William Dudley RCS, SMS

Who’s Calling? Who’s Texting? Assessing Sender ID Validation (Part 3)

Businessman Using Cell Phone in Conference Room --- Image by © Sean Justice/Corbis

This first appear on D!gitalist on October 7, 2019.

Part 3 of the 3-part “Fighting Robocalls” series presenting a comprehensive assessment of sender ID validation in mobile messaging

In Part 1 of this series, we focused on trends to mitigate robocalls in voice communications and began to look into efforts to cut down on unwanted text messages. In Part 2, we examined alphanumeric and long-code sender IDs in text messaging. Part 3 looks at next-generation trends and recommendations.

Now we have RCS

As we move into the 2020s, the next generation of mobile operator messaging is finally starting to take root: Rich Communications Service (RCS). RCS, in its current iteration based on GSMA standards called Universal Profile, is growing as a potentially lucrative channel for businesses to interact with consumers. Like SMS, it can be used for person-to-person (P2P) communications – and it will be – but it really shines as a business channel. For now, RCS is an Android-only messaging channel, as Apple has not yet supported RCS Universal Profile within its messaging app.

In RCS, the sender ID is the name of the business or enterprise. In other words, if you are interacting with the sandwich shop Subway, you’ll see “Subway” as the sender ID. Likewise, if you interact with Citibank, you’ll see “Citi” or “Citibank” as the entity you are exchanging messages with. Herein lies the problem. If you reach out to interact with a brand or business, you must be sure that you are interacting with the legitimate business. Currently, that verification is done either at the mobile-operator level or sometimes by the RCS gateway (such as Google RBM).

As shown in the following screenshot, a user can tap the shield with the checkmark on the upper-right side of the screen to find out if the sender ID has been verified (by Google, in this case).

Some operator groups, such as Vodafone Group, will have a similar capability, where a user will see “Verified by Vodafone” if they tap the shield with the checkmark. This is expected to apply to all Vodafone operating companies.

With other mobile operators, the “Verified by” capability is dependent on a number of factors: e.g., who is providing the RCS infrastructure for the operator or the device and what country they are operating in. In other words, there isn’t a single, even country-wide RCS sender ID registrar that can be easily trusted by consumers to provide some level of confidence that a sender is who they say they are.

One argument is that each mobile operator should be a trusted party for consumers. So if the “trust shield” is tapped and the popup states: “Verified by Operator Name,” that will be fine for many consumers. And at least for the near term, I believe this is what we’ll have.

The need for a global sender ID registration

Longer term, as RCS becomes a prevalent business engagement channel, we will need a more comprehensive sender ID validation and registration scheme, one that is:

  • Maintained by an impartial third party
  • Known and trusted by consumers
  • A hassle-free way for businesses – both small and large – to become registered and validated
  • Inexpensive
  • Equipped with procedures for dispute resolution, e.g., changes, transfers, escalations
  • Capable of interoperating with other country-wide or regional registrars

I believe that the ability to register business names for RCS and messaging channels will become as prevalent as registering Internet domain names today. There are over 900 ICANN domain-name registrars, governed by specific policies and guidelines. There is no reason why the ability to register and validate RCS sender IDs could not leverage similar capabilities.

Within the next decade, the messaging industry must agree on similar policies and procedures to ensure the integrity of business messages – especially as RCS begins to become more prominent as a business/brand engagement solution. Currently, both the GSMA and Mobile Ecosystem Forum (MEF) are looking at establishing guidelines for sender validation and identification, if not establishing a global infrastructure. How this will translate into a trusted, worldwide registration and validation of sender IDs is still uncertain. But a hierarchical registration structure, similar to ICANN domain-name registrars, would not be out of the question. Could this be a next-generation service provided by a global organization such as ICANN? Again, I don’t think that would be out of the question.

Non-mobile operator messaging solutions, such as WhatsApp, WeChat, Facebook Messenger, Snapchat, and others, are essentially private-label messaging apps with associated ecosystems. They are not interoperable across multiple mobile operators like a standards-based messaging solution such as RCS and of course, SMS. Even Apple’s iMessage (and its Apple Business Chat) fall into that category. As such, they should not be subject to such international registrations of business names as would RCS. They are free to establish their own policies and procedures for business messaging (and many of them have already done so). Of course, they are also free to participate in any industry-wide validation scheme that may come to fruition.

As the mobile industry moves toward greater sender ID validation, rest assured that it aims to avoid many of the pitfalls we’ve all endured with voice and SMS. With RCS, I think that ultimately, we’ll get it right and that consumers and businesses will enjoy all of the rich benefits that RCS will provide through the next decade and beyond. Then we’ll know exactly who is texting us (and probably calling us too)!