The importance of data protection and authorized messaging routes

For reasons including extraordinary open rates and ubiquity, SMS messaging is a trusted and frequently used channel for businesses to communicate with their customers.

The numbers are quite impressive. Sinch, one of the leaders in the space, sends over 107 billion messages annually for eight of the top 10 tech companies in the world as well as thousands of others of varying sizes.

While the SMS channel is quite effective, it also is not homogeneous. In other words, not all providers operate the same way.

In large part, to ensure that businesses follow best practices, MEF has released a whitepaper titled Business SMS, SIM Farms, and the Data Protection Risk.

Written by MEF’s Future of Messaging Programme, the paper looks at the convergence of two key topics for business messaging: data protection and the use of unauthorized routes, especially SIM farms.

A mature and robust ecosystem exists to deliver billions of business SMS or text messages on a daily basis. However, this scale inevitably means pricing is competitive and sometimes market rates are undercut by some companies delivering messages via unauthorized routes.

One such route is a SIM Farm where a bank of unauthorized SIM cards is used to send business SMS as opposed to delivering the messages via the authorized routes to the mobile network operator and on to the end-user. Use of these routes continues to undermine the messaging value chain and trust in business messaging.

At the same time, in recent years global data protection legislation, particularly in the European Union, has shone the regulatory spotlight on best practices for managing personal information and data.

The full report is available here.

Beyond reading it, there are several immediate steps that you should take, per the MEF.

Know your supplier – A messaging provider should have a clear data protection handling policy.

Know your messaging delivery chain – A supplier offering price points significantly below the rates offered by the local mobile network operators is an indication of SIM Farms possibly being used.

Know your data protection risks – Your customers’ personal data should not leave/enter any jurisdiction where it is unlawful for it to do so, nor be handled by any party for which explicit consent has not been given by your customer.

Audit your suppliers – If message content and/or SenderIDs have been altered between submission to your supplier and delivery to your customer, which you can monitor by using one of the various testing services available in the market, this is a sign a SIM Farm may be in use (unless specific country requirements are in place, e.g. pre-registered short codes).

While the report is excellent, Sinch experts are available to answer any questions related to your businesses’ unique situation. Download your copy of the report here, or reach out to your Account Manager for more information.