SMS and MMS Compliance Q&A

Timothy Allen

Here’s the transcript of questions and answers from a 45-minute Q&A-style live session for marketing platforms and agencies – helping them navigate the strict anti-spam and compliance rules of SMS and MMS.

Read it so you (or your brand customers) can take advantage of the near-100 per cent message opening rates, immediate engagement, and incredible ROI business messaging offers.

The answers from our panel of mobile messaging experts amount to a comprehensive overview of the compliance landscape for short codes and 10-digit long codes.

Can I add another customer onto an existing short code?

No, shared short codes are no longer permitted. A dedicated short code per brand is required. If you have another customer that would like to utilize your services for messaging you will need to obtain a new source for their messaging. That can be in the form of a dedicated short code, it can be a 10DLC, or it could be a text-enabled landline.

My customer is the only customer that is using this short code but we’re being told it’s a shared short code and needs to be migrated. Why is this?

Just because your front-end customer is the only customer you’ve provided access to the code for does not mean that your front-end customer is not sharing that amongst multiple brands/clients of their own. Any short code must be dedicated to a single brand and all messaging must be controlled singly by one entity.

My customer wants to get a code for lead generation, but we were rejected. Why is this?

Lead generation and affiliate marketing type campaigns are prohibited as they include 3rd party data sharing and lead to SPAM. So if you’ve got anything in a privacy policy that’s talking about third party data sharing, or if you’ve got a customer coming to you that says “hey we want to use a short code” or “we want to use a ton of 10DLC number to collect opt-in so that we can send it off to our lead generation agencies” absolute, no, no.

Do I really need to have all that stuff in my call to action..I see in market call to actions all the time that don’t have this? Why is Infobip holding me to a higher standard?

If you want your campaign to get approved you absolutely need everything in your call to action. Infobip is contractually obligated to upload any type of agreements that we have with the mobile carriers, so we have to make sure that we’re always doing our due diligence, to make sure that we’re meeting their code of conduct.

The reason why we have call to action, it was put in place by the CTIA which was agreed with all the mobile carriers. So there are particular elements involved within an actual call to action in order for it to meet best practices.

Now some of those things might be making sure you have a product description in your call to action and a brand name. This is just to ensure that the customer actually understands what they’re signing up for.

You also want to make sure you have your message frequency in there. How often are they going to receive these messages? Are they getting these messages once a week or three times a month? That type of stuff must be disclosed up front.

Also pricing, this is more so that disclosure that says message and data rates may apply – in which case, it means well. Most mobile carriers do have unlimited messaging for their customers, however, not all of them do. This is more so just letting the customer know ˝hey if you don’t have an unlimited messaging plan, you may be charged.˝ And then vice versa, when it comes to a free end-user type program. When, in that case, it means that the actual consumer is not going to be charged to send or receive messages for that particular short code instead the actual content provider or the brand is going to incur those charges.

I want to say for URLs it’s making sure your terms of service and privacy policy have actual URLs. And within the terms of service, make sure that there is customer contact information and that there are stop instructions in there for customers who no longer want to receive messages. There need to be instructions in there letting them know exactly how to opt out of the program. Some customers may say, well, we have a support phone number in there, they can call when they want to opt out. No, we must have an actual stop keyword in there, so that the customer can have exact instructions on what they’re doing in order to opt-out of that Program.

What also when it comes to call to action, this is something that I come across with a lot of customers, is really understanding what a call to action is. What it is not is maybe you have your web page and then you have a section where customers can send them to receive SMS text alerts. A call to action is not having a box and next to that box stating ˝by checking this box I agree to receive SMS messages from a brand.˝ Even if that checkbox does include all of the disclosures that’s required for a call to action. A call to action is something that asks or encourages a user to sign up for the program. You can not tell customers that by doing this you’re signing up for this program.

What sort of extra requirements are in place for abandoned cart reminders?

Well first, let’s start off with understanding what an abandoned cart reminder is.

I’m sure many of you have received them via email when you’ve been online shopping, you add something to your cart, then you forget about it. Well, within the last year or so this feature has become very popular in the mobile messaging industry.

Now instead of receiving a reminder via email, the e-commerce sites are migrating to supporting this feature via SMS.

So to ensure consumers remain protected with this newly evolved use case, there are currently some additional requirements that the carriers have put in place for abandoned cart reminders.

You want to ensure that in your actual program name, you state that the customer is signing up for cart reminders. Not just saying you’re going to receive marketing alerts, but you also want to make sure you’re mentioning how the customer signed up for cart reminders as well, because those two are not the same.

Also make sure that cart reminders are mentioned in your terms and conditions. As well as ensuring program name and description, T&C’s and cart reminders are mentioned. They also require a double opt-in.

Within the privacy policy there’s another section which must explain exactly how this information is being captured, whether it be via cookies or web hooks. Without this information, your campaign will be rejected and will need to be submitted again. To ensure we have a smooth process, make sure you have all this in line.

I want to move my traffic to Infobip why do I need to file a program?

First, the program will need to be filed under Infobip via migration and secondly, we need to ensure that nothing about the program has changed and needs updates since the original program was filed.

How do I set up a code to collect donations for a non profit?

Donation campaigns do have additional requirements and must conform to the CTIA Messaging Principles and Best Practices which can be viewed in section A.13.

My attorney said my program meets TCPA guidelines, but I am being told it’s not approved.

TCPA compliance does not necessarily guarantee approval. TCPA requirements are the bare minimum requirement. Programs must also meet CTIA and carrier guidelines and ultimately the carriers are privately owned and operated networks and can approve/deny any program.

I want to send Fraud Alerts, I’ve heard there’s a TCPA exception for this.

Yes, there is a TCPA exception for fraud alerts with an implied opt-in but you must remember that approval is at the carriers discretion and there are additional requirements

Why can’t we use a STOP menu any longer? STOP123?

Stop menus are really only necessary when a short code is being shared but shared short codes are no longer permitted. If a customer requests to opt-out of a short code program, then they must be completely opted out from receiving messages from the short code and no further message can be sent unless another opt-in occurs.This includes short codes with multiple use cases for the same brand.

What sort of messaging is prohibited?

Think SHAFT (Sex, Hate, Alcohol, Firearms, Tobacco) & CBD. There’s also 3rd party job alerts and debt collection. Any attempt to collect a debt, such as a missed payment reminder, is considered a debt collection.

I have a customer that wants to send CBD messaging but couldn’t get the campaign approved through a competitor. Why not?

CBD is not federally legal. Any messaging must meet federal laws, just because many states have legalized cannabis as it is not legal at the federal level the carrier networks have disallowed this messaging content.

Apr 29th, 2021
7 min read

Timothy Allen