Combating fraud in A2P messaging: our partnership with Morgan

In times when smishing (SMS phishing) and artificially inflated traffic (AIT) are on the rise, it's crucial for businesses to stay informed about the threats within the business messaging landscape. These fraudulent activities erode customer trust and create unnecessary costs for companies, impacting both businesses and recipients.

What is Morgan?

Morgan is an entity that, along with major Swedish telecommunication operators (Telia, Tele2, Hi3G, and Telenor), has established The Code of Conduct for A2P Messaging. This comprehensive framework is designed to regulate the distribution of bulk SMS messages and promote a good and sustainable business messaging market.

Effective from March 1, 2022, these rules aim to mitigate fraudulent activities and enhance transparency within the industry. 

Key Provisions of the Code of Conduct

Compliance with laws and regulations:

All parties involved in A2P messaging must adhere to applicable laws, including the General Data Protection Regulation (GDPR), the Law on Electronic Communication, and the Marketing Act. Additionally, they must follow the ethical guidelines for data collection as specified in SWEDMA’s Code of Ethics for Mobile Marketing. 

Consent and opt-out mechanisms:

Content providers must obtain explicit consent from recipients before dispatching commercial messages. An active opt-in or a soft opt-in (for customers within the last twelve months) is obligatory. Additionally, every marketing communication must feature a straightforward and accessible means for recipients to unsubscribe (opt-out).

Sender ID management: 

Aggregators are required to block Sender IDs that are abused or at risk of being abused. A whitelist exists for approved Sender IDs, ensuring legitimate content providers can continue their operations without disruption. Additionally, aggregators should have the capability to block specific phrases or links that frequently appear in fraudulent messages. 

Delivery reports and documentation: 

To maintain transparency and accountability, content providers, aggregators, and operators must provide documentation that confirms the consistency between the number of messages sent and received. These records should be available for review for a duration of three weeks and must be provided within two business days upon request.

Our commitment to the Code

By aligning with Morgan and the Code of Conduct for A2P Messaging, LEKAB demonstrates its commitment to upholding ethical practices and robust fraud prevention measures. Here’s how we are putting these guidelines into action: 

• We continuously update our practices to comply with the latest regulations, ensuring that our messaging services are both lawful and ethical.
• We have implemented stringent consent mechanisms, requiring explicit opt-in from all recipients. Our messages also include straightforward opt-out options, empowering recipients to control their communication preferences.
• We actively monitor and manage sender IDs to prevent misuse. Our systems are equipped to block suspicious sender IDs and phrases, safeguarding our messaging platform from potential fraud.
• We maintain detailed records of message deliveries and promptly respond to any verification requests from TR (Telekområdgivarna), ensuring full transparency in our operations.

We believe that our ongoing commitment to these principles can foster a more secure and trustworthy communication environment for all stakeholders.

Our partnership with Morgan exemplifies the power of industry collaboration in combating fraud and enhancing the security of A2P messaging. Together, we are dedicated to building a future where A2P messaging is both safe and reliable. If you want to learn more about how LEKAB combat fraud and how you can protect your business, contact us today. We'll be happy to discuss how our solutions can help you stay secure and ensure your business messaging remains a trusted and effective communication channel.

General tips to prevent fraud within mobile messaging

1. Choose a reliable business messaging solution provider that protects its data and services and ensures messages are routed through non-fraudulent paths.
2. Protect your sender ID(s). Your Sender ID represents your brand in SMS communication. Prevent fraudulent entities from impersonating you. Learn how to protect your Sender ID – we guide you through the process. The new RCS technology provides verified Sender ID as a feature.  
3. Inform your customers or employees about the risks of fraud in mobile messaging. For example, if you have a protected sender ID, tell them what it is and the typical content and requests your company includes in its text messages. 

Businesses must also take standard precautions, such as using two-factor authentication (2FA) and protecting their systems against web hackers. While not every fraud can be prevented, it's crucial to stay informed about the latest fraud trends in business messaging and to act quickly against potential threats.

ABOUT LEKAB
LEKAB provides mobile messaging services, SMS Gateway and messaging APIs and software for advanced business messaging and process automation. We offer digital tools and solutions to companies that want to optimise how they communicate and interact with customers and employees on the mobile to improve productivity, availability and the customer experience through mobile channels. Do you want to know more or ask us for advice? Contact Us!