First Australian Telco Found to Breach New Anti-Scam SMS Rules

An investigation by the Australian Communications and Media Authority (ACMA) concluded that Modica, an SMS-oriented telco, failed to check that all its customers were only using appropriate sender IDs. This represents the first proven violation of Australia’s rules for reducing scam SMS messages since the relevant code was extended in mid-2022 to cover SMS as well as voice.

Modica confirmed its non-compliance with the code, which occurred for several months following the adoption of the new SMS rules. The investigation report stated:

Information obtained from Modica on 13 September 2022 confirms that its A-Party customers can insert Alphanumeric Sender IDs without notice to Modica.

Information obtained from Modica on 21 September 2022 indicates that it has a small-scale solution that blocks specific high-risk Alphanumeric Sender IDs from being sent by A-Parties without the correct authorisation. However, Modica states that generally customers are able to use any Alphanumeric Sender ID they wish, within the bounds of its policies, which were obtained by the ACMA.

The policies do not contain any specific information on the use or blocking of Alphanumeric Sender IDs.

Therefore, Modica was not provided with evidence by A-Parties confirming that they had a valid use case for use of Alphanumeric Sender IDs during the period 12 July 2022 to 25 November 2022.

Modica also failed to provide the ACMA with its first quarterly report on the number of messages blocked by the prescribed deadline.

The ACMA only applied a mild slap on the wrists for Modica by issuing a direction which essentially told the telco to do what it should have been doing anyway. The greatest impact on Modica would have been the embarrassment of being the first Australian telco to be named and shamed in this way.

You can obtain both the investigation report and the compliance direction from here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.