The ECC Recommendation will contain policy rules on how to handle the SMS SenderID in order to maintain trust in the SenderID

The WG NaN has already developed detailed policies on how to handle the CLI in voice communications in order to maintain trust in the CLI.

SMS SenderID is the equivalent identifier as CLI for voice calls but for SMS. SMS is used for person-to-person (P2P) communications, but also more and more for application-to-person (A2P) communications. In this last category, we can distinguish between premium rate SMS, where the receiver of the SMS pays for the premium rate service and business messaging as one-time passwords, alerts for appointments which are not charged for the receiver. While the premium rate SMS- service is in decline, business messaging including the use of SMS as an extra security layer are getting more and more popular (2-factor authorisation as defined in Payment Services Directive - PSD2).

The work item will be limited to A2P-  communications.

While for voice communication the CLI is always a telephone number, for SMS it is possible to use alphanumeric characters in SenderIDs. It is not common that CEPT Administrations regulate their use. This creates additional risks as people are more likely to be mis leaded in case of spoofing by an alphanumeric identifier (e.g. well-known brands) than a numeric one. From a technical point of view it is easy to modify the SenderID in a number or alphanumeric characters. SenderID spoofing for SMS is seen by many administrations more and more as a problem with a very negative impact for end-users, since often it is used for frauds. Moreover, in case of provisioning of business messaging via SMS typically a long chain of subjects is involved and this increases the complexity in identifying the real sender of the messaging.

Although the scope of the ECC Report 338 on CLI spoofing adopted 7^th June 2022 and the following ECC Recommendation in preparation is limited to voice communications, some principles (e.g. with A/B handshaking and the respect of international Recommendation E.157 for international communications) described can be used in this new Recommendation.

This ECC Recommendation aims to increase the trust in SenderID proposing rules and good polices on how to handle SMS SenderID. Special attention will be given  to maximise the commercial benefit for the stakeholders of SMS while minimising the risk of fraud and or abuse where SenderID plays a role. It will draw on the good practices currently applied in several countries.

The ambition of the ECC Recommendation is to move as far as possible towards a common approach in the CEPT countries.

Belgium, Italy, Sweden, Ireland, UK, Norway, Latvia, Portugal, Türkiye, Switzerland, Netherlands, Bulgaria, Finland.