Verified Messaging - Increasing consumer confidence
Updated: Oct 13
I’m sure we’ve all received text messages (or at least know someone who has) claiming to be from the bank, tax office, or other ‘official’ source asking to confirm personal data. These messages will often come from a mobile phone number, short code or potentially even a seemingly genuine brand name which cannot easily be verified by the receiver at first glance. The message will often contain a link or call to action which will result in requesting bank details, credit card information, passwords, etc. This fraudulent activity is known as ‘smishing*’ (short for SMS phishing; a step on from phishing, which is email based).
To combat this negative activity and maintain user confidence, many industries - particularly financial institutions - have had to go so far as to say they will never send a customer a web link via SMS.
On the surface, that doesn’t sound so bad. However, this prevents many useful customer engagements, such as deep links into apps, providing directions to nearest branch, 2-way chat, calendar invites, etc, which are hugely beneficial to the consumer-brand relationship. Profits are directly impacted as brands cannot tap into or promote desirable consumer behaviours, for example: making payments; reviewing time sensitive information; reducing the chance of a costly no show, and so on.
So what can the mobile industry do to help sort this out?
Household names, financial institutions, or any organisation targeting mobile users (so everyone, right?), would benefit from an increase in confidence in SMS usage. This method of contact remains a high-value interaction, connecting brands to consumers in the most direct and actionable way.
Two initiatives have come to the fore which have been specifically developed to help. It’s worth saying up front: Neither provide 100% coverage of all consumers (globally), but the reach and consumer confidence they exude offer significant value, enough to warrant knowing about these options and working with a messaging supplier who can support these features.
1. SMS SenderID Protection Registry
Created by the Mobile Ecosystem Forum (MEF), this initiative aims to ensure Mobile Network Operators only deliver messages for brands from authorised sources. Technically, it’s just the Sender Identification (the text that often replaces the mobile phone number on messages from brands) that is registered and restricted, as opposed to the brand being authorised, but this still goes a long way to prevent scammers from simply creating accounts with less reputable messaging providers to start their smishing campaigns. The SMS SenderID Protection Registry works at the network operator level, which means it is not limited by specific handsets.
Currently on trial in the UK and supported by all the major mobile network operators, this initiative has been especially effective during Covid-19:
“This trial builds on the success of an HMRC pilot, conducted with telecoms providers, which resulted in a 90% reduction in reports of the most convincing HMRC-branded SMS scams. We are happy to collaborate with MEF and partners to take forward our work to safeguard the UK public from such SMS-related scams.”
Mike Fell, Head of Cyber Operations HM Revenue and Customs
The only downside to this approach that there is no indication to the consumer that the service is actually operating. This makes it really difficult for brands to modify their messaging strategies until the service is more ubiquitous geographically and supported by the majority of mobile operators.
2. Verified SMS
Verified SMS from Google has a far wider reach globally being available in nine countries currently (U.S., India, Mexico, Brazil, the U.K., France, Philippines, Spain and Canada). However, it’s only available to users of android phones and, of them, only people who use the Android Messages application.
That said, Verified SMS is probably the most consumer friendly experience because the messages are branded and indicate if they have been verified and, most importantly, indicate if they are NOT verified.
Commercial models for this service will vary from one supplier to the next, but the addition of branding provides a great new opportunity for organisations to reinforce their engagement strategies even if only for a percentage of their customers… that percentage will vary greatly on geographic and customer demographics, however the value of a logo cannot be underestimated.
The really interesting conundrum with Verified SMS is its relationship with RCS (Rich Communication Services)… Mainly because there is none - other than both being part of the Google Business Messaging portfolio (at the time of writing at least). For many industry voices this has caused them to write off the tech in favour of jumping straight to RCS. However, consumers are not required to opt-in to Verified SMS, whereas currently they are required to opt-in to RCS. This immediately makes the reach of Verified SMS greater than RCS.
The real advantage however of Verified SMS for brands, unable or unwilling to adopt RCS just yet, is that they do not need to change their existing SMS messaging strategies.
The future for SMS message verification is sure to evolve, but right now, in my humble opinion, all businesses where these services are available should be looking at Verified SMS and the SenderID Protection Registry to increase customer engagement, reinforce their brand and improve the ROI of their messaging campaigns.
*also referred to as spoofing or phishing