The Rise of Verified SMS in Combating Fraud
As we increasingly rely on our smartphones for various transactions—be it receiving bank notifications or verification codes—the vulnerability of traditional SMS becomes more apparent. This medium has become a hotbed for fraud, as malicious actors employ smishing tactics, masquerading as reputable companies to deceive unsuspecting recipients. Beyond sheer technicality, the crux of the problem lies in trust: being able to identify the real sender at a glance.
Challenges of Traditional SMS
For years, SMS has treated legitimate and fraudulent messages with similar neutrality, a fact that attackers exploit effectively. Recent smishing campaigns in Spain highlight this issue, as attackers mimic well-known brands, crafting messages designed to elicit trust without raising suspicion. Often, by the time a recipient doubts the legitimacy of a message, it’s already too late to take preventive action.
Introduction to Verified Messages
To counteract the erosion of trust inherent in traditional SMS, the industry is pivoting towards “verified messages.” Unlike standard SMS, these messages visibly indicate whether a company is recognized as legitimate prior to reaching the user’s device. Powered by the RCS protocol, these messages include a sender’s name, logo, and verification markers designed to clarify the message’s origin and diminish confusion, one of the primary weapons in fraudulent schemes.
Real-World Applications of Verified Messages
BBVA: A Leadership Example
BBVA, a prominent bank in Spain, has swiftly adopted this new standard. Its official messages are identifiable by the bank’s name and logo, coupled with indicators that confirm their authenticity. Users can click on the logo to verify that the associated details—like the phone number and website—match the official data of the bank. Additionally, these verified messages appear in a dedicated thread, minimizing the risk of mixing them with fraudulent communications.
Bankinter: Enhancing Security with Telefónica
Bankinter has also embraced verified messaging in collaboration with Telefónica. This partnership aims to bolster the security of crucial communications, including one-time codes for transactions. Similar to BBVA, Bankinter’s messages feature sender verification, its official logo, and supplementary information like a valid website and customer service number.

The Mechanics of Verification
How Verification Works Behind the Scenes
The visible verification badge is backed by a complex validation process. As defined by the GSMA, several preliminary stages must be undertaken before a company can dispatch a verified message. Initially, the entity must register its name and logo, which must then be certified by a reliable third party while ensuring that these credentials match the trusted list maintained by the recipient’s operator.
The Role of Verification Authorities
Verification Authorities act as crucial intermediaries, ensuring that companies seeking to send verified messages are indeed who they claim to be. These authorities could encompass specialized private firms, mobile operators, or even governmental agencies, contingent on the implementation and regulatory framework of each country. The recipient’s operator ultimately decides whether to trust a particular authority, which may be reflected in the message itself, as seen in Bankinter’s example where Movistar verifies the sender’s legitimacy.
Compatibility with iOS and Android
This verification scheme is not exclusive to Android devices. Apple has integrated RCS support within iOS 18, enabling users to receive verified messages if their operator endorses the RCS protocol. However, if RCS isn’t supported, users will default to traditional SMS or MMS without any verification features.
Important Takeaways for Users
For users, understanding verified messages is essential. They offer enhanced context and assurance compared to conventional SMS but do not eliminate the need for vigilance. Knowledge of the underlying verification processes can assist users in interpreting incoming messages more critically. In an environment rife with cyber threats, maintaining a cautious approach is paramount.
Images courtesy of Vitaly Gariev, BBVA, and Bankinter.

