Unlike its peers, Ofcom sees the need to place additional, binding obligations on operators to help prevent fraudulent business communications

Ofcom’s consultation should soon be followed by a new government fraud strategy

On 29 October 2025, Ofcom launched a three-month consultation on new rules and guidance to stem the tide of mobile messaging scams. Based on financial data from the Payment Systems Regulator (PSR), Ofcom estimates that approximately £65m is lost to mobile messaging scams each year, with an average loss of £4,000 per scam originating via voice call or message. Its proposals are informed by feedback received following a July 2024 call for input on mobile messaging scams and build on a recent spate of action to address the growing problem of scams and fraud in the UK. In recent weeks, operators have agreed a new Fraud Sector Charter for telecoms, while Ofcom joined a joint statement of Anglophone countries, including Australia, Canada, New Zealand and the US, on tackling the consumer harms of scams and fraud. The Government is also expected to publish an economy-wide fraud strategy in early 2026.

Operators are blocking an estimated 600m mobile scams per year, but at least 100m are still reaching consumers

While Ofcom acknowledges the work operators have done to enhance network-level scam protections, it nonetheless identifies the risk of continued malicious messaging given the inconsistency with which some measures have been implemented. According to the regulator, operators block nearly 600m suspicious messages each year, but at least an estimated 100m scam messages still reach consumers. Ofcom identifies vulnerabilities in both person-to-person (P2P) and application-to-person (A2P) messaging systems, including the complexity of the A2P value chain in offering a number of entry points for scammers to exploit. In addition to the significant financial harm of mobile messaging scams, the regulator also cites research into the negative emotional and social impacts of fraud on victims as part of the urgent cause for action in better securing networks.

Unlike its peers, Ofcom will not take on the task of building a sender ID registry

In the context of A2P messaging, Ofcom defies recent trends among peers in refusing to propose the creation of a sender ID registry to address scam messages impersonating businesses and other trusted institutions. Instead, the regulator proposes to require that operators undertake advanced Know Your Customer (KYC) checks to verify the identity of customers using alphanumeric sender IDs in A2P messaging. Ofcom specifies that operators should take extra care regarding the use of protected sender IDs, such as those used by banks or the NHS, generic sender IDs, such as those reading “Alert” or “Delivery”, and sender IDs that use non-alphanumeric characters, which may mimic legitimate business names using irregular characters. Unlike other regulators around the world which require businesses seeking to send messages using sender IDs to register in a centralised database, Ofcom is instead proposing that the onus be placed on operators to verify customers’ identities on a case-by-case basis.

Though UK operators have participated in a centralised sender ID system voluntarily since 2019, Ofcom has since been eclipsed by ComReg in Ireland, the Australian Communications and Media Authority’s (ACMA) in Australia and the Infocomm Media Development Authority (IMDA) in Singapore, among others, in introducing binding measures on sender ID. However, Ofcom’s approach via obligations placed on operators, as opposed to on businesses and managed by the regulator, may reflect learnings from the difficulty with implementing sender ID registries faced in both Australia and Ireland in recent months. 

The regulator has proposed to limit messaging volumes for PAYG customers

To address scams delivered via P2P messaging, Ofcom is proposing mandating a volume limit on messages sent from pay-as-you-go (PAYG) SIMs and strengthening requirements for operators’ internal scam reporting processes and number blocking mechanisms. Though operators would be expected to set their own specific volume limits, Ofcom is proposing to require that all PAYG customers be subject to some limit on how many messages they can send to multiple phone numbers in a given time period. While it does recognise that limiting message volume may incentivise scammers to acquire more SIMs, the regulator still finds value in increasing the costs of a scam operation to that effect. Operators would also be expected to improve their reporting channels in order to receive reports of suspicious messaging from customers as well as third parties and expand the amount of information they collect about suspicious messages (i.e. relevant URLs or other phone numbers used to conduct the scam). While Ofcom recognises that operators currently employ reporting and blocking mechanisms to address scams, it is seeking greater consistency in how these interventions are applied to ensure all operators are held to the same high standard. In both proposals, the regulator acknowledges the potential for legitimate communications to be interrupted and therefore also specifies an obligation for operators to keep new compliance measures under consistent review to ensure this impact is minimised.