Trai move to curb fraud could ring in an SMS outage next month

New Delhi: Consumers may face disruptions in getting service and transactional messages from banks, financial institutions and ecommerce firms on their mobile phones from next month following a telecom regulator move aimed at curbing spam, specifically phishing attempts.

The Telecom Regulatory Authority of India (Trai) has asked telcos to stop transmitting messages containing URLs, OTT links, APKs (Android application packages) or call-back numbers that are not whitelisted--or registered with telcos--by senders from September 1.

The regulator’s ultimatum means banks, financial institutions and online platforms must get their templates and content registered with operators by the August 31 deadline, failing which messages containing these elements will be blocked.


Currently, entities get their headers and templates registered with telcos but not the content of messages. This means that operators don’t undertake scrubbing or checking the content of transmitted messages. But effective next month, telcos have to create a mechanism that can read the content of commercial messages, and block those that do not match its records, experts say.

In India, 1.5-1.7 billion commercial messages are sent every day, taking the total to about 55 billion every month, according to industry data.

Industry executives say the telecom sector is currently seeking some more time from Trai for implementing the mandate as the blockchain-based distributed ledger technology (DLT) platform needs to be updated.

However, the regulator feels it has given sufficient time to the telcos and is unwilling to relent, say officials familiar with the matter.

Bharti Airtel, Reliance Jio and Vodafone Idea didn’t respond to ET’s queries.

Whitelisting means entities sending messages must provide all information related to URLs, call-back numbers, etc., to telcos, who will then feed the information to their DLT platform. If the information matches, the message is passed; otherwise, it is blocked.

For instance, most transactional messages from banks like funds debit or credit contain a call-back number. Transmission of such messages will be stopped if a bank doesn’t whitelist the number.

“Only those entities including banks, which whitelist their URLs or content of the messages with telcos, will pass through; the rest will be blocked,” said a telecom industry executive.

The regulator’s intention is to ensure that all commercial messages are vetted before reaching the consumer as part of a wider effort aimed at combating rampant spam and fraud being perpetrated through messaging, or phishing. However, the immediate and unintended consequence could be disruption for the end consumer, who may face challenges in receiving even relevant and important financial or transactional messages, say industry watchers.

Mobile consumers faced a similar outage in March 2021 when the DLT platform was implemented, and telcos started scrubbing messages. At the time, there was widespread disruption as telcos blocked all commercial messages which didn’t contain whitelisted headers and templates. Following the disruption, all entities have since registered their headers and templates with telcos.

Experts say in the current scenario, an increasing number of messages may shift to over-the-top (OTT) platforms like WhatsApp and Google’s rich communication services (RCS) messaging, as there is no such mandate from Trai to govern them.

However, banking messages, where rules don’t permit transmission over OTT, will be blocked in case the entities have not been whitelisted, the experts added.

While Trai has been asking telcos to implement the latest measures for more than a year, the limited compliance led the regulator last week to crack the whip and ask telcos to stop transmission of non-whitelisted messages from September 1.

Trai had passed directions in May last year, asking telcos to ensure that only whitelisted URLs/APKs/OTT links and call-back numbers were present in the content template, and sought a compliance report within 45 days. In the directions, the regulator had asked telcos to always ensure traceability of messages from senders to recipients. But the telcos have not implemented the directions in entirety till date.