Industry News & Thought Leadership

The GSMA Open Gateway initiative and the CAMARA Project have given Mobile Network Operators (MNOs) a clear path to monetize not only their network assets, but also their customer data, via Network APIs. However, transitioning from being a "pipes" provider to a high-value platform involves significant strategic and operational hurdles.

There are  four fundamental questions for MNOs to evaluate regarding this shift. The answers determine whether they capture billions in new revenue or yield total control to platform partners.

1. Monetization: How do we securely monetize our network data?

Telcos are looking to generate meaningful revenue beyond low-margin connectivity by securely monetizing their customer and network data, but many carriers don’t have the time, capital, personnel, and/or market knowledge to deliver a robust network authentication solution. And most recently, ambiguous technical standards threaten to cede revenue control to hyper-scalers.

The Shush platform, Sherlock, enables a direct-to-market approach with all the necessary facets to operate and manage a Network Authentication API business, brings existing demand partners, and affords carriers a zero cost, zero risk framework with a managed services option, where Shush handles all day-to-day business operations based on carrier guidance. 

This monetization model is designed as a "Business-in-a-Box" for MNOs, ensuring they retain complete control over the revenue stream through:

• Pricing Control: MNOs set the price and access policies for each API.
• Vetted Demand: Shush can bring pre-qualified enterprise and CPaaS demand to the network, as well as support the MNO’s B2B team to sell locally and with an already established eco-system. .
• Secure Billing: Sherlock tracks usage for each transaction, generating the billing data and ensuring the MNO is compensated for every network API call.

The zero cost, zero risk, and managed services model removes all risk away from the MNO, allowing them to realize long-term value without needing to staff a full enterprise sales team for new APIs.

It is important to note that Shush is not an aggregator. Shush sits on the supply side of the ecosystem with the Carriers to empower safe and secure delivery of Network signals to enterprises for fraud prevention. In contrast, Aduna is an aggregator of demand, which is also an important piece of the puzzle and can be partnered with in conjunction.

2. Infrastructure: Is our network ready for scale now?

Advanced NaaS network APIs such as QoD, Network Slicing often require sophisticated infrastructure like 5G Standalone (SA) core, expensive NEFs or SCEFs, or extensive network virtualization. This creates a massive gap between developer demand (which is immediate) and operator capability (which is slow and capital-intensive).

Sherlock is a cloud-native platform - which can be integrated to any backend network - that accelerates time-to-revenue by bridging this infrastructure gap. Built for resilience and scalability, Sherlock integrates with a minimal number of existing network elements This architecture allows MNOs to deliver a robust suite of up to 47 Network APIs, including all 8 stable CAMARA APIs, and works on any “G” - eliminating CapEx and accelerating market entry.

3. Compliance: How do we guarantee PII safety and regulatory alignment?

Exposing core network and customer data functions to third parties heightens scrutiny under strict regional regulations, including GDPR, PSD2, and CPNI (Customer Proprietary Network Information). Balancing agility with compliance is non-negotiable. This is not and cannot be a one size fits all approach. 

The Shush/Sherlock Solution: Compliance is built into the Sherlock platform's DNA. We understand that PII exposure is the carrier’s greatest liability. Unlike ambiguous methods, Sherlock ensures PII (MSISDN) is never shared directly with third-party applications, relying instead on secure, token-based verification (like the GSMA TS.43 ap2015 standard). Furthermore, Shush provides the necessary Business Operations Framework - including vetting processes and localized regulatory guidance - to ensure policy-aligned API delivery without compromising speed.

4. Speed to Market: How fast must we move to capture this opportunity?

The window of opportunity for value creation is narrow. Developers are already building. Operators fear losing relevance if they delay, especially as hyper-scalers and aggregators capture the market first.

The Shush/Sherlock Solution: Speed is Sherlock's core advantage. We provide a “business-in-a-box” that accelerates go-to-market from months to weeks. Our platform, paired with our team of veteran telecom executives who have built these systems before, handles: fast deployment, pre-integrated APIs, operational management, and demand sourcing. By adopting Sherlock, MNOs move from strategy to revenue realization immediately, ensuring they stay ahead of the disruption and capture their rightful share of the API economy.

Ready to get started? Fill out our contact form, email info@shush.pw, or message us on LinkedIn. We look forward to working with you!

