The Telecom Regulatory Authority of India (Trai) is getting serious about spam. Again. Last month, it recommended that all network operators should implement caller name display service on mobile phones and that all smartphone makers should enable this feature within a stipulated period. Battling unwanted calls and messages is nothing new to Trai, which has deployed every advanced weapon, from blockchain to artificial intelligence.
But nimble-footed spammers have always been a step or two ahead of it, and unwanted messages and calls continue to flood the phones. In 2018, Trai introduced a novel blockchain-based architecture called distributed ledger technology (DLT), to ensure consent-based calling and messaging as well as to create business opportunities for enterprises and telcos.
It took three years for DLT to be fully implemented. Three years later, in 2024, it is still facing criticism for being ineffective not only due to the evolving tactics of senders but also due to the fundamental problems that were not addressed while building the technology.
Why did this massive technology solution fail? How does Trai plan to control damage?
At the heart of the spam is the primal need of businesses to tap every consumer touch point to market themselves—from text messages and messaging apps like WhatsApp and Telegram to voice calls, emails, browser pings and in-app notifications.
Enterprises want cost-effective ways to spam users to get conversions and to upsell and cross-sell products and services. Still, it is the simple SMS text that remains the most used method across the globe for enterprise messaging.
This comes with perils. SMS is the biggest channel of phishing in India. Over 150 million phishing messages are sent out every month, with 60-75 million unique users vulnerable from attacks, as ET reported last month, quoting Sunil Bajpai, chief trust officer at Tanla Platforms. About 100,000-300,000 people potentially get scammed every month, but only 35,000- 45,000 report it.
BLOCKS IN THE CHAIN
Trai’s 2018 regulation was indeed unusual —it was a first-of-its-kind use case of blockchain to be deployed in the world’s largest telecom market carrying over 1.5 billion SMS messages per day. However, it cast the burden of finding solutions on telecom operators.
They had no prototype to learn from and this required time and investment. They had to find ways to implement blockchain without losing business. For, enterprise messaging was the main source of revenue for telcos since personal messaging had shifted to platforms like WhatsApp.
While telcos were wading into uncharted territory, several telemarketers, aggregators and even enterprises like Paytm moved court, challenging several premises of Trai’s regulation. It was only in 2020 that technology tools were ready to onboard enterprises and started parsing live SMS traffic through a decentralised ledger of registered enterprises (for example, HDFC Bank), SMS headers (VKHDFCBK) and message templates (Hi, Your account balance is…).
The Covid pandemic caused some hiccups and the system was finally up and running in early 2021. Nearly 2.7 lakh enterprises were onboarded to the new platform. At the outset, the new regime brought several controls.
The result: subscriber complaints against registered senders—telemarketers who are registered with Trai to send bulk commercial communications—fell drastically between 2021 and 2023 as clean traffic volumes grew to new highs. “We have found that complaints have fallen from 200,000 per month to only 30,000 now,” says a senior TRAI official, requesting anonymity.
“The DLT tool also became a crucial resource for detecting illegal grey routes, and even for the Ministry of Home Affairs to unearth Jamtara-type scammers,” he adds, referring to the town in Jharkhad that became infamous as a hotspot of digital frauds. To dodge this, spammers started using 10-digit mobile numbers. They were no longer registered with Trai. Complaints against these unregistered senders touched 8-9 lakh per month, says the official. There was another reason for spam messages to go up. “Price wars among telcos led to a flooding of the system with unchecked registrations of headers and templates,” says another telco executive.
Reliance Jio allowed free registration of headers and content templates, and close to 5 million templates were ready to be weaponised by unsolicited senders. About 20,000 templates were registered by one bank. Some were not even used for over six months. It was the casual attitude of even legitimate businesses that led to the piling up of garbage on DLT. At that time, Rajdip Gupta, CEO of cloud communications company Route Mobile, called DLT a “big failure”.
“I think the regulator needs to understand why DLT has failed. It needs to take a strong stand on DLT to make sure operators are doing the right practice, and verifying those central (registered) IDs correctly,” Gupta had told ET earlier.
Trai made an effort to clean up the mess in February 2023 when it ordered operators to remove inactive, irrelevant and scam headers and templates. It also mandated AI-based detection of scam and fraudulent messages. Vodafone Idea and Bharti Airtel demonstrated separate solutions which could detect scam with 99% accuracy. But, again, it didn’t lead to desired results.
“These disparate AI solutions are working in silos, mostly because telcos are working in partnership with different technology partners and even directly with banks.Competition and pricing are the key issues here,” says a DLT product engineer at a telecom company, requesting anonymity DLT has a consent and preferences module, which is the most crucial element for the project to succeed.
This means subscribers will be able to specify when they would like to receive a marketing message from a particular company—say, between 9 am and 5 pm, on weekdays. Unfortunately, this never took off or reached subscribers.
“I believe consent wouldn’t be useful. It would require an overhaul of the entire DLT directory because enterprises have comfortably chosen to register everything as a service message,” says the telco executive quoted above. Service messages include one-time passwords and banking alerts which do not require consent. As of today, nearly 90% templates are registered in the service category.
WHAT LIES AHEAD?
Despite difficulties, Trai has been trying to erect guardrails to prevent spamming. Telecom companies have invested huge resources over the years to comply with its directions and well as maintain business equilibrium. However, in the race between the defender and the attacker, the latter adapts faster and moves a few steps ahead.
“The regulator has issued six directions since the anti-spam regulations came into force in 2018. Lately, the AI-based analysis by telcos and other measures such as capping SMS volumes and discontinuing resources of spam senders have shown drastic results to monitor the SMS channel,” says the TRAI official quoted above.
The regulator is also aware that some telecom service providers (TSPs) are not proactively following the codes of practice.
“Trai will call upon TSPs to identify the gaps and standardise these procedures,” says the official. If Trai succeeds, your phone will let you know—the number of junk messages will fall and the pesky calls will announce themselves and fade into irrelevance.