The Australian Communications and Media Authority (ACMA) has taken action against two telcos who allowed their customers to send SMS with text-based sender IDs (i.e. shortened business names), without making sufficient checks that they weren't being used to perpetrate scams.
Vonage Business Inc and Twilio Inc have been formally directed to comply with the Reducing Scam Calls and Scam SMs Code after ACMA audits and investigations found both companies in breach of Australia's anti-scam rules.
The ACMA found Vonage allowed more than 11,780 non-compliant SMS to be sent, which included 3,387 scam texts impersonating businesses including Commonwealth Bank, ApplePay and Australia Post.
Twilio was also found to have inadequate systems in place to comply with the rules. However, there is no evidence that scammers exploited its vulnerabilities.
ACMA Chair Nerida O'Loughlin said these type of compliance failures leave holes in the system for scammers to exploit.
"Since these SMS anti-scam rules came into place in July 2022, Australian telcos have reported blocking almost 257 million SMS scams. But we know that scammers target the weakest links, so it's vital that every telco has processes that are up to scratch to meet Australian standards," Ms O'Loughlin said.
"As the rules have been in place for over a year now it's unacceptable that we continue to find telcos allowing scammers to send SMS impersonating businesses domestically.
"We know these types of SMS impersonation scams are hard for people to spot and can be particularly devastating for victims."
Vonage was also breached for failing to report to the ACMA for three consecutive quarters the number of scam SMS it had blocked, as required under the code.
Ms O'Loughlin also said that these investigations are a reminder to industry that the ACMA will take proactive steps to ensure telco providers are complying with the industry code.
Both telcos must now have adequate checks in place to ensure that their customers have a legitimate case to use sender IDs in bulk SMS and they must also comply with all other requirements of the anti-scam rules.
Combating SMS scams is an ACMA compliance priority and telcos may face penalties of up to $250,000 for breaching ACMA directions to comply with the code.
This enforcement action is part of the government's Fighting Scams initiative to address scams and online fraud and protect Australians from financial harm. The initiative also supports the work of the National Anti-Scam Centre, which commenced operations on 1 July 2023. The National Anti-Scam Centre coordinates government, law enforcement and the private sector to combat scams.