Picture this. A user signs up on your platform, enters their phone number, and waits for the OTP. It never arrives. They try again. Nothing. They abandon the flow, and you never see them again. No error in your system. No flag in your delivery report. Just a user who left, and a message your aggregator billed you for.
This is not an edge case. For platforms sending OTPs at scale across APAC, MENA, and Africa, it is a daily occurrence. And a significant portion of those failed or fraudulent messages are not the result of network issues. They are the result of a fraud mechanism that has been quietly draining platform budgets for years.
It is called Artificially Inflated Traffic. AIT. And unlike phishing or account takeovers, it does not show up as a security incident. It shows up as a line item on your SMS invoice.
What AIT Actually Is
When your platform sends an OTP, the message travels through a chain of parties before it reaches your user. Your aggregator. Potentially a sub-aggregator. A mobile network operator. The user’s device. At multiple points in that chain, bad actors can intercept the flow, generate fake OTP requests using bots, and collect a revenue share from the operator for every message sent, whether it reaches a real user or not.
AIT fraud cost brands $1.16 billion in 2023. Twitter reportedly lost $60 million per year to AIT alone. The cumulative impact of AIT from 2022 to 2024 has been estimated at around $2.4 billion.
These are not small platforms with weak security teams. These are companies with world-class engineering infrastructure. The reason AIT persists at this scale is structural, not technical.
Why Your Dashboard Will Not Show It
This is the part that catches most engineering and product teams off guard.
AIT fraud is typically less visible to consumers and end users than other forms of fraud because the messages exist within the broader SMS ecosystem and do not end up as spam messages on consumer devices.
Your delivery reports show messages as sent. Your aggregator confirms delivery. Your conversion rate drops quietly. Brands will typically investigate their SMS operators, app development stack, payment gateways, and acquisition channels before they realize it is fraud. The investigation itself costs time and resources, compounding the financial damage.
The signal is there if you know where to look. If you normally see around 70 percent of OTPs used and that drops to 50 percent in a single month with no other explanation, fraudulent traffic is likely inflating your send volume without any real follow-through.
Where It Concentrates
AIT does not affect all markets equally. Africa has the highest concentration of high-risk markets, followed by Asia, the Caribbean, APAC, MENA, and CIS. These are also, not coincidentally, the markets where the largest platforms are growing fastest. Ride-hailing apps scaling in Southeast Asia. Crypto exchanges expanding into MENA. Fintech platforms processing remittances across Africa and South Asia.
Studies indicate that AIT accounts for five percent up to 40 percent of all international A2P SMS traffic, with the proportion varying by region. At the high end of that range, for every ten OTPs your platform sends in a high-risk market, four of them may be funding fraudsters.
The financial exposure is compounded by the fact that SMS costs themselves have risen sharply. The average cost to send an international SMS leapt by over 85 percent from 2020 to 2024. Every fraudulent message costs more than it did a few years ago.
The Aggregator Layer Is Where It Lives
This is the part of the conversation that most aggregators prefer not to have.
AIT concentrates in the aggregator layer because that is where visibility ends for most platforms. When you contract with an aggregator, you see your delivery rate. You do not see the route your messages travel, the operators involved, or the parties collecting revenue share along the way.
Direct operator connections change this equation fundamentally. When a platform routes OTPs directly to Tier 1 operators without intermediaries, the path is shorter, the visibility is complete, and the surface area for AIT is removed at the source. Direct connections to telco operators reduce the risk of grey routes and limit the chances of fraud entering the communication channel.
The impact of switching is measurable. A major last-mile delivery company that transitioned to a provider with automated blocking rules discovered they had been experiencing 2.7 times more traffic than their actual volume due to AIT. After making the switch, they achieved a 70 percent reduction in SMS verification attempts globally.
Three Questions Every Platform Should Ask Their Messaging Provider Today
Before auditing your OTP infrastructure, start with your provider. The answers to these three questions will tell you most of what you need to know.
Are you a direct aggregator with your own operator connections, or are you reselling capacity through a third party? The answer determines your delivery reliability ceiling and your AIT exposure. A reseller cannot give you full visibility into the route your OTPs travel because they do not own it.
Can you show me my OTP conversion rate by market, broken down by operator? A sudden drop in a specific country, without a corresponding change in user behavior, is the clearest early signal of AIT. If your provider cannot produce this report, you are operating blind.
What does your route look like in APAC, MENA, and Africa specifically? These are your highest-growth markets and your highest AIT risk markets simultaneously. Generic global coverage claims are not enough. You need to know the specific operators your OTPs reach in each country and who else is in the path.
The Cost of Doing Nothing
AIT is not just a fraud problem. It is a product problem. Bots triggering fake OTP requests inflate your registration numbers, distort your conversion data, and send your engineering and product teams chasing problems that do not exist.
Over 50 percent of telecom service providers expect SMS fraud to increase in 2025. Total SMS traffic is expected to fall by 25.9 percent between 2024 and 2029, partly as a direct consequence of AIT eroding platform trust in the channel.
The platforms that will continue using SMS for authentication at scale are the ones that have cleaned up their delivery chain, removed the intermediary layers where fraud concentrates, and established direct operator relationships in the markets where it matters most.
The rest will keep paying for traffic that never reaches a real user.
Inside Telecom provides you with an extensive list of content covering all aspects of the Tech industry. Keep an eye on our Press Releases section to stay informed and updated with our daily articles.