Revised code targets scam SMS traffic

As part of its regulatory response to the rapid increase in SMS scam activity, in 2022 the Australian Communications and Media Authority (ACMA) registered the industry code ‘Reducing Scam Calls and Scam SMs’ (the Scam Code). Previous versions of the Code imposed obligations in relation to scam calling traffic but were silent in relation to SMS.

What does the Scam Code require?

The Scam Code places a series of obligations on Australian carriers and carriage service providers (C/CSPS) to proactively identify, trace, and block scam SMS.

Most significantly, the Scam Code requires that a C/CSP may only originate the carriage of an SM where its A-party end-user has rights of use to the relevant number. Alternatively, where the SM uses an alphanumeric sender ID instead of a number, the C/CSP must have been provided with evidence of a valid use case by the A-party sender.

This is of particular significance to providers of application-to-person (or ‘A2P’) services that enable end-users to send bulk SMs, including by manually inputting the number or letters that they wish to use in those messages’ sender ID field. Under the Scam Code, it is critical that such providers proactively engage with their users to collect evidence of the legitimate of the sender IDs that they wish to use, whether numbers or alphanumeric characters.

The Scam Code also imposes broader obligations that apply in circumstances where a C/CSP transits or terminates SMS. C/CSPs must monitor their networks for scam SMs, and where a material issue of alleged scam SMs is identified, they must provide details of the alleged scam SMs to the originating or transit C/CSP from which they received the SMS.

C/CSPs must also provide the ACMA with a report on a quarterly basis, detailing the number of scam SMS that they have blocked during this period. Data compiled by the ACMA based on these reports indicates that up to the end of June 2023, C/CSPs have blocked over 257 million SMS scams since the rules were introduced under the Scam Code.

The obligations imposed by the Scam Code are more onerous than those that apply in most other jurisdictions and given enforcement of the Scam Code is an ongoing ACMA enforcement priority, we encourage C/CSPs who may be uncertain of their compliance with the rules to seek advice.

There are more changes to come

The Australian government has allocated funding to the Australian Competition and Consumer Commission (ACCC) to design and establish an SMS Sender ID Registry. The registry will operate in parallel to the Scam Code, allowing organisations to register their sender IDs on a central list. C/CSPs will then be able refer to that central list to block traffic that attempts to illegitimately use a registered sender ID. There is not yet a clear timeline for the implementation of the registry, nor has it been announced whether it will be voluntary or mandatory.

For more information, please contact Thomas Jones and Patrick Cordwell.

SIGN UP FOR OUR CONNECTED NEWSLETTER FOR A MONTHLY ROUND-UP FROM OUR REGULATORY & PUBLIC AFFAIRS TEAM