Building trust in enterprise messaging with the MEF Code of Conduct

Our latest eBook, which focuses on A2P messaging, takes a look at what prompted the MEF to put together a Code of Conduct – Joanne Lacy, COO at MEF, explains it all.

SMS remains the most open and ubiquitous channel for communicating with consumers. It is inexpensive, works on every device, across every mobile network and is by far the most trusted format. New technologies such as RCS are also helping the messaging ecosystem innovate, and to enable enterprises and brands to drive greater consumer engagement.

Whether that’s by routing cheap messaging via grey routes that deny network operators a per message termination fee, overzealous spam marketing or more sinister practices that seek to intercept personal log-in details via SMiShing, fraud impacts revenues and risks undermining messaging as a trusted channel, and ultimately its long-term sustainability as a thriving enterprise ecosystem.

In 2015 MEF established its Future of Messaging Programme, to combat fraud and advocate best practice and market innovation. A working group of 30+ companies that includes MNOs, messaging companies and solution providers, has focused on education and building transparency in the sector by collaborating to produce a series of frameworks, research studies and papers.

At the cornerstone of the programme’s Fraud Management Work Stream is the A2P (Application-to-Person) Fraud Framework, which identified 13 fraud types impacting the enterprise mobile messaging ecosystem.

MEF also recently launched Trust in Enterprise Messaging (TEM), a self-regulatory service backed by an industry Code of Conduct for A2P SMS developed by the programme participants.

The service is part of the programme’s goal to accelerate market clean-up across the ecosystem and educate enterprise messaging buyers about the threats of fraudulent practices and poor procurement processes.

Using the example of grey routing, enterprises may be attracted to below market cost bulk messaging, yet their provider could be operating fraudulently by side-stepping business SMS rates (operator message termination fees) and using banks of consumer SIMs. The perceived cost saving impacts quality of service levels where messages are frequently delivered slowly, out of synch or not at all.

The industry Code itself sets out a standard of behaviors, procedures and actions for all actors operating within the A2P SMS market in order to protect consumers, demonstrate ethical and commercial responsibility as well as to maximize value to all companies involved in the messaging ecosystem.

In brief, Code signatories:

• Shall not create, carry or deliver unsolicited A2P SMS messages
• Must accept that consumers shall be able to revoke their consent to be contacted
• Must respect the legal or consumers’ preferences regarding time and frequency of A2P SMS interaction
• Secure and handle adequately consumers’ personal data, ensuring the best data privacy practices when collecting, processing, and transmitting it
• Shall not modify messages content or their metadata unless legitimately required for message delivery
• Should deploy effective, proportionate risk-based procedures and tools to avoid consumer and/or business fraud
• Shall not access or utilize another company’s infrastructure for any purpose for which they don’t have explicit authorization
• Never hide their identity or use someone else’s
• Shall actively promote and educate all industry parties to ensure that every service offered is safe, reliable and complies with all relevant operational and legal requirements
• Shall proactively assist regulators, law enforcement agencies and other parties of the ecosystem to limit the scope and recurrence of fraudulent incidents and identify fraudulent actors within the ecosystem

Each signatory is awarded the Trust in Enterprise Messaging badge to demonstrate their services as compliant with the Code of Conduct. This immediately identifies them as adherent to the principles of the Code which go beyond localized legal frameworks in how user data is stored, transmitted and used.

That’s important on two levels. Firstly it tells enterprises (messaging buyers) they are dealing with providers that operate the highest possible standards of compliance. When doing business in Europe, under General Data Protection Regulation (GDPR), this is even more important since both enterprises and their technology partners are jointly liable for breaches.

Secondly, it tells companies within the ecosystem itself (mobile operators, signalling providers, messaging providers etc.) that the companies they are partnering with are upholding industry best practice.

The industry has reacted positively to the launch of the Code, and MEF is now focused on driving its adoption with its members and via network operators. Find out more about MEF’s Trust In Enterprise Messaging, and download the Code of Conduct.

Get the full picture on how on the A2P Messaging market is looking today and is set to look in the future in our latest eBook: A2P Messaging – The Business of Communication

Originally Published by CLX Communications