Increased use of illegal channels for business SMS is exposing businesses texting European consumers to GDPR breaches and risk of fines. It’s got to stop.
Business SMS has become an essential part of our everyday lives. You may not be overly aware of it, but living in Europe, in an average month, you are likely to receive 14 business SMS. Companies, organizations, and governments are using business SMS more and more to operate their services, promote their products, or engage society on different issues.
And of course they are! The handy SMS has many uses: from one-time pin codes to log in to your online bank, to doctors’ appointment reminders and notifications about flight delays. And it’s also used for critical communications – during the Covid-19 pandemic it helped governments with the roll out of national vaccination programmes. Sounding more familiar?
And it’s a growing sector. From banking to healthcare, business SMS helps drive economic growth and innovation across Europe and around the world, with an estimated €20.3 billion spent by companies using it every year (of which €1.6 billion is spent in Europe). And this is expected to increase by 8% annually until 2025.
The ubiquity of SMS is key. It works across all mobile devices and networks worldwide. Not to mention its reliability and effectiveness in helping companies and organizations engage with their customers.
The continued success of the sector and the value it brings to business is, however, not without challenges.
There are illegitimate players taking advantage of the market, exploiting backdoors and regulatory loopholes to make money. So-called SIM Farms expose consumers to fraud and data theft, and expose businesses to non-compliance with EU data protection legislation, which could result in litigation and fines.
Get this: one third of all business SMS globally, and 19% in the EU, are not sent to consumers in the way mobile operators intended. Of those sent the wrong way, SIM Farms are the most common method.
So, what is a SIM Farm?
Business SMS should only be sent via dedicated mobile operator systems. By using consumer SIM cards in unauthorized ways, SIM Farms can offer a cheaper means for companies to send business SMS – but often in breach of mobile operators’ Terms & Conditions. Many SIM Farms are operated by bad actors, often based outside the EU, and are non-compliant with the EU’s data and consumer protection rules. Some SIM farm operators harvest customer’s phone numbers and whatever other sensitive personal information they can use for illicit purposes.
As data controllers, businesses that knowingly – or unknowingly – use SIM farms in their value chain therefore expose themselves to serious breaches of the GDPR.
In 2019, the total amount lost by consumers to communications fraud annually in the EU is estimated at around €12 billion. And 5% of such fraud cases are directly related to SMS, meaning that EU consumers lose at least €600 million per year due to SMS fraud. And the real number is probably significantly higher, as SMS is a very personable means of communications and therefore a more effective channel for fraud.
In addition, fraud has grown significantly during the COVID-19 pandemic. Mobile operators in the EU alone suffer over €300 million in lost revenues a year due to unauthorized SMS.
As we head towards International Data Protection Day on January 28th, Sinch is taking a stand.
As an advocate for the sector, we call on all stakeholders across the value chain to join forces to address this issue through the adoption of best practices on how to manage the use of business SMS.
In particular, we would like companies sending business SMS to European consumers to take proper responsibility for their SMS delivery chains and ensure they are free from bad actors.
Additionally, we want to promote increased commitment to initiatives such as the Mobile Ecosystem Forum’s Business SMS code of conduct, and the adoption of technical solutions such as sender ID registries in more countries and national spam reporting services to help detect, block, and prevent fraud. Mobile operators play an important part in the business SMS ecosystem, and we encourage them to continue their efforts to protect European subscribers.
We also call on policymakers and regulators to help raise awareness and ensure better enforcement of existing data protection regulations (GDPR and e-Privacy) to protect European consumers.
Customer trust is key to the sector’s continued growth and success. We’re keen to talk to you about how we can potentially work better together to protect consumers and businesses. If you would like to find out more, please get in touch!
–
Robert Gerstmann is Chief Evangelist and co-founder at Sinch AB.
About Sinch
Founded in Sweden in 2008 and headquartered in Stockholm, Sinch is a European champion, a leading cloud communications platform. Sinch simplifies life by bringing all people and businesses together. Its leading cloud communications platform lets its 170,000 business customers reach every mobile phone on the planet, in seconds or less, through mobile messaging, email, voice and video. Sinch’s platform powers business-critical communications for many of the world’s largest companies and Sinch is a trusted software and services provider to mobile operators. Now operating in over 50 countries, it has become the largest in its sector in Europe and the second largest globally.
