What is The Solution to Solution to Spam SMS?

Spam texts are clearly a problem. Although they represent a much smaller percentage than email spam (around 3% vs 75%), mobile is a much more personal channel. Maybe one solution could come from a preference service? In the UK there is one for voice called the Telephone Preference Service (TPS). It is widely known by consumers and generally works well. It started as a voluntary scheme, but became part of the regulations. Any brand intending to conduct telemarketing in the UK must, by law, screen the numbers against the list.

So why not set up something similar for SMS? The problem is that SMS is different to voice. Where as a telemarketer can phone you without prior permission, text messages are classed as ‘electronic mail’ and require the user to opt-in before a message can be sent. So for a marketer to send you a text, you must have given your permission directly or indirectly through a soft-opt in (through a sale or negotiation of a sale). Not only that, the marketer must also offer a method of opting-out of further messages. It’s therefore pointless for marketers to scan against a preference list, as users will already have opted in.

A preference service won’t stop the spammers either. In the UK a majority of unsolicited messages are for accident claims, debt management or mis-sold loads or personal insurance. The people sending the texts know they are breaking the law, so they use a variety of methods to avoid discovering. One thing is certain though. They are not going to scan their lists against a preference service.

In the end the only way to prevent SMS spam is a combination of better enforcement against those who are breaking the law – so far the regulators haven’t prosecuted anyone – there is much more they can do. Stopping spam also needs to be supported by better filtering at the operator level. This will stop many more messages from reaching handsets in the first place. One way to support this is through a spam reporting button (or address book entry) on every mobile handset. Even though it may be well intended, a mobile preference service is not going to solve the problem. In the end it may simply mislead consumers into believing that registering with it can somehow prevent spam messaging. It won’t.

Mobile Data Theft: why it’s a problem for marketing

Most people would have missed it, but at the end of October the Government’s Justice Committee published a report called Referral Fees and The Theft of Personal Data. It mostly looked at how referral fees for accident claims are fuelling a range of illegal and criminal activities. Many people are aware of spam accident claims texts, which are part of this ‘industry’. Although the spam messages were a smaller part of the report, there could be some important repercussions for the mobile marketing sector.

The report recommended the ending of referral fees, better investigation powers for the Information Commissioner’s Office and harsher penalties, including custodial sentences for data breaches. All of those are good things. Anything that can help clean up the mobile channel for legitimate marketers has to be of benefit. However, it is the age old problem with many regulations – it’s not lack of powers but lack of enforcement that is at issue. The ICO has never prosecuted anyone for sending an unsolicited SMS. There has been plenty of opportunity to do so, but it would appear that lack of evidence or investigation resources has meant that nothing has happened.

Whilst the need to clean up messaging is obvious for brand marketers, there is a less obvious worry about increasing government legislation. History shows that when governments try to legislate for technology they never do a good job. This year’s PECR update to include an opt-in for cookies is a good example. Everyone; brands, consumers and even the regulators are confused as to how it works or how it should be implemented. In these cases, industry self-regulation is always a more effective option.

Although this report isn’t largely concerned with spam, The Justice Committee called for legislation to look beyond just the accident claims sector. Although nothing specific has been suggested yet, you only have to look at recent legislation in India limited messages to 100 per day per person to see how draconian (and ineffective) it can get. Whilst that’s unlikely to happen in the UK, some people have already called for proof of ID when buying PAYG SIM cards. Both of these examples hurt individuals but do very little to combat the spam problem.

SMS spam is not simply a moral issue though. Whilst many brand marketers and ad agencies are thinking up whizzy apps and social media campaigns, spam messaging is damaging the whole channel. As mobile users we consume across all channels and the perception of spam will affect all brand campaigns. Poor legislation may actually make that worse.

In the end, the best solution is the introduction of better consumer spam reporting (as we have in email) and better filtering by the mobile operators.

