Neutralising the impact of fraud over SMS
Tackling smishing and SMS spoofing presents a unique challenge that requires collaboration across multiple sectors and organisations.
Fraudsters often exploit sender IDs to impersonate legitimate brands, embedding messages within existing conversation threads to increase credibility. This deception leads to financial loss and privacy breaches for consumers, as well as reputational damage for brands. Additionally, scammers use “SIM farms” to bypass traditional fraud prevention methods by transmitting messages in bulk through consumer SIM cards.
Our multi-disciplinary team supported MEF and its partners in developing a trusted, secure registry that could automate sender ID validation and enabled the blocking of unauthorised messages to maintain SMS as a trusted communication channel. Since the project’s inception in 2018, we have brought together expertise in cloud infrastructure, data compliance, cloud engineering and data analysis to create an effective, scalable solution.
Since the launch of the project, Ember’s multi-skilled team has collaborated closely with MEF and industry stakeholders to design, build, and refine the SMS SenderID Protection Registry. Working in partnership with telecom providers, banks, government agencies, and messaging providers, our approach has focused on creating a unified system to validate sender authenticity and block fraudulent texts.
Key Components of our Approach:
Collaborative Product Design and Stakeholder Workshops: Ember’s product designers led early workshops with MEF the major UK MNOs (EE/BT, O2, Three, Vodafone), and stakeholders from UK Finance and the National Cyber Security Centre. These initial workshops established the tactical foundation and Proof of Concept for the registry aligning on best practices to combat smishing at scale.
SenderID Validation and Blocking: The registry was designed and developed to verify sender IDs using a dynamic whitelist and blacklist. Any sender not registered as a verified sender is flagged as blocked, safeguarding consumers from fraudulent messages. Our data engineers and cloud specialists implemented the registry to allow for the easy update and synchronisation of these lists.
Multi-Market Scalability: Following the UK launch in 2019, we supported MEF in expanding the registry to Ireland and Spain. Recently, the registry was launched in Singapore, making it the first implementation outside Europe and our team adapted the platform to meet specific regulatory requirements in each region while preserving the global standard for fraud prevention.
Advanced Fraud Prevention for High-Risk Sectors: By enabling organisations to register their message headers, the registry reduces the ability of fraudsters to spoof sender IDs. To date, the registry protects 352 trusted sender IDs in the UK, including government agencies like HMRC and DVLA. With over 1,500 unauthorised variants blocked, including 300 linked to the Government’s Coronavirus campaign, the registry is a critical line of defence for consumers and brands alike.
Scalable Multi-Region AWS Deployment: We host the Registry on a compliant, high-availability AWS infrastructure with ECS and containerised architecture, ensuring seamless scalability and cross-region deployment for global expansion.
Through registry sender ID validation, the registry has reduced fraudulent message delivery and reinforced SMS as a trusted communication channel. Our multi-disciplinary team has worked closely with MEF which has allowed us to foster strong industry alignment and laid the groundwork for the registry’s expansion into new markets. MEF’s members, including telecom providers, government bodies, and financial institutions, benefit from a safer, more reliable messaging ecosystem.
The SMS Protection Registry exemplifies a successful industry response to smishing and SMS spoofing and our multi-disciplinary team has provided the expertise necessary to make this ambitious project a reality. With ongoing participation from 70 merchants and protection for over 200 brands, the registry has blocked thousands of fraudulent sender IDs, preventing SMS scams across the UK, Ireland, Spain, and Singapore. This impactful initiative has significantly reduced smishing attacks, bolstered consumer trust, and positioned MEF as a leader in global SMS fraud prevention. With further expansions anticipated, the registry continues to set a benchmark for industry collaboration in securing SMS communications.
