Infobip and Sinch Failed to Stop Thousands of SMS Scam Messages, Says Aussie Regulator

Several telcos failed to comply with requirements that prevent scammers sending misleading SMS messages, according to the Australian Communications and Media Authority (ACMA). An ACMA investigation found that 103,146 non-compliant messages were sent using Infobip’s services, including scam texts that impersonated some of Australia’s best-known collectors of road tolls. Sinch also received criticism for allowing 14,291 non-complaint texts to be sent, including scam messages designed to appear as if they came from Australia’s Medicare program and from its postal service.

Infobip and Sinch were each issued with a formal ‘direction to comply’, which is effectively an order to do what they should have been doing anyway. Neither business was fined but the implication is that they may be fined if they do not remedy their failings.

A third telco named Phone Card was also found to be in breach of the anti-scam rules but there was no evidence of them carrying any scam messages as a result. Phone Card received a formal warning instead of a direction to comply.

The Australian regulations mandate that telcos only originate SMS messages on their networks if the A-party has shown they have the right to use the originating number or a valid use case for the alphanumeric sender ID. Sinch failed to comply with the obligations for both the originating numbers and the alphanumeric sender IDs. Infobip and Phone Card did not satisfy the requirement for alphanumeric sender IDs.

ACMA Chair Nerida O’Loughlin emphasized that the telcos were not directly engaged in scamming the public but had not taken ‘adequate’ steps to protect Australians from scams.

While there is no suggestion the telcos were involved in scam activity themselves, scammers have used their failures to prey on Australians. This wouldn’t have happened if the companies had adequate processes in place and complied with the rules.

The ACMA press release, which contains links to the detail of their investigations and the enforcement action they took, can be found here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.