.svg)
Lithuania’s Communications Regulatory Authority has ordered mobile operators to combat fake text messages sent by fraudsters, in a sign of European authorities trying to reduce authorised push payment (APP) fraud risks.
"For the first time, we have established a procedure for identifying fake text messages. From now on, mobile communication service providers will have to identify fake SMS from the general SMS flow and thus prevent users from losing personal data or finances", said Jūratė Šovienė, chair of the Communications Regulatory Authority.
Through consulting with the general public and relevant stakeholders, the Lithuanian regulator found that text messaging can often be the beginning of a scam, which can lead to money being handed over by victims of APP fraud.
From now on, using filtering tools, mobile operators in Lithuania — the largest of which are Bite GSM, Tele2 and Telia — will have to detect the links of web pages and assess them against the list of harmful web resources that has been compiled by the country’s National Cyber Security Centre (NKSC).
If the link is on the list, the SMS message will be blocked.
In other cases, when the link in the SMS message is not included in the NKSC list, but raises reasonable suspicions, the recipient will be warned about a possible fake SMS, and the operator will have to forward the link for verification by the NKSC.
"We want to enable operators to promptly respond to new cases of fraud and prevent them,” said Šovienė. “Therefore, if they have information that allows them to suspect that the SMS is possibly fake, they must take measures to protect the user.”
This is not the first RRT solution to prevent digital fraud.
Last year, mobile operators were obliged to block access to harmful internet resources and to forward only such named short messages that correspond to the identification features specified by the senders.
Also in 2023, an obligation to block calls initiated from landline numbers abroad was introduced.
This requirement means that operators must block and not transmit calls initiated from fixed and mobile numbers or service connection numbers if the authority has not issued permits for the numbers used and the numbers are not assigned to specific service providers.
Part of a growing trend
In the last year, there has been a tendency among policymakers and regulators to shift the burden of preventing fraud away from just payment service providers.
In the UK, for example, the Fraud Charter that was launched in 2022 put in place obligations for telecommunications service providers to identify and implement techniques to block scam calls and take a coordinated approach to tackling smishing.
In Singapore, meanwhile, the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA) published a joint consultation paper in October 2023 proposing a Shared Responsibility Framework (SRF) for phishing scams.
Under the SRF, financial institutions and telecommunication companies would assign relevant duties to mitigate phishing scams, and payouts to affected scam victims where these duties are breached would be required.
In the European Parliament, there is a push coming from some lawmakers to amend the Payment Services Regulation (PSR) so that social media and telecommunications companies are also liable to reimburse victims of fraudulent payments.
