Skip to main content

RCS can make every message a mini-app, and every outbound alert the start of a conversation. When mass-adoption comes brands will love it. RCS is also positioned as more trusted channel. At the recent immersive Mobilesquared RCS Workshop supported by MEF, we brought together experts to look at the topic of fraud in RCS in more detail to find out what needs to be done now to keep the channel clean.

Every week seems to bring with it more excitement about RCS business messaging.

Brands are relishing the chance to harness the directness of SMS and combine it with the feature set of apps.

Watch the panel in full

A text message supercharged with images, maps, video, payment – all clickable and interactive? What could go wrong?

Well, criminals could flood the new channel with fraud and spam.

As we’ve seen from the precedent of email, it doesn’t take long for scammers to infiltrate any popular communications platform. And when they do, it’s not just the direct victims that lose out.

Trust is eroded. Recipients start to suspect everyone – even legitimate senders.

Sadly, that process is creeping into A2P SMS messaging. SMiShing is a growing problem, one that MEF has highlighted on this blog many times.

Of course, MEF is leading efforts to combat all forms of message-based fraud as part of its Future of Messaging Programme.

So it follows that we are working to make RCS as clean as possible as the new channel rolls out with operators across the world.

Which is why MEF was invited to moderate a panel session on the topic at Mobilesquared’s immersive RCS Workshop in London last week.

The event was co-hosted by the Internet Advertising Bureau UK (IAB UK), and many brands attended to learn about the new channel and see interactive demos.

The MEF session was entitled ‘How RCS can remain a fraud-free environment’.

The panellists were:

  • Rob Lawson, Global Partnerships, Google
  • Juan Ramirez, Digital Solutions Architect, Telenor
  • Tony De Ruvo, Senior Product Manager, OpenMarket
  • Robert Gerstmann, Chief Evangelist & Co-Founder, CLX
  • Tim Green, Features Editor, MEF (Moderator)

Here are the key take-aways from the session

RCS sender verification should drastically reduce fraud

Most SMS-based fraud is SMiShing, in which a fraudster sends messages that look as if they are sent by legitimate brands. They can do this because there is no universal system for verifying sender IDs.

By contrast, RCS business messaging does have such as system. Google provides a ‘verified sender’ process to check an enterprise is above board. Once verified, a brand can use its name, logo, brand colour and font for all their messages.

How can Google be sure of its system? According to Rob Lawson, Google has built robust processes to verify businesses over the years. Some of Google’s core businesses including Maps and Search also rely on these verification processes.

Aggregators will add their own layer of verification

Tony De Ruvo reminded the audience that Google will not be the only one verifying senders. “Aggregators will perform the same function,” he said. “There will be two layers. We have a vested interest in keeping the channel clean.”

People will get used to the idea of verified senders

The panel agreed that it won’t take long for the public to embrace the idea of the verified sender and thereby reject suspicious-looking messages.

“People will get used to seeing the check mark,” said Tony De Ruvo.

The US’s shortcode registration scheme provides a hopeful precedent.

In the US, all SMS A2P message senders have to be verified. Though fraud and spam still exists, the problem is small relative to other regions.

“You see much less fraud there,” said Robert Gerstmann. “It gives an idea of what RCS might be like if we can get the registration process right.”

Fraudsters might turn their focus to P2P

A watertight sender ID scheme could push scammers deeper into P2P RCS messaging, warned Juan Ramirez. He argued for more vigilance.

“Fraudsters will always try to find a weakness in the infrastructure,” he said. “If they cannot attack via A2P they might exploit P2P. They can pretend to be a friend and send an attachment for example.”

The SIM farm problem should be reduced

With verified sender IDs established, scammers should have little incentive to set up SIM farms.

RCS clients will have better reporting features

The panel observed that there are better opportunities inside RCS apps to report suspicious senders.

MEF’s Future of Messaging Programme Day – Nov 26th

MEF’s Future of Messaging Programme Day takes place the day before Messaging & SMS World and is the opportunity for Programme Participants to get an update on the different workstreams and projects, as well as plan for 2019.

The event is for MEF Future of Messaging Programme participants only – Find out how to get involved