As SMS — currently a $55 billion global market — continues its huge growth in the enterprise space, there are more and more horror stories floating around the Internet. From Australian and Chinese bank phishing to Russian-friendly Android malware to one Medium writer’s war on SMS, we’ve been bombarded by the message that SMS is unsafe.
Thankfully, these issues can be overcome — and have been in the US market. Frankly, businesses shouldn’t be worried: SMS is an important, effective, and safe communications platform for businesses, and it will stay that way.
Why companies want to use SMS
There are a few reasons for the enduring popularity of SMS as a method of communication, most of which stem from its efficacy. While a good open rate for emails hovers around 30 per cent, SMS open rates exceed 99 per cent, and 90 per cent are opened within three minutes of receipt. Those stats are incredible, and it’s unsurprising that so many different industries employ SMS for communication.
Debt collection is a prominent one. It’s a difficult industry for both parties: Nobody wants to fall into debt, and nobody wants to have to call in the debt collectors, either. With more than a third of Americans behind on repayments, however, it’s an industry that requires quick, easy communication. Few agencies have the time to handle the necessary volume of calls, so sensitively worded SMS messages are an efficient, nonthreatening way to contact debtors.
Plenty of other organisations, old and new, are reaping the benefits of SMS. Hot startups like Lyft use SMS to communicate with drivers and passengers, as do more traditional operations, like staffing agencies that help people find temporary work. Even churches have adopted SMS in communicating with their congregations, offering daily scriptures and information about youth groups. These are all opt-in, and people can add and remove themselves as they wish.
Staying safe with SMS
So why are some businesses still skeptical about SMS? I commonly hear these three security concerns:
1. Control of data
Most information sent via SMS isn’t sensitive. Typically, messages direct the reader elsewhere. But companies still want to be in control of the data. They want to make sure that they can get it out of the SMS system and incorporate it into their workflow while ensuring that the data itself is secure. The proliferation of companies offering business-oriented SMS services means managing this data has never been easier.
The second major concern is a familiar one for businesses: compliance. Fortunately, government regulation of the SMS network is clear and effective. The Telephone Consumer Protection Act (TCPA) created guidelines for protecting consumers from spam messages often used for phishing, and a 2015 FCC ruling broadened the act’s definition of calls to explicitly include SMS messages.
Reputable carriers hand enterprise clients clear guidelines for TCPA compliance, and each carrier has its own system in place to enforce compliance. Because carriers are liable for TCPA violations, enterprise violators are swiftly and mercilessly shown the door.
The final worry relates to phishing links. These were once the scourge of email inboxes, and many worry that the same burden will hit SMS messaging, but carriers are excellent at filtering out this threat. Just as all email providers now automatically filter spam messages, carriers do the same with phishing texts. Many have even set up text hotlines to help consumers report suspicious or illegitimate texts. AT&T and Verizon are known for cutting the cord on companies for even small violations, creating an environment that reinforces good behavior.
Regulators are cracking down
Companies that use SMS are often concerned about phishing and TCPA compliance, but what about spoofing? While harmful spoofing may occur in the UK — where the Medium writer is based — it’s far less common in the US. Regulation (surprise!) is helping to eliminate harmful spoofing.
The Truth in Caller ID Act recently tightened the law on spoofing. While “non-harmful spoofing” — such as a doctor using his cell phone to make a call from his office number — remains acceptable, sending spoofed messages intended to defraud or cause harm to others can result in stiff criminal and civil penalties.
These consequences, combined with the interconnected nature of providers, mean that there’s a strong and sensitive security environment related to SMS messaging in the U.S., and it extends to spam, too.
In 2013, Papa John’s paid $16.5 million to settle a lawsuit on spam text messages, and it could have been a lot worse. The pizza chain wasn’t the only company to run afoul of the law on spam texting; Twilio and GroupMe faced similar charges. There are plenty of pit bulls going after businesses that refuse to follow the rules, ensuring the great majority of businesses use SMS safely and responsibly.
With all this oversight from government, carriers, and consumers, it’s no surprise our SMS inboxes have remained clear of spam and phishing links, even in the absence of email-like spam filters. And that means that businesspeople can rest easy knowing that their SMS communications are safe, secure, and effective.
Ash Rust is the CEO and co-founder of SendHub