ABA/Joint Trades’ Comment to FCC re: Illegal Text Messages

The American Bankers Association, ACA International, American Financial Services Association, Credit Union National Association, Mortgage Bankers Association, National Association of Federally-Insured Credit Unions, National Council of Higher Education Resources, and Student Loan Servicing Alliance (the Associations) appreciate the opportunity to comment on the Notice of Proposed Rulemaking (Notice) in the above-captioned proceeding. In the Notice, the Federal Communications Commission (Commission) proposes to require mobile wireless providers (Providers) to block, at the network level, illegal text messages – specifically, text messages that purport to be from a legitimate business but may be sent by a scammer from invalid, unallocated, or unused numbers. The Commission would also require the blocking of texts sent from numbers on a Do-Not-Originate (DNO) list. The Notice also tentatively concludes that Providers should implement a caller ID authentication framework for text messages as a way to mitigate illegal number spoofing. Our members report that bad actors illegally “spoof” phone numbers belonging to legitimate businesses when sending text messages – i.e., the bad actor sends a text message from a number that appears to belong to the legitimate business or sends a text message from the bad actor’s own number, making it appear that it is from a legitimate business, with the intent to defraud the recipient. We support the Commission’s proposal to require Providers to block text messages that are from invalid, unallocated, or unused numbers or those on a DNO list because those messages are highly likely to be illegal.

At the same time, it is critical that the Commission’s rules do not impede the completion of text messages sent by legitimate businesses to their customers and other consumers. Businesses often send informational text messages when circumstances require an immediate response. For example, financial institutions may send text messages when the customer is at the point-of-sale, but transaction monitoring analytics suggest that it may be a suspicious transaction, and the institution seeks to confirm that the customer—and not a bad actor—is making the transaction. If the customer does not receive the text message, he or she cannot complete the sale. Alternatively, if the bad actor is the one making the transaction, the customer cannot take steps to stop the fraud if the customer does not receive the institution’s text message. Financial institutions also are expected by their regulators to employ multi-factor authentication to prevent unauthorized individuals from accessing a customer’s account. To comply with this expectation, institutions often send a text message to customers when they attempt to access their account in order to verify the customer’s identity. Without access to the account, customers cannot determine the amount of funds available in their account or make other financial transactions.

To protect text messages sent by legitimate businesses, we urge the Commission to exclude “short code” text messages (text messages that businesses send from five- or six-digit numbers registered with CTIA, the trade association representing wireless companies) from any mandatory blocking, unless there is evidence that the sender is illegally spoofing the message. In particular, the Commission should require Providers to block only those texts that originate from invalid, unassigned, or unused numbers or those on a DNO list until the Commission identifies a class of text messages that have clear indicia of illegality. We also urge the Commission to require Providers to provide immediate notification when a sender’s text message has been blocked and to resolve disputes immediately, and no later than six hours after receiving the dispute. In addition, if the Commission decides to include IP-based text messages in its proposed caller ID authentication mandate, we urge the Commission to ensure legitimate IP-based text messages are not blocked.

Download the comment letter to read the full text.