Skip to content

Shush Blog

Eddie DeCurtis

Eddie DeCurtis
Eddie DeCurtis is a visionary leader with over 30 years in the telecom industry, passionately dedicated to helping businesses and people thrive through innovative network solutions. As the Co-Founder and CEO of Shush, Eddie is committed to reducing mobile fraud and unlocking new revenue opportunities for mobile network operators worldwide. Throughout his extensive career, Eddie has held leadership roles at Sekura.id, Mavenir, and LivePerson, where he built strong relationships with the world's largest communication operators.
Find me on:

Recent Posts

Open Letter to Telecommunications Industry

Posted by Eddie DeCurtis on December 3, 2024 at 7:45 AM

 

Dear Colleagues in the Telecommunications Industry,

The telecommunications landscape continues evolving after the “launch” of RCS and the continued interest in Network APIs. We must recognize and capitalize on the rapidly expanding opportunities before us as industry leaders. According to recent research from S&P Global, the market for network authentication is currently valued at $12.6 billion in 2024. This presents a significant window for mobile network operators (MNOs) to enhance their revenue streams, particularly by leveraging Anti-Fraud APIs, which account for the lion's share of this opportunity—97% of revenue in the S&P Global Market Intelligence Report.

However, the current state of Network API readiness shows that we are not moving fast enough. Only 5% of MNOs worldwide have partially deployed network APIs. While the other 95% would like to deploy Network APIs to the market, MNOs are being led to believe they need to prioritize 5G network infrastructure investments, thus delaying ROI for years. Much of this delay can be attributed to pressure applied by the OEM to purchase additional network components that are unnecessary for deploying Anti-Fraud Network APIs.

The GSMA has been leading the standardization of APIs and bringing the MNOs and industry together, but these efforts are insufficient to address MNOs' hesitation. This lack of action, at no fault of the MNOs, is causing an imbalance of supply and demand as brands, financial institutions, and enterprise developers are clamoring for Network APIs to secure their mobile-first brand experiences.

At Shush, our concern is that without some dramatic change, Network APIs will follow the slow and lackluster growth of RCS over the last few years.

Those who do not learn from the past are doomed to repeat it. The industry can look back at the missteps in the much-delayed adoption of RCS. The delayed adoption of RCS offers a valuable lesson for the telecom industry. RCS was poised to revolutionize messaging but was held back by slow carrier rollouts, inconsistent global support, and a fragmented approach to implementation. These missteps allowed over-the-top (OTT) messaging platforms like WhatsApp and Facebook Messenger to dominate the market. MNO suffered from this by purchasing new equipment to support P2P/A2P RCS with no business case.

At Shush, we know that MNOs already have the infrastructure required to start monetizing Network APIs if the correct APIs are prioritized. Two types of Network APIs are available today - Anti-Fraud APIs (which we call Network Authentication APIs) and NaaS (Network-as-a-Service) APIs like MEC, Network Slicing, QoS, and QoD.  The following three points need to be considered by all MNOs planning next steps with Network Authentication APIs.

  • Revenue Opportunities. S&P Global Market Intelligence has published a study that shows 97% of current Revenues from Network APIs come from Anti-Fraud APIs, while only 3% are from NaaS APIs.
  • Purchase Additional Network Equipment.  Exposing Anti-Fraud APIs to the market requires no new Network Elements, while NaaS APIs require several new, expensive Network Elements. Industry estimates suggest that Mobile Network Carriers must invest an additional $40 billion in new equipment and software to implement Network-as-a-Service (NaaS) solutions.
  • Time to Market.  Carriers can start exposing Anti-Fraud APIs quickly since no additional network elements are needed, while Carriers will have to wait 18 months to 2 years before delivering NaaS APIs if not already installed.

Shush is bullish on Network APIs as we focus only on Anti-Fraud APIs for Mobile Network Operators, which are directly linked to revenue and require no additional network investment.  

Furthermore, Shush brings the other three elements an MNO needs to be successful in the space: (1) a Monetization Platform, (2) Integration services from your network to the Monetization Platform, and (3) Business Operations that care for Privacy, limits liability, pricing guidance for the APIs, and contractual experience to connect to the Demand ecosystem. These three elements make up the core foundation of a Network Authentication business - not just another OEM box. At Shush, we are dedicated to building a successful Network Authentication business for each of our MNO clients. 

The time to act is now. By embracing the next generation of network authentication solutions, we can lead the charge toward a more secure, efficient, and profitable future.

I welcome the opportunity to discuss this in greater detail and explore how Shush Inc. can partner with your organization to drive this innovation forward.

Sincerely,
Eddie DeCurtis
Co-Founder & CEO, Shush Inc.

