Please enable javascript in your browser to view this site

Fighting SMS-based scams and fraud

Consumer Protection Tracker

Protection Against Nuisance Calls and Texts benchmark expanded to include information on SMS sender ID registries and other SMS scams interventions

We expanded the Protection Against Nuisance Calls and Texts benchmark within our Consumer Protection Tracker to detail the adoption of SMS sender ID registries and other interventions related to preventing the proliferation of scams and fraud via SMS. We now benchmark both the voluntary and mandatory schemes to register and police alphanumeric sender IDs that have been adopted around the world. We’ve also added further information on other SMS specific interventions aimed at reducing scams, especially in relation to regulator and operator-drive scam filtering systems. The benchmark provides an increasingly comprehensive picture of the range of efforts being made to prevent malicious communications, particularly as regulators find trust in SMS is at an all-time low.

According to our benchmark, 14 countries have adopted or are developing some form of a mandatory sender ID registry. Most countries, including Australia, Ireland and Singapore, require that firms sending messages proactively register or “white list” the alphanumeric IDs from which they intend to address their messages. India further mandates that firms register both sender IDs and messaging templates in a centralised database before sending SMS messages. In these systems, operators are required to block or label any message sent with an unregistered or unauthorised sender ID. A few countries, including Poland and the US, maintain central databases similar to Do Not Originate (DNO) lists, which operators must use to identify and block messages sent with common sender IDs used in malicious communications that have been “black listed,” but do not otherwise limit the use of sender IDs. Operators in the UK and Brazil have adopted voluntary sender ID registries managed through the Mobile Ecosystem Forum and acknowledged by sectoral regulators.

We have also identified nine countries where regulators and operators have adopted, or are developing, a scam filtering system for SMS communications. In Singapore and South Korea, these filters, also referred to as firewalls, automatically recognise message features, such as malicious URLs, which operators are expected to block. The Indian telecoms regulator, TRAI, requires that message senders proactively white list any URLs, callback numbers or other message attachments in order to avoid being blocked by scam filters. Other filters, such as those deployed in Belgium and Poland, rely on analysis of messaging patterns, such as the volume and timing of sent messages, to detect likely scam senders, similar to the use of call analytics to filter out malicious voice calls already employed by seven of the 31 total jurisdictions included in our benchmark.