The Telecom Regulatory Authority of India (TRAI) has directed all access providers to implement mandatory pre-tagging of variable elements—such as URLs, app download links, and callback numbers—in commercial SMS content templates. The move aims to curb fraud, phishing, and misuse of registered templates by ensuring these changing components are clearly identified and monitored.
Variable components typically include elements such as URLs,
application download links or callback numbers that may change from recipient
to recipient. With the introduction of mandatory pre-tagging, these variable
elements will now have to be categorised and registered upfront by the
principal entities (PE), making them traceable and accountable.
It added that all new SMS content templates registered after
28 November will be registered only after verifying compliance. However, telcos
will have to identify the principal entities associated with faulty messages
and inform them of corrective actions required and consequences of continued
non-compliance.
TRAI said fraudsters often exploit untagged template fields to insert malicious links or numbers, leading to financial scams, data theft, and other cyber harms. With the new rule, senders must specify the purpose of every variable field at the time of template registration—for example, marking a field as #url# if it contains a web link. This allows telecom operators to detect and block harmful or non-whitelisted content before delivery.
Role of Access Providers
Access providers, responsible for SMS delivery for entities
like banks, online platforms, and retailers, are tasked with ensuring
compliance. This move is expected to make it easier for them to detect
suspicious content, improve automated filtering systems, and ultimately
safeguard consumers from phishing attacks and scam messages.
Impact
This initiative builds upon existing regulations like the Telecom Commercial Communications Customer Preference Regulations, 2018, adding another layer of security to prevent unsolicited commercial communications and enhance the integrity of digital communication channels for businesses and consumers alike.
Why TRAI Introduced the New Rule
Variable fields in SMS templates allow businesses to insert
dynamic elements—like URLs, tracking links, OTPs, and contact numbers—while
keeping the core text constant. However, TRAI’s investigations revealed massive
misuse:
◆Fraudsters inserted non-whitelisted URLs
◆Added malicious OTT/app download links
◆Used fake callback numbers
◆Bypassed template checks by exploiting
untagged variables
These gaps became a playground for phishing, financial
fraud, and data theft, impacting millions of mobile users.
Despite earlier directives in February and May 2023, Access Providers failed to enforce uniform tagging—forcing TRAI to issue strict, non-negotiable orders now.
According to the press release published on the TRAI
website, the Telecom Regulatory Authority of India
(TRAl) has issued a direction to all access providers mandating the pre-tagging of all variable components used in SMS content templates for commercial communication. Variable components typically include elements such as URLs, application download links, or callback numbers that may change from recipient to recipient or time to time, while the rest of the message text remains static.
No comments:
Post a Comment