A Global Internet Phenomena Spotlight
Zero-rating is a data offering that enables unlimited usage of one or many applications, services, or websites, for a fixed (or zero) price. This approach is often used by CSPs to differentiate their services and stand out from the competition while providing a valuable benefit to subscribers.
Recently, a small percentage of subscribers have begun to exploit zero-rated websites and applications by using a technique known as HTTP header injection. This fraudulent behavior is accomplished by using smartphone applications that masquerade non-zero-rated traffic as if it is sourced from a zero-rated site, allowing a subscriber to avoid related charges.
Sandvine’s Global Internet Phenomena Spotlight: Zero-Rating Fraud explores this issue in detail and contains a number of revelatory facts, the highlights of which include:
- On a tier-1 operator’s 2G and 3G network, subscribers suspected of using HTTP header injection to commit fraud averaged 805MB of usage each month. This is more than 300% higher than the 2G and 3G network subscribers’ mean monthly usage.
- While only 1% of subscribers are suspected of committing fraud, they were responsible for 140 TB of total network traffic in a single month. The operator of this network believes zero-rating fraud could be responsible for 10% of total network traffic.
- The traffic composition of the suspected fraudulent traffic was very similar to the traffic composition of the region, with over 30% of the traffic being for the social applications Facebook, WhatsApp, and Instagram
- Left undetected, the zero-rating fraud could cost the operator examined more than $7M USD each month, based on the average cost of data for their pre-paid plans