38.4k unique visitors in the last 3 days

Irish Regulator Defends A2P SMS Registration after Scam Warnings Are Attached to Genuine Messages

ComReg stood their ground when challenged by news reporters.

Last week the news was that Irish phone users would begin seeing ‘likely scam’ warnings whenever they get an A2P SMS message that uses an unregistered Sender ID. This week the news is that some of the telecoms industry has made a mess of following the new rules. However, the news media preferred to target the regulator responsible for imposing those rules, ComReg, rather than doing the hard work involved in pinpointing which businesses were to blame.

Adrian Weckler of the Irish Independent broke the story on the morning of July 8.

Ireland’s new crackdown on scam texts is labelling real texts as fraudulent — leading to confusion over hospital appointments, digital verification codes and sports tickets.

Patients of St James’s Hospital in Dublin are seeing “likely scam” on appointment texts from the institution, despite the hospital being signed up on a new verified register with the telecoms operator, ComReg.

This makes it sound like the issue is with the online registration process when it almost certainly lies with the kinds of businesses that organizations like hospitals choose as suppliers. ComReg were quick to state that their own systems are working correctly, as were the systems of Ireland’s largest mobile providers. Just a little while later, George Merrigan, Market Framework Director at ComReg, jumped on the lunchtime news show of RTE Radio 1 to defend the roll-out of the new obligations. Merrigan said:

We have been working with industry on this for some considerable time, and we are now working with some industry players to resolve the technical implementation issues that they are experiencing in this matter, as quickly as possible.

That answer is generous. There are countries where regulators would not have hesitated to shift blame by naming the businesses experiencing technical difficulties. The introduction of a national mandatory Sender ID registry was formally proposed as part of ComReg’s national anti-scam plan published in June 2023. There was time for businesses to adapt, and it is telling that Ireland’s leading operators insisted that their systems are working correctly.

Using a tokenized method to verify the legitimacy of an SMS introduces the kinds of implementation risks associated with any technical novelty, and these risks are exacerbated by the tokens needing to be processed correctly by multiple different entities. Over 11,000 Sender IDs were registered by ComReg’s deadline, a number so large that it would be surprising if there were no errors when the process went live. Nevertheless, news reporters conflated failures relating to the processing of tokens with the fact that some other ‘legitimate’ messages were flagged precisely because they were sent by comms providers which had not registered. Attaching warnings to messages from comms providers that ignored the need to register is not a flaw in the method; it is the essential purpose of the exercise.

News providers love sensation, especially when they lack the understanding to provide their audience with any real insight. It was clear that none of the journalists who latched on to this story knows their SMS aggregator from their elbow. So instead of talking about the role of aggregators or examining the technical root causes of errors, they harped on about the potential consequences of mislabeling messages. They placed specific emphasis on the risk of genuine messages from healthcare providers being wrongly labeled as scams, or potentially being blocked. I found this to be an unhelpful way of explaining the risks to the public. That is because healthcare providers stand out as being risky for reasons that are separate from the failings of the communications sector. The problem with healthcare providers is that:

  • they underinvest in the technology for support systems;
  • they lack people with the skills, authority and budget needed to maintain good security;
  • budget constraints lead them to prefer low-ball contracts for any service deemed non-essential;
  • they have eagerly automated communication in order to reduce the costs incurred when staff interact with patients; and
  • poor training means they already suffer from weak controls over communicating sensitive information.

This is why I expect that the increasing use of technologies to automate the blocking of harmful communications will cause problems for healthcare providers in many countries, not just Ireland. Put simply, a conventional for-profit business has the incentive to choose suppliers that will guarantee their communications get through to consumers. Hospitals and doctor’s surgeries are not run by people who are willing to pay extra to guarantee a better level of service. They expect all comms services to be equally reliable. Anybody familiar with the murky world of comms intermediaries should appreciate how naive that expectation is.

Crucially, regulators have never been sufficiently empowered to clean up all the murky intermediaries that keep their prices low by cutting corners. We have instead relied upon the myth of comms industry ‘self regulation’. If self regulation was effective then there would be no reason to introduce registries to halt the runaway abuse of Sender IDs.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email