness of the Flash Call phenomenon, and are trying to work with their Firewall vendors or companies like TMT Analysis to find solutions to identify Flash Calls so they can be charged.
  • Signaling firewall vendors – they are being pushed by the MNOs to find solutions for stopping Flash Calls.

So, How Can TMT Help?

  • Some Flash Calls can be identified and then stopped by using the TeleShield. With TeleShield, Voice transit carriers and MNOs of firewall vendors can do a real-time check of the Caller ID and if it’s a spoofed OTP, the call can be dropped.
  • In a similar way, if the Caller ID is spoofed to look like a real number, the number may not be in an allocated range. A Live or Enhanced TeleShield query can be performed to find out if there’s a subscriber behind that number. But there’s a caveat to this – random real subscriber numbers can be used as Caller ID and there’s no way to identify and stop them.
  • If the call comes from a valid range of numbers that the CPaaS player owns and operates, the transit carrier, MNO or firewall vendor needs to know those ranges in order to be able to stop these Flash Calls.

The Future Of Flash Calling

My personal opinion is Flash Calls won’t be stopped and MNOs shouldn’t try to stop them, but rather the focus should be on identifying ways to monetise these calls.

As initiatives to authenticate the Caller ID are advancing, such as STIR/SHAKEN in the US and Canada, some of the spoofed Caller IDs may go away in the near term. But it will take quite a lot of time to do that everywhere. If MNOs want to stop losing revenue with Flash Calls, there needs to be a joint effort which I see like this:

  • With TMT’s big telco data analytics capabilities, we can help MNOs measure average levels of legitimate missed calls on incoming trunks and identify obvious Flash Calls.
  • MNOs should change their wholesale voice contracts to charge Flash Calls that are detected and also allow % missed-calls and consider everything above that % as Flash Calls.
  • TMT can identify Flash Calls on spoofed Caller IDs that belong to unallocated ranges or to numbers that don’t belong to real subscribers so that MNOs can charge them accordingly.
  • Using Artificial Intelligence (AI) driven data analytics, TMT Analysis can identify and correctly flag Flash Calls from valid, allocated ranges of Flash Calls providers.
  • The remaining missed calls per voice trunk then can be calculated and anything above normal thresholds can be charged as Flash Calls.

In conclusion, I think Flash Calls are here to stay, although I don’t think it will have as much traction as the A2P SMS. As it can be considered “cherry-picking” for now, it is a valid service that some Enterprises and end-users like.

I don’t think MNOs can stop them, but rather they should try to monetise Flash Calls just like they have monetised A2P SMS. For more information on our range of products email us info@tmtid.com

Last updated on September 18, 2024

Contents

Related Articles

Graphic banner for an article discussing the differences between 3D-Secure v2 and the issues with 2FA, featuring an author's name and a prompt to read the article on authentication

3D-Secure v2 and the problem with 2FA

Woman reading on her smartphone with an infographic about a2p sms delivery cost optimization beside her.

Cost optimisation of A2P SMS delivery – The basics

How to Return a Product to the Market


What Our Customers Are Saying

"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."

MaxMind

"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”

Business Telecommunications Services

"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."

Six Degrees Labs

"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."

LATRO

"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."

Global Message Service

"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."

Global Voice

"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."

Alberto Grunstein - CEO

"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."

Luisa Sanchez - VP of SMS and Messaging Solutions, Identidad Technologies

"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."

Deutsche Telekom Global Carrier

Ready to get started?

We provide the most comprehensive device, network and mobile numbering data available

Contact us > Chat to an expert >