Consumers may face some disruption in receiving messages from banking and other services that provide updates via SMS as Trai’s new mandate on whitelisting URLs comes into effect from October 1.

 While 3000 business entities have complied with the directives to whitelist the URLs they send as a part of messages, and approved more than 70,000 links, industry experts said that only a fraction of the overall relevant URLs have been whitelisted so far. “ A large number of URLs are dynamic and created for specific users with specific objectives. For example, when a user wants to reset a password, a unique URL is sent for that purpose. It is not possible to get them included in the whitelist,” said a marketing expert.

TRAI in August issued a directive, instructing all access providers to block any traffic containing URLs, Android Package Kits (APKs) or over-the-top (OTT) links that have not been whitelisted. A URL is a clickable website link that is used extensively by businesses to communicate with their users while an ApK is a file format used to distribute and install apps on Android devices.

The TRAI is worried that spammers are using URLs and APKs to send unsolicited messages containing malicious links. These inks that appear legitimate aim to install malware on the operating systems of mobile devices. There have been many cases of consumers clicking on malicious links that appear to be from their banks or a service provider. Trai and the Department of Telecom have taken a number of steps to eliminate spam calls and message but have had limited success so far.

In contrast to the challenges faced in India, the United States has successfully implemented the STIR/SHAKEN protocol, an acronym for Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted information using toKENs (SHAKEN). “This protocol enhances the security of caller IDs by digitally certifying their authenticity, thereby making it significantly more difficult for spammers to use spoofed numbers. Widely adopted by major U.S. carriers, STIR/SHAKEN validates caller information before the call reaches its recipient, providing a robust defense against caller ID spoofing. As calls traverse the interconnected carrier networks, they carry a digital certificate that verifies their origin and authenticity. This mechanism has greatly reduced the effectiveness of local spam operations within the U.S., although challenges persist with international calls that lack such certifications,” according to Parag Kar, an independent telecom expert.





Source link