Zero-Rating Fraud

A Global Internet Phenomena Spotlight

Zero-rating is a data offering that enables unlimited usage of one or many applications, services, or websites, for a fixed (or zero) price. This approach is often used by CSPs to differentiate their services and stand out from the competition while providing a valuable benefit to subscribers.

Recently, a small percentage of subscribers have begun to exploit zero-rated websites and applications by using a technique known as HTTP header injection. This fraudulent behavior is accomplished by using smartphone applications that masquerade non-zero-rated traffic as if it is sourced from a zero-rated site, allowing a subscriber to avoid related charges.

Sandvine’s Global Internet Phenomena Spotlight: Zero-Rating Fraud explores this issue in detail and contains a number of revelatory facts, the highlights of which include:

  • On a tier-1 operator’s 2G and 3G network, subscribers suspected of using HTTP header injection to commit fraud averaged 805MB of usage each month. This is more than 300% higher than the 2G and 3G network subscribers’ mean monthly usage.
  • While only 1% of subscribers are suspected of committing fraud, they were responsible for 140 TB of total network traffic in a single month. The operator of this network believes zero-rating fraud could be responsible for 10% of total network traffic.
  • The traffic composition of the suspected fraudulent traffic was very similar to the traffic composition of the region, with over 30% of the traffic being for the social applications Facebook, WhatsApp, and Instagram
  • Left undetected, the zero-rating fraud could cost the operator examined more than $7M USD each month, based on the average cost of data for their pre-paid plans

UPDATED : 2017-04-18 15:32:34