SMS Spam: this time it’s mis-sold loans and credit cards

As expected, in response to increasing pressure in the accident claims sector, the spammers are switching their messaging to claiming for mis-sold personal insurance, bank loans and credit cards. Messages typically look like this:

From: (a mobile number)

Message:

URGENT!! if you took out a Bank Loan prior to 2007 then you are almost certainly be entitled to  £2900 compensation, to Claim reply YES …

(message shortened)

This message is illegal for two reasons: firstly no one has opted in to receive it, and secondly the company is not identified in the message. If a recipient replies to a message with YES or CLAIM they will receive a call to make it into a qualified lead which will be sold on. The call is always from a withheld number (also illegal) and the company will tell you that their name is something like ‘PPI Compensations Team’ or ‘Affiliate Data Systems’  and that information was passed on from their ‘Network Affiliate Response Team’. If you ask for any more information about the company, such as their address or website, then they will simply terminate the call.

The companies have also started to ask if the enquiry was as the result of completing an online survey and that no unsolicited message was received in order to generate the lead. Of course, as the spammers and the company calling are one and the same, they know that the lead was a result of their unsolicited message. However, if someone believes that they really will bet £2900 then they are likely to agree that they did indeed complete an online survey. By creating this collusion with the claimant it confirms to the company that they will not report them for an unsolicited text when they reveal their identity much further down the line. However the fact remains they are operating illegally in both the SMS and by refusing to reveal the company’s identity during the call.

The advice for dealing with these messages and calls remains the same as the accident claims ones. Best advice is to ignore it and report it to your operator (forward the message to 7726, or 67726 on Vodafone). If you have any further information about the company then report it to the Information Commissioner. Exactly the same operational methods are being used for the loans that have been used for the accident claims texts. The company, Affiliate Data Systems have been doing the rounds for some time. If you want to have fun with it, then you can reply YES and make up a claim (as long as you don’t actually attempt to claim) and waste as much of their time as you can.

SMS Spam: what does India tell us about stopping it?

It was little over a month ago when the Indian regulator, TRAI took steps to stem the flood of spam in the country. A number of measures were introduced, including larger fines, registration of messaging companies, and limiting the daily text messages on pre-pay SIMs to 100 per day. It was the latter move that grabbed the worldwide headlines because it was something that significantly affected many consumers. And surprise surprise, it seems to have made little difference. Although a dip was reported shortly after the measure was introduced, feedback from consumers shows that in just a few weeks, the spam levels have gone back up. All the spammers did was to switch their operating method to using web-based messaging systems. There are even reports of a switch to voice-calling.

Although the two markets are different in some respects, this is very telling for the work being done in the UK to reduce SMS spam. No one has yet suggested restricting text messages, however some people have called for ID to be used when buying PAYG SIMs. However, the government is planning to remove paid leads in the personal injuries market. This may or may not reduce the spam in this area, but the evidence is that they will simply move on to something else: PPI claims or debt management. As long as there is money to be made, spammers will try.

Does this mean there’s no solution to spam? There is one, but it will come from a combination of better filtering and management by the operators, better enforcement of the existing regulations and consumer education to ignore and report unsolicited messages.

DMA finds 8 million spam texts sent every day in the UK

A couple of weeks ago, The Sun claimed that there were 5 million spam text messages sent everyday in the UK. They didn’t quote a source, but the figure seemed rather high. Given that a number of journalists had been asking the DMA about the volume of spam SMS, we decided to find out. Using Touluna QuickSurvey we asked 1000 UK adults if they had received spam. The results were more surprising than we expected:
  • 58% of people had received SMS spam in the last month
  • 11% of people had received more than 10 spam messages in the last month
If those figures are mapped against the UK adult mobile population of 48.5m it means that 23 million people received spam last month. Accounting for the number of messages that each person received, it means that there were 263 million spam messages in the last month, or 8 million per day. Surprisingly, it seems as though The Sun has been under exaggerating the figure. The DMA’s study has been widely reported by the BBC today.
The definition of spam is a difficult one. Legally, spam is where the recipient has not opted-in, however many mobile owners regard any message they don’t want as spam, even if they opted-in previously. For example a previous purchase is considered as a soft opt-in (provided it was stated in the T&Cs). It is quite acceptable under the regulations to send such messages, but not acceptable from a consumer perspective.

To try to understand a bit more about the types of company, we split the 58% of spam recipients as follows:

  • 22% have received SMS spam from company the recipient had previously bought products from or made an enquiry with – technically a soft-opt in.

