At a time when the government is looking to curb the menace of unwanted communication such as promotional SMSs, experts said the telecom operators are not solely responsible for its increase, but efforts are also needed on part of enterprises that originate such SMSs, and communications platform as a service (CPaaS) providers that act as a middle layer between the enterprises and telcos before such communication is sent to consumers.
The loopholes at the end of enterprises can be attributed to their partnerships with unregistered telemarketers or CPaaS players which ensure them bulk promotional SMSs at discounted price points and even include undesired content in the registered headers and message templates that pass the firewall of telecom networks. Even the unused templates are often used for phishing attacks by the unverified telemarketers who also work for enterprises, according to experts.
In order to send communication to end users, there are three stakeholders involved – enterprises (who want to send communication in the form of voice, SMS), CPaaS players or telemarketers which send bulk SMS/calls on behalf of enterprises and provide application integration with the telecom network and the telecom operator which owns the network and the distributed ledger technology (DLT) platforms.
DLT platforms are run by telecom operators where businesses who are involved in sending bulk promotional or transactional SMS need to register by giving their business details, including sender IDs, and SMS templates.
“Telecom operators already have the technology to contain unsolicited communications, they just need to retrain their firewalls with regard to evolved patterns of such communications. On the other hand, enterprises who actually want to send authorised promotional communication must partner with trusted and registered CPaaS players,” said Nitin Singhal, managing director of Sinch India, a cloud communications company.
According to Singhal, direction by the Telecom Regulatory Authority of India (Trai) to telecom operators for re-verifying registered SMS templates used by companies for messages and barring of unauthorised telemarketers and message templates, will reduce the unsolicited communications by 60-70%.
A survey by community social media platform LocalCircles shows that nine in ten subscribers complain of getting pesky or unwanted calls for brand promotions or sales despite registering on the Do Not Disturb (DND) service by their respective operators.
Two ways through which phishing attacks happen are – application to person wherein certain applications are used to send communication to customers and second is via a 10-digit number which is also called person-to-person. In both these models, a common pattern observed was that the attackers or spammers copy a verified or inactive header or template and tweak it in a way that it passes the DLT platform and reaches the consumers.
On Monday, Tanla Platforms
Also read: RBI slaps Rs 3 crore penalty on Amazon Pay India for violating KYC norms, prepaid payment provisions
“Wisely ATP is a first-of-its-kind revolutionary solution that acts as a single platform to solve the phishing problem end-to-end. It protects the user, disables the scam and eliminates the scammer. It enables brands to always be three steps ahead of the fraudster,” Reddy added.
While experts pointed towards a collective efforts between the stakeholders like telcos, enterprises and CPaaS players to solve the menace of unwanted communication, a major challenge lies towards curbing the pesky communication through 10-digit numbers.
“A system is in works to curb pesky communication using a 10-digit number. We are working on a solution wherein we will analyse the metadata and volume and patterns of calls/SMSs using AI (artificial intelligence) to tackle this,” a senior Trai official said.
Some experts argue that the telecom companies should first try and retrain their firewalls with the existing phishing patterns, and should take the services of CPaaS players if unsuccessful.
Also read: Capex loans: Rs 50k cr sanctioned for states so far
“In this highly sophisticated and rapidly evolving phishing landscape, traditional solutions such as rule-based firewall deployments have proven to be ineffective,” said Sunil Bajpai, chief trust officer at Tanla.
According to Tanla, its Wisely ATP has 99% accuracy in eliminating fraudulent assets (such as fake URLs, WhatsApp accounts etc.) and even provides evidence to apprehend the fraudster.