Millions of people rely on daily one-time passcodes to secure their online identities and verify payments. Yet, behind this trusted authentication service, and as the six-digital code arrives, as it does within mere seconds. The truth, however, is far more sinister than what meets the eye.
The truth of the matter is that this six-digital code is not just a small, somewhat reliable, ritual of a digital life. Most people perform this without any curiosity about the infrastructure behind it. Someone, somewhere, is billing for that text message you just sent. Evidently, that someone is a fraud.
It’s called Artificially Inflated Traffic (AIT), and it’s a fraud that’s quietly siphoning billions of dollars from businesses, exploiting the global SMS delivery chain while remaining invisible to both users and platform operators.
AIT is the industry’s somewhat clinical name for a scheme that’s neither new nor slowing down. It’s an inflated traffic, by definition, that operates in the unglamorous machinery beneath the authentication systems that banks, ride hailing platforms, and payment processors are now treating as their security baseline.
AIT’s most damaging characteristic is that it looks nothing like your conventional cyberattack. So, conventional means to thwart that threat, by nature, will not work. AIT fraud is particularly suited due to its current scale of invisibility which it managed to maintain.
Customers rarely notice anything unusual. Messages appear successfully delivered, and service providers continue paying for SMS traffic that often originates from automated bots rather than real users.
Bad actors manipulate the SMS delivery chain to generate volumes of fictitious One-Time Password (OTP) requests, collecting a fraction of the termination fees that flow through the global telecom network with each message sent.
As digital platforms expand across high-growth regions, such as Middle East and Africa, and Southeast Asia, fraudsters are targeting the complex network of aggregators and telecom operators that power OTP delivery, turning a routine security feature into one of the telecom industry’s most expensive hidden vulnerabilities.
The amounts per transaction are negligible but aren’t aggregated across millions of synthetic requests.
AIT Hijacks OTP’s Delivery Chain
Every OTP appears simple to the user, but behind each authentication request lies a complex delivery chain. This web involves aggregators, sub-aggregators, mobile network operators, and ultimately, the recipient’s device.
For businesses, each fraudulent request represents money spent on authentication traffic that generates no legitimate user activity, transaction, or account verification.
AIT fraud cost brands $1.16 billion in 2023. X reportedly lost $60 million per year to AIT alone. From 2022 to 2024, the cumulative impact of AIT has been estimated at around $2.4 billion.
These are not small platforms with weak security teams, but companies with world-class engineering infrastructure, and the reason AIT survived at this scale is structural, not technical.
Why Your Dashboard Will Not Show It
This is the part that catches most engineering and product teams off guard.
AIT fraud is typically less visible to consumers and end users than other forms of fraud because the messages exist within the broader SMS ecosystem and do not end up as spam messages on consumer devices.
That invisibility is precisely what makes AIT so costly. Unlike spam campaigns or account takeovers, fraud often hides within what appears to be normal messaging activity.
Your delivery reports show messages as sent, and your aggregator confirms it. Yet, your conversion rate drops quietly. Brands typically spend valuable time and resources investigating their SMS operators, app development stack, payment gateways, and acquisition channels before realizing it is fraud, compounding the financial damage.
The signal is there if you know where to look. If your normal OTP conversion rate drops from 70% to 50% in a single month with no other explanation, fraudulent traffic is likely inflating your send volume without any real follow-through.
Where AIT Hits Hardest
AIT does not affect all markets equally. Africa has the highest concentration of high-risk markets, followed by Asia, the Caribbean, Asia-Pacific (APAC), Middle East and North Africa (MENA), and Commonwealth of Independent States (CIS). These are also, not coincidentally, the markets where the largest platforms are growing fastest. Ride-hailing apps scaling in Southeast Asia. Crypto exchanges expanding into MENA. Fintech platforms process remittances across Africa and South Asia.
Studies indicate that AIT accounts for 5% up to 40% of all international Application-to-Person SMS (A2P SM) traffic, with the proportion varying by region. At the high end of that range, for every ten OTPs your platform sends in a high-risk market. Four of them may be funding fraudsters.
The financial exposure is compounded by sharply rising SMS costs. Between 2020 to 2024, the average cost to send an international SMS leapt by over 85%. Every fraudulent message costs way more today than it did a few years ago.
The Aggregator Layer’s Where It Lives
This is the part of the conversation that most aggregators prefer not to have.
AIT fraud concentrates in the aggregator layer because that’s where platform visibility ends. When you contract with an aggregator, you only see your final delivery rate. You do not see the route your messages travel, the operators involved, or the hidden parties collecting revenue shares along the way.
Direct operator connections fundamentally change this equation. When a platform routes OTPs directly to Tier 1 carriers without intermediaries, the delivery path is shorter, visibility is complete, and the surface area for AIT fraud is removed at the source. These direct connections eliminate grey routes and block fraud from entering the communication channel.
The impact of switching is measurable. A major last-mile delivery company using automated blocking rules discovered that AIT had inflated their traffic to 2.7 times its actual volume. Switching allowed them to achieve an immediate 70% reduction in global SMS verification attempts.
Three Questions Every Platform Should Ask Their Messaging Provider Today
Before auditing your OTP infrastructure, start with your provider. The answers to these three questions will tell you most of what you need to know.
- Are you a direct aggregator with your own operator connections, or are you reselling capacity through a third party?
The answer determines your delivery reliability ceiling and your AIT exposure. A reseller cannot give you full visibility into the route your OTPs travel because they do not own it.
- Can you show me my OTP conversion rate by market, broken down by operator?
A sudden drop in a specific country, without a corresponding change in user behavior, is the clearest early signal of AIT. If your provider cannot produce this report, you are operating blind.
- What does your route look like in APAC, MENA, and Africa specifically?
These are your highest-growth markets and your highest AIT risk markets simultaneously. Generic global coverage claims are not enough. You need to know the specific operators your OTPs reach in each country and who else is in the path.
Cost of Doing Nothing
AIT is not just a fraud problem. It is a product problem. Bots triggering fake OTP requests inflate your registration numbers, distort your conversion data, and send your engineering and product teams chasing problems that do not exist.
Over 50% of telecom service providers expect SMS fraud to increase in 2025. Total SMS traffic is expected to fall by 25.9% between 2024 and 2029, partly as a direct consequence of AIT eroding platform trust in the channel.
The platforms that will continue using SMS for authentication at scale are the ones that have cleaned up their delivery chain, removed the intermediary layers where fraud concentrates, and established direct operator relationships in the markets where it matters most.
In an economy dependent on digital authentication, AIT costs extend beyond wasted SMS spending, distorting performance metrics, undermining channel trust, and causing companies to make business decisions based on fake activity. Platforms addressing this at the source gain clearer customer visibility as the rest will keep paying for traffic that only creates the illusion of growth.
Inside Telecom provides you with an extensive list of content covering all aspects of the Tech industry. Keep an eye on our Press Releases section to stay informed and updated with our daily articles.