When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.
Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.
Cookie Statement
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
Cookie details
Cookie Subgroup | Cookies | Cookies used |
---|---|---|
eu5.mm.sdi.sinch.com | ASP.NET_SessionId | First Party |
community.sinch.com | AWSALB , LiSESSIONID | First Party |
appengage.sinch.com | dd_cookie_test_ | First Party |
tickets.sinch.com | atlassian.xsrf.token , JSESSIONID | First Party |
cockpit2.sinch.com | SESSION | First Party |
engage.sinch.com | instapage-variant-xxxxxxxx | First Party |
dashboard.sinch.com | cookietest | First Party |
brand.sinch.com | PHPSESSID , AWSALBCORS | First Party |
sinch.com | __cf_bm , OptanonConsent , TEST_AMCV_COOKIE_WRITE , OptanonAlertBoxClosed , onesaasCookieSettings, QueryString, functional-cookies, performance-cookies, targeting-cookies, social-cookies lastExternalReferrer, lastExternalReferrertime, cookies, receive-cookie-deprecation _gdvisitor, _gd_session, _gcl_au, _fbp, _an_uid, _utm_zzses, lpv | First Party |
mediabrief.com | __cf_bm | Third Party |
recaptcha.net | _GRECAPTCHA | Third Party |
cision.com | __cf_bm | Third Party |
techtarget.com | __cf_bm | Third Party |
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous.
If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Cookie details
Cookie Subgroup | Cookies | Cookies used |
---|---|---|
community.sinch.com | ValueSurveyVisitorCount | First Party |
buzz.sinch.com | instap-spid.8069 , instap-spses.8069 | First Party |
appengage.sinch.com | _dd_s | First Party |
sinch.com | AMP_TLDTEST , rl_page_init_referrer , rl_trait , _vis_opt_s , __q_state_dp56h9oqwhna9CoL , cb_user_id , __hstc , rl_anonymous_id , rl_user_id , initialTrafficSource , _vwo_uuid , _vwo_uuid_v2 , rl_page_init_referring_domain , _hjIncludedInSessionSample_xxx , apt.uid , __hssrc , test_rudder_cookie , cb%3Atest , __hssc , rl_group_trait , _hjAbsoluteSessionInProgress , _vwo_referrer , _vwo_sn , _vis_opt_test_cookie , _hjFirstSeen , _hjTLDTest , _hjSession_xxxxxx , s_sq , _vwo_ds , rl_group_id , _vis_opt_exp_n_combi , s_cc , _gclxxxx , cb_anonymous_id , cb_group_id , apt.sid , rl_session , _uetvid , AMP_899c7e29a9 , _hjSessionUser_xxxxxx | First Party |
brand.sinch.com | AMP_TEST | First Party |
engage.sinch.com | no-cache , instap-spses.85bb , instap-spid.85bb | First Party |
www.sinch.com | d-a8e6 , s-9da4 | First Party |
nr-data.net | JSESSIONID | Third Party |
sinch-en.newsroom.cision.com | _ga, _gid | Third Party |
sinch.in | _ga_xxxxxxxxxx, _gat_UA-XXXXXX-X, _gid, _ga | Third Party |
terminus.services | terminustb | Third Party |
g.fastcdn.co | instap-spses.85bb | Third Party |
hello.learn.mailjet.com | pardot, visitor_id, visitor_id##### | Third Party |
www.googletagmanager.com | userId | Third Party |
hello.learn.mailgun.com | visitor_id#####, visitor_id | Third Party |
dev.visualwebsiteoptimizer.com | _vwo_ssm | Third Party |
box.com | box_visitor_id | Third Party |
app.box.com | z, cn | Third Party |
sinch-tfn.paperform.co | laravel_session | Third Party |
go.sinch.in | visitor_id#####, visitor_id | Third Party |
Qualified | __q_local_form_debug | Third party |
Rudderstack | rudder.inProgress, rudder.3156dd1f-7029-4600-ae54-baf147d9af20.queue, rudder.3156dd1f-7029-4600-ae54-baf147d9af20.ack, rudder.3156dd1f-7029-4600-ae54-baf147d9af20.reclaimStart, rudder.3156dd1f-7029-4600-ae54-baf147d9af20.reclaimEnd, | Third party |
6sense | _6senseCompanyDetauls, _6signalTTL | Third party |
Appcues | apc_local_id, apc_user | Third party |
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device.
