Spam SMS and the Operators: what can they do about it?

All the evidence points to a rise in spam SMS. 42% of people in the UK have had an accident claim spam. Add in the other unsolicited marketing messages and it’s fair to assume that more than half of the population have experience SMS spam. And most people blame their operator for it. So why does it appear that they are doing very little to tackle the problem? Why can’t they just filter out these messages?

Some conspiracy theorists have suggested that the operators have an interest in keeping spam going because:

  1.  They earn money from the messages
  2.  They sell the data in the first place

Unfortunately for these theorists neither of these things are true. The messages are typically sent using PAYG SIMS with an unlimited SMS plan. It is therefore better that messages are not sent – they earn money from the top up, and not the message sending itself. When it comes to their data, it is not in their interests to sell it. This would be a pretty fundamental breach of the Data Protection Act – both the fines and damage to their reputation would be far in excess of any revenue from selling numbers. In fact, when some T-Mobile employees sold customer data out the back door, the company informed the police and two people were prosecuted. The biggest reason though is that dealing with spam costs the operators a lot of money. They need a considerable customer service resource to do this.

So, given that it is far better for the operators to be spam free, why can’t they stop it?

First of all, the spammers don’t make it easy to stop. They use multiple PAYG SIMS in a SIM bank. This allows up to 300 cards to send messages via one server. The spammers even spoof IMEI numbers and handset types to make it look like individual phones are sending the messages. However underlying all of this is the fact that operators cannot view the message content by law. Whilst some nameless organisations were happily hacking into mobile phone voice mails, the operators can neither listen in to calls nor look at a text message.

In spam terms this means they have one hand tied behind their back. Still, they have methods of detecting spam – looking at things like message length, originating and IMEI number ranges all helps identify the spammers, but as these constantly change, it is also not easy. In one case in the US the spammers put their SIM bank in a van and drove around to different areas, ensuring that the base station sending the messages constantly changed.

So is there an operator solution?

There are two ways the spammers can be stopped. The first one is by using software, much the same as email spam software. Whilst a human cannot look at message content, a computer can. A good algorithm can identify spam not just through key works, but a whole series of patterns from the sender ID, to the base station, frequency or IMEI number. The second part of the solution is the one that works the best – get customers to report spam. They are the best at identifying it, and if the process is made easy, they will willingly do it.

If it’s so simple, why don’t the operators filter spam already?

Some do, but not all of them. In the UK the amount of spam you get will very much depend on your operator (I won’t name names). However, as one of them put it to me; ‘we didn’t think spam would be a problem’. Naïve? Certainly. But welcome to the world of mobile operators. They are focussed on running big engineering operations for calls, SMS and data and on provider customer service. They can also work at a glacial pace. It’s hard to implement things quickly within these vast organisations. Whilst the spam software can be implemented in a few weeks, it will take an operator years to put it in place.

The other side of this is consumer reporting: if customers tell them when they get an unsolicited SMS it is possible to close the spamming numbers quickly. The timescale to stop the SIM banks is within an hour as around 85% of people respond within that time. Unfortunately at the moment there are two problems with this: firstly consumers don’t know how to report spam. There is a shortcode number for all the operators, but it’s hard to find it. Secondly, the current systems in the operators means that it takes a minimum of three days to close down a number (and typically one week).

In Korea there was a similar problem with spam. They solved it by getting the handset manufacturers to add a ‘this is spam’ link to all of the phone messaging menus. Simple and effective.

Why aren’t they working together?

The biggest issue preventing an operator solution in the UK is that the operators don’t want to publicly admit there is a problem. The primary reason is competition. If one operator puts spam high on their priorities, they are worried that others will simply say they don’t have a problem with it. In many ways, that doesn’t make sense. Most customers are aware of receiving spam, but it would seem that this competitive fear is stopping them from tackling the problem in the best possible way – with the help of their customers. In the end though, they are on a hiding to nothing. At some point, the government will want to legislate. They may happen sooner rather than later if someone in the government gets one of the infamous messages. And when governments legislate around technology, the outcomes are far worse and more draconian that industry legislation. In Canada there is now a fine of $1 million PER MESSAGE for unsolicited SMS. Whilst there are initiatives from the GSMA to monitor and stop spam, it is optional for operators (and they need to pay for the service).

Hopefully that problem will end soon. Representatives from all the UK operators have both discussed the spam problem around accident claims messages, and agreed to give their customers the same advice. I say hopefully because in spite of giving that information to the operators, as yet none of them have updated their site, or publicly admitted to unsolicited messages being a problem. Things move slowly in the world of mobile networks. Very slowly.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s