  • 23.5% have received SMS spam from a company they knew, but had no previous contact with

  • 54% have received SMS spam from companies they don’t know and have had no previous contact with

  • 30% have received SMS spam from a company not identified in the message – these are typically accident claims, debt management or mis-sold PPI messages

8 million spam messages per day is a lot. It could be argued that more than one fifth of these meet the regulatory requirements but consumers still see them as spam. The 8 million spam texts are just 3% of the 300 million messages sent each day in the UK. Compare that to email, where it is estimated that 78% of the billions of daily messages are spam. So why should 3% be a problem in mobile spam?

There are three important reasons why:

  • Mobile is very personal – this is the device that we have with us all the time. We don’t share it, and it’s the place that most of us communicate with our friends and family. Unsolicited messages in this channel are very intrusive. A DMA/IAB study last year found that there was a 98% recall of brand SMS. Clearly, people remember a text message – solicited or unsolicited.

  • People are not used to mobile spam – we have all learnt to live with a certain amount of email spam. That is helped in part by increasingly sophisticated spam filters and report spam buttons in email. Those management tools don’t exist for individual mobile users (yet).

  • Mobile spam is bad news for legitimate permission-based marketing – even in world of apps and mobile web, SMS is an important driver for brand marketing, service and CRM. For consumers it can offer a convenient and immediate communication tool. If there is a perception that the channel is full of spam consumers will be reluctant to give brands their mobile number. In the email channel, the service providers have a major issue getting around spam filters, black-listing of servers and getting consumers to open their message. This is where SMS could end up if spam levels continue to rise.

In the end, text spam will be dealt with by a combination of better enforcement from the regulators, better filtering by the mobile operators and consumers not responding to unsolicited messages. The DMA is doing considerable work in this area – watch this space for updates.

43% of people in the UK have had a spam text (and 30% in the last month)

Whilst many a mobile marketer is developing whizzy apps, using QR codes and creating great mobile sites, the truth is that in the UK most consumers’ experience of mobile marketing is spam. The particular problem has been spam for accident claims, debt management and PPI claims. A new study by the DMA found that nearly 43% of the UK adult population have received such a message. It would also seem that the problem is getting worse, as 30% of people have received such a text in the last month.

The problem of the ‘text pests’ was reported on the front page of The Sunday Telegraph. Along with previous radio reports and a campaign by Money Saving Expert, the issue is becoming very high profile indeed. In the Telegraph report, John Spencer, Vice Chair of the Motor Accident Solicitor’s Association called for a ban on referral fees. Given that 3% of people have replied to such a text, the ‘claims farming’ industry is worth millions of pounds. Removing the incentive would certainly help. However, it won’t solve the problem of spam SMS. We have already seen the spammers switch to generating leads for Debt Management Orders and PPI claims. The MO is the same, and is clearly carried out by the same people. It is therefore essential that the whole of the mobile marketing sector works to removing the spam SMS, creating a clean, permission-based channel.

With my DMA hat on (yes, you get a hat when you join), we’ve been working to address the issue. A month ago we sat down with all the key regulators as well as some industry representatives to work out how we can stop it. Part of the problem is the bureaucracy of the regulators and the operators who can be both slow to respond or take concerted action. We identified seven different sets of regulations that are being breached by these messages. However that actually makes enforcement more complicated. Regulators who could enforce this are the ICO, MOJ, OfCom, OFT, The Solicitors Association and the ASA, but many of them will simply pass the buck to another regulators. Similarly, although some operators are very concerned about the problem, the ones we invited didn’t come to the meeting.

It’s hardly surprising, therefore that the DMA study found that 46% of consumers didn’t know who to complain to. Of those who thought they would know where to go, OfCom was the favoured one (20%). Unfortunately OfCom have no information or reporting procedures for this on their website. In our meeting it was clear that they had no interest in tackling the issue. Many would complain to their operator (17%), but our experience is that customer services rarely know who in their organisation they should pass the information to. In fact the two organisations who are most relevant to the accident claims texts are the ICO and MOJ. They scored the lowest of the organisations that consumers would go to.

So what’s the solution? It seems remarkably simple. At the sending end, the operators need to respond more quickly to block spam texts. At the receiving end, all of the regulators need to take a more concerted approach to enforcement. They should also be providing a clear, simple set of consumer guidelines. The ICO have some information here. There is also some useful information on Money Saving Expert.

Accident Claims (PPI and other) SMS: why can’t they stop them?

