Good revenue, hidden risk: the calling card operator's ticking clock
Many calling card operators are still making real money. Specific corridors — UK to South Asia, US to Latin America — carry substantial traffic and generate consistent revenue. The problem is not the commercial picture. It is the legacy on-prem platform underneath it, quietly accumulating risk that the revenue hides.
The global international calling market is still worth around $1.7 billion in commercial operator revenue. Diaspora-driven corridors — South Asia, Latin America, West Africa — continue to carry meaningful traffic volumes. The operators serving those communities have not lost their customers. They are not obviously in trouble.
That is precisely what makes the platform risk hard to see. When calls are going through and revenue is arriving, there is no obvious signal that something is wrong. The legacy on-prem platform installed a decade ago keeps running. The invoices keep going out. The team manages. And underneath all of that, the risk accumulates on its own timeline — not the operator's.
The question is not whether the business is working. The question is what happens when the platform stops.
What the clock going off looks like
The risk does not build gradually toward a visible threshold. It builds silently, and then resolves suddenly — in the form of one of the following.
Hardware failure on no notice
On-prem servers running a calling card platform are not replaced on a schedule — they run until they fail. A platform that has been live for ten or fifteen years may be running on hardware that was already ageing when it was installed. There is no warning before a failure, and there is no cloud failover. When it goes down, the service goes down with it, and the recovery timeline depends entirely on what spares are available and what the team still knows about the configuration.
A security incident on an unpatched platform
A platform that cannot be safely updated accumulates unpatched vulnerabilities. The longer it runs, the larger that surface becomes. A breach on a prepaid calling platform is not just a service disruption — it is access to PIN databases, customer balances, CDR history, and carrier credentials. These are assets that attackers specifically target. The firewall rules added over the years slow things down; they do not change the underlying exposure.
A fraud wave the platform cannot cap
Calling fraud evolves faster than an unpatched platform can respond. If the velocity limits, concurrency caps, and balance controls cannot be updated because any change to the platform carries operational risk, the defences are fixed while the attack patterns move. A single PIN compromise on a platform that cannot enforce real-time cut-off can drain significant balances before anything triggers a manual response.
Vendor support that is no longer there
Many of the platforms that were installed in the 2000s and early 2010s are now supported by vendors who have moved on, been acquired, or deprioritised that product line. Support contracts that looked reassuring when signed may deliver slow responses, no patch availability, and no roadmap. The operator is effectively self-supporting a platform they did not build, on infrastructure that has no upgrade path.
A regulatory or audit event
CDR retention obligations, anti-fraud reporting, and data protection requirements have all tightened since most legacy calling card platforms were designed. Responding to a regulatory request or audit on a platform where CDRs are stored in a proprietary format, queried through tools only two people understand, and retained on hardware that may be failing is a significantly harder problem than the underlying compliance question itself.
Revenue complicates the decision
A struggling operator has obvious pressure to act. A profitable one does not — which is the more dangerous position. The revenue produces a confidence that the platform is not currently earning. The case for migration has to compete with a business that appears to be working, which makes it easy to defer indefinitely.
But the market data also contains a warning. International voice traffic has been declining at 6–8% per year since 2014, and those rates have been accelerating. OTT apps now account for more than two-thirds of international call volume. The corridors that remain commercially viable are a smaller and more concentrated set than they were. The operators who wait for an obvious reason to act may find that the revenue and the option to migrate on their own terms both disappear around the same time.
An unplanned migration — forced by a hardware failure, a security incident, or a regulatory event — is always more expensive, more disruptive, and less controllable than a planned one. The option to migrate with agency exists now. It may not exist in three years.
The calling card market still generates around $1.7 billion in commercial revenue globally. The operators in that market running on decade-old on-prem infrastructure are not running a declining business — they are running a viable one with a platform risk they have not yet had to confront.
Migrating while the business is healthy
A migration from a position of strength is a different project from an emergency recovery. When the platform is still running and the revenue is intact, there is time for proper discovery, dry runs, reconciliation, and a tested cutover procedure. The data can be normalised on the way in rather than under pressure. The rate tables can be cleaned. The IVR logic can be rebuilt deliberately rather than guessed at from CDRs.
Seshnova is built for exactly this transition: a platform purpose-built for prepaid calling and calling cards, with real-time per-second rating, A to Z rate decks, hard cut-off enforcement, balance and PIN control, CDR audit, fraud caps, multi-brand and reseller support, and API and softswitch integration. The migration tooling handles rate tables, account data, balances, and integrations with dry-run discipline and verified reconciliation at each stage.
The goal is not to replace one on-prem platform with another. It is to move the operation to infrastructure that can be updated, secured, and operated without depending on specific people or undocumented workarounds — so the business continues, on a platform that is no longer a liability.