The Australian Communications and Media Authority (ACMA) is deciding whether an initiative to block scam texts impersonating government agencies and well-known brands will be mandatory or voluntary.
The Sender ID registry secured $10.9 million over four years in the federal budget, but the ACMA has said it cannot provide a timeframe for the scheme’s rollout until key details are ironed out.
“It’s probably premature to talk about exact dates,” ACMA executive manager of consumer, consent and numbers branch Jeremy Fenton told a senate hearing last month.
“We're very ready to go, but we do need to settle some important parts of the scheme: mainly whether it's mandatory or whether it's voluntary."
The scheme would require organisations to register their sender IDs on a central list that telcos would then use to block bulk SMSs sent from spoofed addresses.
Citing the so-called 'Mediscare' campaign, Senator Ross Cadell asked the ACMA if the register would stop political parties from impersonating government agencies.
The Nationals Party MP said, “Would it stop anyone purporting to be from a different group in a text or only scammers?”
“It would fundamentally depend on the model that's adopted,” Fenton said.
“At one end of the scale, every sender ID may have to be registered, and that would require information to be provided that the person wanting to register it had a legitimate reason to use the sender ID.
“At the other end of the scale, things would be more voluntary. In that environment, you may have circumstances where sender IDs are used by other parties.”
Fenton added that, even if the registry were to be voluntary, government agencies would be strongly encouraged to participate.
Fenton also said that the ACMA had conducted “44 separate audits” of individual telcos since new industry codes, which require telcos to check organisations using text-based sender IDs, came into force in the middle of last year.
“We have identified non-compliance with the Reducing Scam Calls and Scam SMS Code. Specifically, the rules require telcos to confirm that customers sending bulk SMS using numbers or text-based headers have a legitimate reason to do so,” Fenton said.
The codes include responsibilities aimed at identifying, tracing and blocking suspected SMS scams.
The ACMA can instigate federal court proceedings if telcos fail to comply with directions to adhere to the codes; fines go up to $250,000.
Last month, compliance directions were issued to Sinch Australia Pty Ltd (Sinch), Infobip Information Technology Pty Ltd (Infobip) and Phone Card Selector Pty Ltd (Phone Card).
The ACMA found Infobip allowed 103,146 non-compliant SMS to be sent, which included scams impersonating Australian road toll companies.
Sinch allowed 14,291 non-compliant SMSs to be sent, which included Medicare and Australia Post impersonation scams.
Phone Card was found to have inadequate systems in place to comply with the rules, however, there was no evidence that scammers exploited the opportunities it created.
