In November 2017, I presented on the risks of Missing Trader VAT Fraud (MTIC), at the excellent AFRAGS 2017, the Araxxe Seminar in Lyon.  During the event, whilst I was listening to a case study and discussion on Interconnect Fraud Detection, I heard something a couple of things about bypass which sent shivers down my spine.  I can’t give you an exact quote, but the first was along the lines of:

“Because of net neutrality, Viber to Viber is OK”

What does that mean?

OK, let’s break this down.  Net neutrality is a big and complex subject and I’m not an expert, but I can explain the basics.  Let’s start with a summary from Wikipedia:

“Net neutrality is the principle that Internet service providers must treat all data on the Internet the same, and not discriminate or charge differently by user, content, website, platform, application, type of attached equipment, or method of communication.”

Net neutrality principles also apply to Telcos.

Viber provides cross-platform messaging and VoIP (voice over IP) communications services.  Viber is a vociferous supporter of net neutrality and the telcos are often portrayed as anti-competitive and anti-neutrality.  Telcos started to get twitchy about net neutrality when Regulators began issuing fines for restricting access to competing communication services.  ‘Restricting access’ included both blocking access and ‘throttling’, i.e. providing reducing data speeds.   Consequently, many operators have, understandably, adopted a very cautious approach to apparent net neutrality issues.

It’s now widely accepted that individuals can use telecoms services to access whatever telecoms service provider they wish.  And, in turn, this leads to the idea that, “because of net neutrality, Viber to Viber is OK”.  But is that always right?  To answer that, it’s necessary to have a basic understanding of international interconnect bypass.

Bypass 1.01

Originally, international bypass meant the use of SIMboxes, also known as GSM gateways.  Where the mobile to mobile or ‘on-net’ rate was less than the international termination rate, bypass operators made their margin by using local SIMs to terminate international traffic to mobile customers – see example below.  You can find out more about SIMboxing here.

Simple SIMbox bypass

Fig 1-1 Simple SIMbox example

The next evolution was the arrival of ‘OTT bypass’.  Apps from Viber, Google Messenger, Skype, etc., allowed mobile users to communicate with each other via VoIP connections.  These became known as ‘over the top’ (OTT) services because they were established over the top of services provided by existing communication service providers.  OTT VoIP services establish connections using the data bundles purchased from the customers’ communication service providers.  This is the ‘Viber to Viber is OK’ scenario.  However, Viber also set itself up as a carrier and used its capability to bypass mobile operators by terminating non-Viber PSTN (Public Switched Telephone Network) traffic via the Viber apps on user’s mobiles – see example below.

International OTT bypass

Figure 1‑2 OTT Bypass example

The legal and regulatory response has varied from country to country, but the majority of Telcos agree that PSTN (Public switched telephone Network) to Viber is bypass and it’s not OK.  In fact, Viber became a byword for OTT bypass.

Bypass 2.01

OK, so let’s assume you’re a bypass operator.  Wouldn’t it make sense to combine the SIMbox approach with the OTT technology? – see diagram below.

OTT Fusion bypass

Figure 1‑3 Example ‘Bypass Box’

Previously, the SIMbox emulated a mobile device, using multiple SIM cards to terminate international calls on voice channels.  So why couldn’t a ‘bypass box’ run device emulation to support multiple OTT apps?  This would provide multiple bypass channels via the mobile data network; you could compete with Viber using its own app!  I wonder how they’d like that kind of disruption?

The Second Shiver …

During the discussions around OTT bypass, one mobile operator advised that it had experienced such problems with OTT bypass that it had signed a deal with Viber.  According to that operator, this made financial sense as it received more interconnect revenue after the deal.  To me, this sounds like a deal with the school bully, which allows you to keep more of your lunch money.  However, I’m making a personal judgement without knowing all the circumstances so maybe it’s a positive, innovative solution and I’ve misunderstood it.  If your Telco has done this type of deal, please contact me in confidence and I’ll share your reasoning anonymously.

Is it time for a re-think?

It’s generally accepted that using OTT for person-to-person communication is OK.  But traffic terminated with a bypass box just appears to be person-to-person communication.  So maybe Viber to Viber is not OK?

You aren’t going to find this if you’re not looking, so check:

  1. Does anyone monitor your app-to-app volumes and have you ever considered that they may not be person-to-person communication?
  2. Do you have OTT bypass detection in place and is it monitored and acted upon?

And why stop there?  Take a fresh perspective on other established assumptions and make 2018 your year of the re-think.  You might surprise yourself.



This article first appeared on in February 2018