 

Supporting Data from S&P Global Market Intelligence

 

Tags: Blog Post

Network Authentication Playbook: Best Practices

Posted by Eddie DeCurtis on August 27, 2024 at 10:14 AM

The Growing Challenge of Network Authentication

If you’re a professional, expert, or product leader at a mobile network operator (MNO), you’ve probably been losing sleep over network security lately. With the rise of sophisticated cyber-attacks, keeping your network safe has become a top priority.  The rise of SIM swap attacks should be particularly concerning to Infosec leaders at MNOs. But it’s not just about security anymore—it’s also about customer trust, experience, and staying ahead in a competitive market. 

This article will walk you through the best practices for network authentication, offering practical, actionable insights that you can start applying today. Plus, we'll explore how integrating a solution can streamline your efforts, making your job easier and your network more secure.

Market Landscape: Trends and Challenges in Network Authentication

Network authentication has never been more critical. As mobile devices become the primary method for users to access banking, ride-sharing, crypto trading, social media, and enterprise apps, the need for robust authentication mechanisms has skyrocketed. Add to that the fact that cyber threats are evolving at a breakneck pace, and you’ve got a recipe for sleepless nights. 

One of the most significant challenges MNOs face today is the threat of SIM swap attacks. These attacks, where fraudsters hijack a user's mobile number by tricking the carrier to transfer the number to a new SIM card, have become increasingly common. 

Just recently, several high-profile cases hit the news where consumers lost thousands of dollars because of SIM swap fraud. One recent high-profile SIM swap fraud attack occurred in Toronto, where ten individuals were arrested on August 1, 2024. This case involved over 1,500 compromised cellular accounts, leading to more than $1 million in losses. 

The investigation, dubbed “Project Disrupt,” began in June 2023 and uncovered widespread fraud that affected telecom companies, financial institutions, and individual consumers.

It’s clear that the stakes are high, and the need for secure, reliable network authentication is more urgent than ever. Recently in the United States, the Federal Communications Commission  (FCC) has taken steps to thwart future SIM swap attacks with a federal mandate. At the November 15, 2023, Open Meeting, the FCC adopted a Report and Order implementing new rules to protect cell phone consumers from SIM swap and port-out fraud, two practices that bad actors use to take control of consumers’ cell phones. This new order requires all MNOs in the US to disclose their secure authentication methods to the committee by July 8, 2024. 

On the bright side, emerging technologies and standards are offering new ways to enhance network security.  Silent Authentication, which uses network attributes that only the MNOs possess, offers a new way of confirming the mobile device requesting access to a third-party service is under the control of the rightful owner, not a fraudster.   

 

Screenshot 2024-08-27 at 9.54.14 AM

Authentication in Network Security: Why It Matters and Common Threats

Network authentication is the first line of defense in keeping unauthorized users out of your network. It’s how you ensure that the person or device trying to access your network is who they say they are. But as important as it is, authentication is also one of the most challenging aspects of network security to get right.

Let’s talk about some of the most common threats:

  1.   SIM Swap Fraud: As mentioned earlier, this type of fraud has been on the rise, causing significant financial losses for consumers and headaches for MNOs.
  2.   Phishing Attacks: Despite all the warnings, phishing remains a major problem. Fraudsters trick users into giving up their login credentials, which they then use to gain unauthorized access to networks.
  3.   Credential Stuffing: Hackers use lists of stolen usernames and passwords to gain access to multiple accounts, taking advantage of the fact that many people reuse passwords across different services.

These threats are constantly evolving, which means your authentication methods need to be adaptable and resilient.

Strategic Framework: Implementing Network Authentication

To effectively implement network authentication, it’s crucial to develop a strategy that’s both comprehensive and flexible. Here are some best practices to keep in mind:

  1. Silent Authentication - This method is the flagship of network authentication use cases. It provides a complete, seamless, and silent authentication process. In this flow, the mobile device IP address is confirmed mutually between the mobile app publisher and the MNO. If the IP address matches, then device ownership is confirmed and the transaction should proceed. 
  2. SIM Swap - When a bank or other institution needs to confirm the device receiving an SMS 2FA code belongs to the rightful owner of the device, a SIM Swap date check greatly reduces the chance of fraud. If the result of this inquiry shows that the SIM has been reseated within the last 24/48/72 hours, it’s very likely that the device has been compromised. 
  3. Device Status - The MNO has valuable information regarding the activation, billing and operational status of the device. This request provides a critical assessment of the status of the mobile device. This request confirms the device has not been reported as lost, stolen or is in a blocked state.
  4. Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring users to verify their identity through multiple methods, such as an OTP code sent over SMS. However, it is critical that this isn't the only security method used.
  5.  Zero Trust Architecture: In a Zero Trust model, no one inside or outside the network is trusted by default. Every request is authenticated, authorized, and encrypted, regardless of where it originates.
  6. KYC validation - Network admins should integrate KYC validation into user onboarding and ongoing authentication processes by using automated systems for identity verification and document validation. It's essential to comply with relevant regulations, ensure data security through encryption and access controls, and maintain clear communication with users about the KYC process. Regular audits and updates are crucial for staying compliant and secure. Finally, having a plan for detecting fraud and responding to data breaches is vital.
  7. Regular Audits and Updates: The threat landscape is always changing, so your network authentication strategy should be regularly reviewed and updated to ensure it remains effective.

