Bypass: Time for a Rethink?

In November 2017, I presented on the risks of Missing Trader VAT Fraud (MTIC), at the excellent AFRAGS 2017, the Araxxe Seminar in Lyon. During the event, whilst I was listening to a case study and discussion on interconnect fraud detection, I heard a couple of things which sent shivers down my spine. I can’t give you an exact quote, but the first was along the lines of:

Because of net neutrality, Viber to Viber is OK

Is Viber to Viber OK?

OK, let’s break this down. Net neutrality is a big and complex subject and I’m not an expert, but I can explain the basics. Let’s start with a summary from Wikipedia:

Net neutrality is the principle that internet service providers must treat all data on the internet the same, and not discriminate or charge differently by user, content, website, platform, application, type of attached equipment, or method of communication.

Net neutrality principles also apply to telcos.

Viber provides cross-platform messaging and VoIP (voice over IP) communications services. Viber is a vociferous supporter of net neutrality and the telcos are often portrayed as anti-competitive and anti-neutrality. Telcos started to get twitchy about net neutrality when regulators began issuing fines for restricting access to competing communication services. ‘Restricting access’ included both blocking access and ‘throttling’, i.e. providing reducing data speeds.  Consequently, many operators have, understandably, adopted a very cautious approach to any issue connected to net neutrality.

It’s now widely accepted that individuals can use telecoms services to access whatever telecoms service provider they wish. And, in turn, this leads to the assertion that, “because of net neutrality, Viber to Viber is OK”. But is that assertion always right? To understand the issue, it’s necessary to have a basic understanding of international interconnect bypass.

Bypass 1.01

Originally, international bypass meant the use of SIMboxes, also known as GSM gateways. Where the mobile to mobile or ‘on-net’ rate was less than the international termination rate, bypass operators made their margin by using local SIMs to terminate international traffic to mobile customers. An example is given below.

Figure 1: Simple SIMbox Example

The next evolution was the arrival of OTT bypass. Apps from Viber, Google Messenger, Skype, etc., allowed mobile users to communicate with each other via VoIP connections. These became known as over the top (OTT) services because they were established over the top of services provided by existing communication service providers. OTT VoIP services establish connections using the data bundles purchased from the customers’ communication service providers. This is the ‘Viber to Viber is OK’ scenario. However, Viber also set itself up as a carrier and used its capability to bypass mobile operators by terminating non-Viber Public Switched Telephone Network (PSTN) traffic via the Viber apps on user’s mobiles. See an example below.

Figure 2: OTT Bypass Example

The legal and regulatory response has varied from country to country, but the majority of telcos agree that PSTN (Public switched telephone Network) to Viber is bypass and it’s not OK. In fact, Viber became a byword for OTT bypass.

Bypass 2.01

OK, so let’s assume you’re a bypass operator. Wouldn’t it make sense to combine the SIMbox approach with the OTT technology? See the diagram below.

Figure 3: Example Bypass Box

Previously, the SIMbox emulated a mobile phone, using multiple SIM cards to terminate international calls on voice channels. So why couldn’t a ‘bypass box’ run device emulation to support multiple OTT apps? This would provide multiple bypass channels via the mobile data network; you could compete with Viber using its own app! I wonder how they’d like that kind of disruption?

The Second Shiver…

During the discussions around OTT bypass, one mobile operator advised that it had experienced such problems with OTT bypass that it had signed a deal with Viber. According to the operator, this made financial sense as it received more interconnect revenue after the deal. To me, this sounds like a deal with the school bully, which allows you to keep more of your lunch money. However, I’m making a personal judgement without knowing all the circumstances so maybe it’s a positive, innovative solution and I’ve misunderstood it. If your telco has done this type of deal, please contact me in confidence and I’ll share your reasoning anonymously.

Time for a Rethink?

It’s generally accepted that using OTT for person-to-person communication is OK. But traffic terminated with a bypass box just appears to be person-to-person communication so maybe Viber to Viber is not OK.

You aren’t going to find this if you’re not looking, so check:

  1. Does anyone monitor your app-to-app volumes and have you ever considered that they may not be person-to-person communication?
  2. Do you have OTT bypass detection in place and is it monitored and acted upon?

And why stop there? Take a fresh perspective on other established assumptions and make 2018 your year of the rethink. You might surprise yourself.

David Morrow
David Morrow
Dave has 35 years of law enforcement, investigation and fraud management experience including multiple international assignments. He is a recognised telecoms fraud expert and for a number of years chaired the GSMA workgroup responsible for Security & Fraud Risk Assessments.

Dave now provides fraud management support as an independent consultant.