As we discussed in our last blog, the time for Network Authentication is now.

MNOs are the only source for trusted network authentication signals for mobile users, and this data is extremely valuable to enterprises trying to protect their consumers from fraud while not negatively impacting the consumer experience.

So, you’re ready to start monetizing your network data.  Now what?

Looking Beyond CAMARA

GSMA Open Gateway is a global framework of common network APIs that simplifies access to mobile operator networks. The Open Gateway northbound service APIs are defined within the CAMARA project.

CAMARA is an open-source project within the Linux Foundation that defines, develops, and tests telco APIs. It works in close collaboration with the GSMA Operator Platform Group to align API requirements and publish API definitions. 

While this is fantastic, we believe that currently only eight (8) of the “mature” CAMARA APIs are truly stable and know that just having APIs or an open gateway doesn’t deliver a network authentication business.

Beyond the APIs

There are three key elements for a successful network authentication business.

1. API & Monetization Platform  

The API Platform must allow carriers to manage pricing and access, not just process API calls. Access to the network information must be secure and not expose any PII (personally identifiable information), and the consumption of the information must be vetted and approved.

2. Network Integration

The API Platform must be securely and precisely integrated into a Carrier API platform and/or network elements, and unnecessary load must not be placed on the network. Only a handful of people worldwide know how to connect to an MNO network.  Our team has decades of experience doing just that, and with a low-code/no-code implementation, you can rest easy knowing that your network team won’t be overtaxed. 

3. Business Operations

Beyond a platform and integration, there are many other elements. Privacy. Security. Scalability. Data Consumption. Contracts. Aggregators. Pricing. Optimization. Maintenance. 24/7 Operation & Support. Each of these entails complexities, which must be carefully considered and addressed.

A Step Above

While other platforms exist in the market, none include all three elements for success or have the depth of experience in their personnel as we do at Shush.

Shush’s Sherlock platform supports all eight of the mature CAMARA APIs for authentication and fraud which we believe are stable, plus 39 others, including being the first platform to support silent authentication via TS.43 EAP-AKA.

Unlocking the code to TS.43, Sherlock is the first platform to establish a new, necessary standard for API Authentication, allowing WIFI coverage for silent authentication. This is a vast improvement and a significant change for the entire industry.

In addition to this monumental breakthrough, Shush delivers MNOs a “business-in-a-box” by providing and managing all components necessary for a successful and profitable network authentication business.

Shush will work with you to deploy the Sherlock platform without additional equipment and at no cost to you. 

Our seasoned telecom professionals will work with your existing network and leverage standard protocols to pull the proper network signals for this service, all in compliance with global data regulations. 

We use our 9-point privacy plan to align with you on all aspects of privacy. Our demand partner agreement templates care for the complexities of API transactions and the data exchanged (these are more involved than SMS agreements). We will review and approve use cases for each demand partner to ensure protected access to data for sanctioned use. 

Based on market trends and platform insights, we will provide ongoing recommendations for pricing optimization. We provide continuous maintenance and support for the platform and API traffic, both northbound to demand partners and southbound to your network.  Finally, with a revenue share model, we manage all the operations and send you a monthly check. 

Sounds too good to be true, but it's not!

Ready to get started? Fill out our contact form, email info@shush.pw, or message us on LinkedIn. We look forward to working with you!

The Value of Network Authentication for Enterprises

As we stated in our last blog post, the fraud landscape is constantly evolving with the increasing sophistication of criminals. This presents ongoing challenges for enterprises to protect their business and customers from nefarious actors.

Tides of Change

Around the world, there is a notable shift happening in how security and authentication are approached. Two-factor authentication has been a leading option to protect accounts for many years. It provides an extra layer of security by requiring users to provide two different forms of identification. This is often a password and a code (OTP or one-time password) sent to a user’s mobile device or email (shudder again!).

While effective for a long time, the tides are changing, and a wave of innovation in authentication is developing to keep pace with evolving threats. This is driven by the need to combat increasingly sophisticated fraud and deliver a more seamless user experience. In some areas of the world, financial institutions are encouraged to eliminate weak authentication methods, including SMS and email one-time passwords.