By following these best practices, MNOs can significantly reduce the risk of unauthorized access and enhance overall network security.

Product Development and Integration: Key Considerations

When it comes to integrating network authentication into your services, there are several key considerations to keep in mind:

  1.   User Experience: As important as security is, it should never come at the expense of the user experience. A clunky, confusing authentication process will frustrate users and lead to higher churn rates. The goal is to make authentication as invisible as possible while maintaining a high level of security. Methods that require zero user interaction should be implemented as a priority. Examples include Silent Authentication, SIM Swap and Device Status.
  2.   Scalability: Your authentication solution should be able to grow with your business. Whether you’re adding new services, expanding into new markets, or dealing with an influx of new users, your network authentication should be able to handle it all.
  3.   Compliance: Different markets have different regulations regarding data security and privacy. Your authentication solution needs to be flexible enough to comply with these regulations, no matter where you operate.

The Best Solution for Network Authentication

At this point, you might be wondering, "How can we implement all this without turning the business upside down?" That’s where Shush comes in.

Shush offers a comprehensive network authentication solution that’s not only secure but also incredibly user-friendly. Here’s what sets Shush apart:

  • Domain Expertise: The Shush Chief Product Officer, Jon Morrow, crafted a best-in-class service within T-Mobile USA over the last several years. He is now at Shush developing a best-in-class cloud agnostics platform deployable within the trusted domain of any MNO.  Shush understands what the market needs from brands and banks to global MNOs . 
  • No Upfront Cost: We understand the capital constraints within MNOs. As a result, Shush bears the costs of the platform, technical integration, and operation - so there are no upfront costs by our partners. In addition to offering our Self-Service Network Auth SaaS solution, Shush offers a Managed Service Model where all operations are handled by our team which allows Network Authentication to become a revenue center versus a capital expenditure.
  • Seamless Integration: Shush Sherlock is designed to integrate with existing API gateways which facilitate authentication, throttling and rate limiting. API gateways facilitate the northbound interactions between Demand partners (CPaaS providers ) and Shush Sherlock platform. Shush Sherlock then integrates with telco-native APIs to retrieve the network elements needed for real-time network authentication use cases.
  • Scalable and Flexible: Whether you’re a small MNO or a large enterprise, Shush scales with your needs. Plus, we don’t charge MNOs to use our technology—we offer a managed service where our team handles everything, from billing to support, to operations.
  • Proven Track Record: Numerous MNOs have successfully integrated Shush into their network security infrastructure. Case studies and testimonials highlight how Shush has helped them enhance their security, reduce fraud, and improve user trust.
  • Compliance-Ready: Shush is designed to meet the stringent security and privacy requirements of any market, ensuring you stay compliant while keeping your network secure.

Red Ring Binder with Inscription Compliance on Background of Working Table with Office Supplies, Laptop, Reports. Toned Illustration. Business Concept on Blurred Background.

Security Protocols: Mitigating Risks and Ensuring Compliance

Mitigating risks is all about being proactive rather than reactive. Here are some tips:

  • Regular Security Audits: Regularly audit your network for vulnerabilities and ensure that your authentication methods are up to date.
  • User Education: Educate your users about the importance of strong, unique passwords and how to spot phishing attempts.
  • Compliance Monitoring: Keep up to date with industry standards and regulations to ensure your network remains compliant.

Marketing and Positioning: Network Authentication as a Value-Added Service

Finally, let’s talk about how to position network authentication as a value-added service.

  1. Highlight the Benefits: Focus on how your network authentication solution enhances security and user trust. Use real-world examples, like those recent SIM swap attacks, to show the importance of robust authentication.
  2.  Leverage Case Studies: Share success stories from MNOs that have successfully integrated network authentication solutions like Shush. These stories can be powerful tools in convincing potential clients of the value of your services.
  3. Communicate Clearly: Avoid technical jargon when marketing your network authentication services. Instead, focus on how they solve real-world problems for your clients.

Final Thoughts

Network authentication is a critical component of any MNO’s security strategy. With the increasing number of threats out there, it’s essential to have a solution that’s both effective and user-friendly. 

Shush offers a proven, scalable, and compliant network authentication solution that takes the hassle out of securing your network. Instead of reinventing the wheel, why not trust Shush to help you protect your network and your users? 

Remember, in today’s fast-paced world, staying ahead of the curve is crucial. By implementing the strategies and best practices discussed in this article, and by leveraging a trusted partner like Shush, you can ensure your network remains secure and your users stay happy.

Tags: Network Authentication, Blog Post