API Dashboard
Vonage.com
Pricing
Support
Documentation
Blog
Code Hub
View All docs
Fraud Defender
Overview
Technical Details
Guides
AIT Protection
Fraud Alert Actions
Alerts
Fraud Defender Dashboard
Proactive Traffic Rules
Release Notes
Related Blog Posts

AIT Protection

AIT - Artificially Inflated Traffic - attacks occur when threat actors use bots and automation to generate large volumes of fake or fraudulent traffic.

Often, the threat actors' goal is injecting traffic to high-cost destinations, leading to financial costs for your organization, or sending SPAM/Phishing to cause reputation and compliance issues.

Vonage AIT Protection monitors your SMS traffic in real-time. Depending on the protection level you select, potentially fraudulent traffic will be automatically blocked or a Fraud Alert will be raised for you to review.

AIT Protection Levels

AIT protection allows you to define a Global Protection Level and set up custom levels on a per country basis. The ‘High’ protection level is the most aggressive; ‘Standard’ protection blocks only high-risk traffic lowering the risk of false positives, and by selecting ‘None’ Fraud Alerts will be raised for you to review, but will not automatically block traffic. Below are further details about the different AIT protection levels.

AIT Protection Overview.png

None

When ‘None’ is selected, potentially fraudulent traffic won't be automatically blocked. A Fraud Alert will be raised once the protection detects risky traffic. Fraud Alerts will be shown in your Alerts section. Once you have assessed the Fraud Alert you can increase the protection level to start blocking traffic, or place manual blocks through Traffic Rules. Keep in mind that, to receive email notifications when a Fraud Alert is raised, you need to have an Alert Action established.

Standard

The ‘Standard’ protection is less sensitive and reduces the risk of false positives, but it may not block traffic in some cases if the phone number is considered as lower risk of International Revenue Share Fraud (IRSF).

High

With the ‘High’ protection level, the system will block the traffic more aggressively if the destination phone number is quite close to other similar phone numbers with a higher risk of fraud. Please be aware that it may lead in some situations to false positives (i.e. there might be a match for valid phone numbers within a fraudulent range).

How to enable AIT protection

Protection is disabled by default and should be enabled explicitly via the dashboard our API. Please note that, for now, you can enable it only for Vonage SMS services. You can configure global protection (all countries) and override per country, as required.

1. Dashboard

From the dashboard, the 'Traffic rules' panel contains the 'AIT protection' section.

Dashboard AIT protection

Click 'Review' to see the AIT Rules page.

AIT standard config

Move the 'Enable' toggle to activate the configuration. This configuration will apply to all countries. In the following example we have enabled the ‘Standard’ protection level:

AIT standard config

Select the 'Edit' button to configure the desired protection level (High, Standard, None) and add exceptions for different countries (if needed):

AIT exception countries
AIT countries config created

2. API

The same steps can be done via the API. For example, I want to create AIT protection configuration with Standard protection level for all countries and add exceptions for some of them:

PUT
https://api.nexmo.com/v0.1/fraud-defender/configurations/protections/ait/sms

The API requires you to provide a country code in ISO 3166 format.

How to get AIT alerts

Even if you configure "AIT protection", in certain countries you may observe that traffic is not being sufficiently blocked due to your protection settings. Alerts are the way to warn you and allow you to consider increasing or decreasing your protection level.

Steps:

  1. You will need to provide and set up your fraud notification email address. This will be the email through which you receive all alerts. You can do this from the Notifications tab under API Settings page.
  2. Go to the Alert Rules tab and create a new rule with Alert type: AIT Protection. If the AIT protection shows an "Upgrade" button, that means you are not enrolled. It is necessary to contact support to activate the protection. You can then choose a product type, threshold, time interval, and notification type.

For example, I want to be notified after AIT protection recognizes three phone numbers from one country as high risk during a one-minute period.

Configure Fraud Alert rule

The created rule will be displayed in Alert rules page.

Fraud alert rules

You can also turn off notifications by selecting "Don't notify me" in the Actions field. You will still see alerts in the Alerts view, but you won't receive email notifications.

Switch off notifications

Navigation

AIT Protection
AIT Protection Levels
How to enable AIT protection
1. Dashboard
2. API
How to get AIT alerts