Security & Authentication

Network authentication via telco APIs becomes increasingly valuable as security and authentication methods change. It provides a more secure means of authentication by verifying user identity through their mobile network. This helps protect accounts from unauthorized access and evolving fraud techniques, safeguarding brands and their reputations in today’s digital world.

Network authentication is a foundational element of mobile operations, acting as a crucial barrier to verifying the identity of users and devices and preventing unauthorized access to a carrier network. Preventing unauthorized access reduces the attack surface and makes it more difficult for cybercriminals to exploit vulnerabilities.

In the interest of fraud prevention, most global regulations allow carriers to expose access to specific network elements for authentication to 3rd party enterprise applications, often with a simple update to privacy language and without explicit user consent. 

The key here is that access to the information must be secure and not expose any PII (personally identifiable information).

Value Beyond Security

Strengthening authentication practices is crucial for brands to ensure robust security and fraud prevention, and demonstrating a strong commitment to user data protection. It's not just about keeping the bad guys out and stopping fraud; it's also about showing customers you care about their data. When people know you're serious about protecting their info, they're more likely to trust you and feel good about sharing things online.

Let’s also discuss account access. Logins should be smooth and easy. Network authentication helps make that happen, providing seamless verification without requiring users to enter PINs or OTPs. Seriously, who has time for clunky logins and OTPs these days when everyone expects things to work instantly? Reducing friction is key to keeping people happy.

So what are you waiting for?

Still on the fence about Network authentication? It's a must-have for any brand wanting to keep things safe—think assets, customer info, the whole shebang. It's your primary defense against fraud; honestly, it makes your customers feel they can trust you. That trust? It builds loyalty. It's a win-win for your brand's good name and keeping people happy.

To learn more about how you can access this powerful data for your fraud prevention practices, fill out our contact form, email info@shush.pw, or message us on LinkedIn. 

The Value of Network Authentication for MNOs

Fraud & Cybercrime is the third largest global economy after the US and China. This is mind-blowing!

As we are all painfully aware, the fraud landscape is constantly evolving with increasing sophistication from criminals. This presents ongoing challenges for enterprises to protect their businesses and their customers from nefarious actors. On the flip side, it also opens the door to an opportunity for Mobile Network Operators to help. 

Global Shift

Global SMS revenues are declining, and SMS OTP volumes continue to drop year-over-year, being cannibalized by over-the-top providers (like WhatsApp), authenticator apps, and even email (shudder!). At the same time, fraud continues to rise, and enterprises are looking for more secure authentication methods that address increasingly sophisticated fraud without negatively impacting the customer experience. 

Meanwhile, a shift towards digital identity represents a significant business opportunity for MNOs to re-establish themselves as players within the digital ecosystem.

Where to Start

MNOs are uniquely positioned to provide better fraud prevention alternatives to enterprises, while adding a new revenue stream, but often lack the time, money, people, or market knowledge to deliver a robust network authorization solution.

Additionally, MNOs are unsure where to start with Network APIs. First, let’s define them.

Network APIs allow applications to send requests to network services via predefined endpoints within the network infrastructure to retrieve or manage the requested data, offering seamless integration between different services and applications.

There are only two types of Network APIs.  NaaS APIs used for enhanced communication services like edge computing, network slicing and Network Authentication APIs used for fraud prevention. 

Network Authentication is a Carrier service that passes network signals to Enterprise applications so they can assess whether a user still has control over their device. These unique and differentiated network signals include Silent Authentication, SIM Swap, Roaming, Port-Out, Device Status, and Account Status indicators. Enterprises that receive these real-time values then independently assess the risk of letting a user into a digital account. Major US Banks have been using Network Authentication services for years at scale to thwart mobile fraud.

The Time is Now for Network Authentication APIs

Market studies show that the value of network APIs will reach US$34 billion by 2030, with nearly half being attributed to Subscriber Identity (Network Auth) APIs.

In the short term, network authentication APIs capture 97% of the current $12B+ API market opportunity.

The market exists today for Network Auth APIs, while other API markets are still under construction. NaaS APIs (like QoD) are in the nascent stages of commercial availability and market adoption. 

Of course, there is value in NaaS APIs, but the time is now for Network Authentication. 

Are you unsure how to get started?  We’d be happy to help. Fill out our contact form, email info@shush.pw, or message us on LinkedIn.