If you do not allow these cookies, you will experience less targeted advertising.
Cookie details
Cookie Subgroup | Cookies | Cookies used |
---|---|---|
investors.sinch.com | visitor_id | First Party |
community.sinch.com | VISITOR_BEACON , LithiumVisitor | First Party |
sinch.com | _uetsid , ajs_user_id , _gcl_aw , ajs_group_id , AMCV_ , __utmzzses , _fbp , _gcl_au , AMCVS_ | First Party |
go.latam.sinch.com | visitor_id##### , pardot | First Party |
linkedin.com | li_gc, bcookie, lidc, AnalyticsSyncHistory, UserMatchHistory, li_sugr | Third Party |
pi.pardot.com | lpv151751, pardot | Third Party |
hsforms.com | _cfuvid | Third Party |
google.com | CONSENT | Third Party |
sinch.in | _gclxxxx, _gcl_au | Third Party |
www.linkedin.com | bscookie | Third Party |
bing.com | MUID, MSPTC | Third Party |
www.facebook.com | Third Party | |
hello.learn.mailgun.com | pardot | Third Party |
www.youtube.com | TESTCOOKIESENABLED | Third Party |
dev.visualwebsiteoptimizer.com | uuid | Third Party |
g2crowd.com | __cf_bm | Third Party |
pardot.com | visitor_id#####, visitor_id | Third Party |
tracking.g2crowd.com | _session_id | Third Party |
hubspot.com | __cf_bm, _cfuvid | Third Party |
doubleclick.net | test_cookie, IDE | Third Party |
youtube.com | CONSENT, VISITOR_PRIVACY_METADATA, VISITOR_INFO1_LIVE | Third Party |
go.sinch.in | pardot | Third Party |
liadm.com | lidid | Third Party |
www.google.com | _GRECAPTCHA | Third Party |
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these services may not function properly.
Cookie details
Cookie Subgroup | Cookies | Cookies used |
---|---|---|
portal.sinch.com | pnctest | First Party |
partner.appengage.sinch.com | _dd_s | First Party |
investors.sinch.com | First Party | |
community.sinch.com | LithiumUserInfo , LithiumUserSecure | First Party |
tickets.sinch.com | selectedidp | First Party |
engage.sinch.com | ln_or | First Party |
cockpit2.sinch.com | CSRF-TOKEN , NG_TRANSLATE_LANG_KEY | First Party |
sinch.com | apt.temp-xxxxxxxxxxxxxxxxxx , hubspotutk , ajs%3Acookies , cf_clearance , ajs%3Atest , __tld__ , __q_domainTest , pfjs%3Acookies , ajs_anonymous_id | First Party |
auth.appengage.sinch.com | AUTH_SESSION_ID , KEYCLOAK_3P_COOKIE , KEYCLOAK_3P_COOKIE_SAMESITE , KC_RESTART , AUTH_SESSION_ID_LEGACY | First Party |
www.recaptcha.net | _GRECAPTCHA | Third Party |
boxcdn.net | __cf_bm | Third Party |
d2oeshgsx64tgz.cloudfront.net | cookietest | Third Party |
sinch-np.paperform.co | XSRF-TOKEN, laravel_session | Third Party |
vimeo.com | __cf_bm, vuid | Third Party |
sinch-ca-sc.paperform.co | XSRF-TOKEN, laravel_session | Third Party |
box.com | site_preference | Third Party |
app.box.com | bv | Third Party |
sinch-tfn.paperform.co | XSRF-TOKEN | Third Party |
cision.com | cf_clearance | Third Party |
These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.
Cookie details
Cookie Subgroup | Cookies | Cookies used |
---|---|---|
community.sinch.com | ln_or | First Party |
sinch.in | _fbp | Third Party |
youtube-nocookie.com | CONSENT | Third Party |
youtube.com | YSC | Third Party |