TRAI Mandates Pre-Tagging of SMS Variables to Curb Fraud
The Telecom Regulatory Authority of India (TRAI) has directed telecom providers to mandate pre-tagging of all variable components in commercial SMS templates, a move aimed at curbing rampant fraud and phishing activities.
Key Takeaways
- TRAI mandates pre-tagging of URLs, app links, and callback numbers in SMS templates.
- Telecom companies and businesses have 60 days to comply.
- Non-compliant messages will be blocked after the deadline.
- New rules aim to prevent fraudulent content insertion in approved templates.
What Needs to Be Tagged?
Variable components that change based on recipients or over time—including URLs, application download links, and callback numbers—must now be explicitly tagged during template registration. Senders must specify the purpose of each variable field.
“For example, tagging a variable as #url# implies that the variable contains a URL. Unless these variable fields are pre-tagged, Access Providers cannot identify or scrub them to determine whether the inserted values are from whitelisted domains, numbers, or links,” the Ministry of Communications stated.
Implementation Timeline
Access Providers and Principal Entities must complete modifications of existing templates within 60 days. After this compliance window expires, messages sent using non-compliant templates will be automatically rejected and undelivered.
Combating SMS Fraud
Evidence from multiple Unsolicited Commercial Communications (UCC) investigations revealed that the absence of predefined tagging has been routinely exploited for fraudulent activities. The lack of tagging allowed malicious URLs, app links, and callback numbers to be inserted into approved templates without detection.
The new directive strengthens the anti-spam framework by ensuring complete visibility of variable fields in SMS, enabling telecom providers to apply stringent content scrubbing and make entities accountable for their communications.