Millions of people … in fact ten’s of millions of people in the UK have received unsolicited messages along the lines of ‘FREEMSG: Our records indicate that you may be entitled to £3750 for your accident … ‘. In my DMA capacity we have been working closely with the regulators, operators and SMS aggregators to both stop the messages and identify the culprits. Here are the answers to a few questions that I’m commonly asked about these:

Who’se Doing It?
The exact identity has been very hard to establish (more on why that is, later on) but they are commonly called ‘Claims Farmers’. They solicit leads which are then sold on to lawyers and other accident claims management firms who work on a no-win no-fee basis.

Why are They Doing It?
In short, for the money. They are paid by the solicitors for each lead they send. It would seem that enough people reply to these texts, and from there, they find enough people who have a legitimate claim to make money.

Are they trying to defraud people?
No they are not. What they are doing in terms of the SMS is not legal, but once passed through to solicitors as a claim everything is above board. They are not trying to elicit money from people they are texting.

But surely it’s against the law?
It is. In fact we have identified seven different pieces of legislation which are being breached. However that’s part of the problem. They are enforced by different regulators.

Why can’t anyone catch them?
The problem is that they refuse to identify their company. By the time it reaches the solicitor or claims company the lead is perfectly legitimate.

Can’t you trace them through the numbers they use?
Unfortunately it’s not that simple. The only numbers they use in the SMS are pay as you go SIM cards. They aren’t registered to anyone.

Surely the mobile operators can stop them?
They’re trying, but it’s proving difficult. As the spammers are using pay as you go SIM cards (hooked up to a PC via a SIM bank), they send a batch of messages, then switch to another SIM card. The operators are blocking the numbers as soon as they spot the messages, however it’s quite difficult to find them. There are 9 billion text messages sent every months in the UK so monitoring them all is not an easy task.

What about the call centres that handle the claims?
The problem is that the callers refuse to identify themselves. As with the mobile SIMS the numbers used frequently changed, and subscriber information is often incorrect. Where numbers have been identified, the call centre claims that they were not the ones who sent the SMS. The typical response is ‘we represent a network of over 3000 companies’.

So if it’s not the operators or the call centres, how about the solicitors, surely they can identify the culprits?
It is a requirement under the Ministry of Justice rules that solicitors know where a lead has come from. That lead must also be obtained in a legal way. Solicitors have provided the name of the companies who supplied the leads in the past. However, once the companies are contacted they no longer have the information as they do not keep records on file on the grounds of ‘data protection’.

But surely the regulators know who is sending these and why can’t they prosecute them?
They have a good idea who they are. However, to make a prosecution requires evidence. As the spammers are hiding their identity, finding the evidence is difficult.

Where are they getting the numbers from? Surely it’s possible to find the people who give them the mobile numbers?
Identifying the source of the numbers is difficult. They are not getting them from any legitimate sources. There’s no evidence that they are coming from the operators – they are very protective of that data and risk prosecution if they fail to do so. It is possible that the numbers come from less than reputable websites. The most likely answer is that they are using number generation. There are lists of all the UK operator codes, so all they need to do is to generate the last six digits. Given that they are using PAYG SIMS with unlimited texts it’s not an expensive way to do it.

What about the emergency services? There were reports that some of them had provided numbers of accident victims?
There is a newspaper report about this, but according to the Ministry of Justice who investigated the matter it is only a handful of numbers. Also, this information would be sold directly to the claims companies and not the claims farmers who are trying to create the leads through these messages.

So what’s the solution?

First and foremost, even if you have had an accident (or are in debt or have a PPI claim), don’t respond to the message, even to request STOP. If you need to make a claim then, only use an accredited company. For accident claims, there is a list on the MOJ website https://www.claimsregulation.gov.uk/search.aspx If consumers stop replying to the messages then they will stop doing it. There’s no point unless they get their leads.

As for catching the spammers, there is a lot of work going on between the regulators, mobile operators and SMS aggregators. They are improving the lines of communication so that information can be passed back much more quickly. The operators are now trying to cooperate more closely to address the problem of the fast-changing SIM cards.

In the meantime, if you have received a message along the lines described here, then forward the message and number it came from to the MOJ on info@claimsregulation.gov.uk or the ICO on http://www.ico.gov.uk/complaints.aspx