Telstra first out of gates in Australia with anti-fraud APIs for network

Telstra is the first Australian telco to go live with the GSM Association's Open Gateway, to deliver application programming interfaces (APIs) for customer protection and information sharing between operators.

Initially, Telstra has gone live with the Number Verification API in Australia.

This network feature silently confirms that subscribers' phone numbers match the numbers registered with their mobile providers, during logins or user transactions.

It works without requiring a short messaging service (SMS) password being sent, which is considered to be insecure and a poor user experience.

In essence, Number Verification replaces text messages with challenge and response codes with network layer authentication checks, which the user never sees.

GSMA's Open Gateway map has marked Telstra as implementing Simple Edge Discovery (getMECPlatforms), and SIM SWAP APIs as well.

A Telstra spokesperson told iTNews that it and Optus are participating in the GSMA Open Gateway industry wide initiative, to accelerate work to make CAMARA standard network APIs more widely available in the Australian market.

CAMARA is an open source project supported by the Linux Foundation, with global partners, one of them being Telstra, along with several other global telcos and technology providers.

The effort is starting with scam and fraud prevention APIs, the spokesperson said.

"Late last year Telstra released its first two Network APIs (Number Verification and SIM Swap) to Aduna Global," the spokesperson said.

"This step made basic network signals available as APIs so verified developers can build new experiences on top of our infrastructure," the spokesperson added.

Optus is working with Telstra and other industry partners to supply common network APIs under the GSMA Open Gateway initiative, a spokesperson for the telco told iTNews.

"This is a major step in making available standardised, network‑level capabilities such as fraud prevention and secure digital authentication in the Australian market," the spokesperson added. 

Optus said there is more to come on the collaboration with Telstra in the next few weeks.

As for competitor TPG Telecom, it is adopting a wait-and-see position for the GSMA APIs.

"We’re closely watching developments like GSMA Open Gateway, but our priority right now is delivering practical, locally‑focused scam prevention measures that will have the biggest impact for Australian customers," Amelia Limbrick, TPG's senior customer security, fraud and scam governance manager told iTNews.

"We’re actively engaged in cross‑industry collaboration on scam intelligence, and we’re progressing a range of local initiatives to lift scam awareness and prevention, including our work with Apate, preparations for the SMS Sender ID framework, and the introduction of the Scams Prevention Framework," Limbrick added.

Across the Tasman, New Zealand telcos Spark, One NZ and 2degrees have all signed up for the GSMA Open Gateway.

They will implement the APIs for Number Verification and SIM Swapping, both of which are expected to launch later this year.

Brazil's three telcos were early movers on Open Gateway APIs in 2023.

Claro, TIM and Vivo/Telefónica launched Number Verification, SIM Swap and Device Location Verification at that time across themselves.

Indonesia's Telekomsel, Indosat Ooredoo Hutchinson and XLSmart have formed an Open Gateway Alliance with six different API types, adding Device Swap, OTP Validation and KYC Match among the three telcos.

Device Swap and OTP Validation are both anti-fraud measures; the former detects if a mobile number has recently been associated with a new handset, to address account takeovers; the latter manages delivery and validation of one-time passwords via SMS, with telcos acting as trusted intermediaries.

KYC or Know Your Customer Match can be used to identify enterprise customers against operator records, to verify that they are who they say they are, without exchanging personal data.

Some APIs require 5G, others work on 4G as well

Of the APIs, a Quality on Demand API requires 5G Standalone (SA) Mode network slicing capabilities to provide guaranteed bandwidth for an application in real time.

QoD is aimed at drone, robotics, and augmented reality (AR) use cases.

Simple Edge Discovery, meanwhile, requires 5G multi-access edge compute (MEC) nodes deployed with cellular base stations, for the API to work.

Device Location works with 4G, but provides better accuracy on more granular 5G networks.

Similarly, the Population Density Data API works better with more granular 5G networks.

Other Open Gateway APIs such as the most commonly deployed SIM Swap and Number Verification ones function on 4G as well as 5G.

Over 300 mobile networks covering around 80 percent of global mobile connections have signed up for the Open Gateway, according to GSMA.

Telcos around the world have long been concerned about becoming "dumb pipes" with third parties providing services to their subscribers, so called over-the-top (OTT) operators, which then take the lion's share of revenue.

In light of that, GSMA's Open Gateway can be seen as an attempt at adding smarts to operators' networks, and also to monetise their 5G service offerings.