Service providers caught unawares by telecom regulator’s move to block spam messages.
Move To Stop Pesky Messages Leads To Payments Outage In India
PUNE, India — India, the fastest-growing market for digital payments in the Asia Pacific region, faced a severe outage on a busy Monday with many people unable to go through with their transactions after the telecom regulator implemented rules to tackle pesky messages.
After receiving numerous complaints on March 8, the Telecom Regulatory Authority of India suspended for a week its July 19, 2018, directive that aimed to block the continuous rise in unsolicited commercial communications.
The telecom regulator wanted entities — such as banks, payments firms, and other firms that send short messages or one-time passwords to secure transactions — to register a template of short messages with telecom firms by March 8.
“It has been observed that some principal entities have not fulfilled the requirements as envisaged in Telecom Commercial Communications Customer Preference Regulations, 2018. As a result, their SMSes were getting dropped after implementation of scrubbing of SMSes by telecom service providers,” the telecom regulator said on March 9.
Simply put, scrubbing is a process done by telecom service providers to cross-check if commercial messages being sent to a user are in accordance with their consent.
“As per the regulation, if an entity uses his/her connection to send promotional messages, the connection will be liable for disconnection on the first complaint, and their name and address may be blacklisted for two years,” Karan Chechi, director at research and consulting firm TechSci Research, told Zenger News.
Several countries have provisions to handle spam messages and calls. For example, the U.S. has the Telephone Consumer Protection Act, which entitles users to receive monetary compensation of $500-1,500 in case of violations.
In India, the telecom regulator first launched regulations to curb pesky calls in 2010, which were implemented in September 2011. The National Customer Preference Register (formerly the National Do Not Call Registry) was created to allow consumers to limit telemarketing calls.
The telecom regulator introduced a ‘DND (do-not-disturb)’ mobile app in 2016 through which users could also file complaints against unwanted short messages. It launched DND 2.0 in 2018 that used machine learning technology to classify messages. But “despite disconnecting more than a million telephone numbers, unsolicited commercial communication is not fully under control,” the telecom regulator said in 2018.
While the latest guidelines were formed in 2018, they came into effect on March 8, 2021, after the Delhi High court last month asked the telecom regulator to ensure strict compliance. The court was hearing a suit filed by payments provider Paytm’s parent One97 Communications in 2020 alleging that telecom providers were not preventing phishing activities and violating the 2018 regulations.
Paytm said millions of its customers were victims of phishing and sought damages of INR 100 crore ($13.7 million) from major Indian telecom operators Bharti Airtel, Reliance Jio, state-run BSNL, MTNL, and Vodafone Idea. A few months later, the telecom regulator recommended a collective fine of INR 35 crore ($4.8 million) on eight telecom operators for failing to stop fake messages sent to dupe digital payments service users.
Under the 2018 guidelines, access providers (banks, payments firms, etc) are required to submit a code of practice to the telecom regulator. “In case of non-compliance to the provisions of code(s) of practice, access provider shall be liable to pay an amount not exceeding INR 5,000 ($68.5) per day for the period of exceeding the timeline if the period of delay is less than or equal to 30 days or not exceeding INR 20,000 ($274) per day for the additional period of delay which is more than 30 days. The total amount payable as financial disincentives shall not exceed INR 10 lakhs ($13,702),” the 2018 regulations state.
“The operators must check the sender ID named as header and verify that the content of all the commercial messages is from the registered sources and directly block the messages from unregistered sources,” Chechi said.
“The systems the spammers have been working with, on a near-continuous basis, have been adapting to make spam messages look as closer to one-on-one communications as possible,” said Vivekanand Subbaraman, research analyst at Ambit Capital. “This is why we have this challenge in the first place. Spam messages don’t seem to be sent by registered telemarketers. Stopping them will be a tough challenge.”
The Cellular Operators Association of India, a non-governmental body whose core membership includes major private telecom firms, said it had sent communications to principal entities asking them to register content templates before March 7.
“Telecom service providers are following the 2018 regulations and have activated the due process of content scrubbing. Telecom service providers sent various communications to the principal entities to register their content template with them before March 7, 2021,” S.P. Kochhar, director general at Cellular Operators Association of India, told Zenger News.
After several tweets on the SMS outages on March 8, some banks responded. “Our (Internet Banking, UPI, APP) service(s) are facing glitches due to some technical difficulty. However, our team is working on the same, and it will be resolved soon,” Punjab National Bank said in a reply to a user.
Users also tweeted that they were not receiving one-time passwords from the government’s contact tracing app Aarogya Setu, which is mandatory to enter airports in the country.
“The telecom companies need to verify the entities seeking registrations before granting them the customer data and are liable to take legal action against the fraudulent entities,” Chechi said.
(Edited by Amrita Das and Gaurab Dasgupta. Map by Urvashi Makwana.)