An Open Letter to Banks and Payment Providers in the UK and Ireland: It’s Time to Try Something Different to Combat Mobile Fraud

Paul Walsh
6 min read1 day ago

Dear Banking and Payment Industry Leaders,

As Christmas approaches, cybercriminals are intensifying their efforts, targeting your customers with a surge of phishing scams. This isn’t just a seasonal nuisance — it’s a growing crisis. Exploiting trust, generosity, and the increase in digital transactions, attackers are using simple yet highly effective tactics to commit fraud.

Traditional methods have proven insufficient to combat mobile fraud. SMS phishing has emerged as the most significant cyber threat, preying on millions daily by leveraging the lack of built-in protections in SMS communications. Additionally, scammers are now incorporating QR codes into phishing schemes, further complicating efforts to distinguish legitimate from fraudulent communications.

In Ireland, regulations prevent mobile network operators from implementing anti-phishing cybersecurity within their SMS infrastructure, leaving customers exposed to increasing threats. Meanwhile, in the UK, a lack of willingness to adopt a new approach has hindered efforts to protect businesses and consumers from phishing attacks via SMS.

It’s time to try a new innovative strategy. Solutions like the 50999 service can transform how we tackle mobile fraud. By empowering customers to verify the safety of SMS links and QR codes, we can significantly reduce fraud and rebuild trust in financial communications.

Reactive measures alone are no longer enough. By introducing solutions like 50999, we can establish a new standard for security, protect consumers, and lead the fight against cybercrime in 2025.

⚠️ Advising customers to distrust unexpected messages from trusted organisations is counterproductive. Many recipients are often expecting such messages, making it easy for criminals to exploit this trust by impersonating reputable entities.

The opportunity to make a meaningful change is here. Let’s act decisively.

The Scams at Our Doorstep

SMS Phishing (Smishing): The Dominant Fraud Method

According to AIB, Smishing — fraudulent text messages impersonating trusted organizations — accounts for 94% of fraud cases reported in 2024. These texts masquerade as account lockouts, security alerts, or transaction notifications, exploiting urgency to deceive recipients into clicking malicious links.

QR Code Phishing (Quishing): A Rising Threat

Dublin City Council recently warned of fake QR codes placed on pay-and-display parking meters. Victims scanning these counterfeit codes are redirected to fake websites that steal personal and financial details. Many individuals have lost thousands of euros/pounds after entering payment details into fake portals. QR code fraud is particularly insidious because QR codes have become a trusted part of everyday transactions, from parking payments to accessing restaurant menus.

Parcel Delivery Scam

Nearly half of consumers in Ireland and the UK have been targeted by fake parcel delivery texts. These scams exploit the seasonal surge in online shopping by prompting users to click on fraudulent links under the guise of missed deliveries or additional payment requests.

Charity Fraud: Preying on Goodwill

Cybercriminals are posing as legitimate charities, deceiving well-meaning individuals into donating to fraudulent causes. This not only defrauds donors but also undermines trust in genuine charitable organizations.

Brand Impersonation

‼️ 82% of phishing sites now specifically target mobile users, with SMS overtaking email as the leading vector for online fraud in 2024. Consumers expect security in digital interactions, yet the lack of safeguards in SMS communication has made it a primary attack vector.

The Need for Proactive Protection

Traditional defenses and customer awareness campaigns are no longer enough. Banks and payment providers must adopt innovative solutions that address the root of these issues: impersonation and trust exploitation.

There is a new way

Imagine a solution that empowers banks and payment providers to protect their brand reputation by ensuring every SMS and QR code link their customers receive can be instantly verified for safety. This builds trust, reduces fraud, and demonstrates their commitment to safeguarding customer interactions.

Introducing MetaCert’s 50999 Short Code Service

The 50999 service is a GDPR-compliant (privacy-first), proactive service designed to empower your customers to verify the safety of links opened via SMS, QR codes, WhatsApp and mobile email in real time.

How It Works

1. Adrian receives a suspicious text claiming to be from “AIB”

To verify its legitimacy, Adrian forwards it to 50999 for instant analysis. Alternatively, Adrian can copy and paste a message or link from any app — such as WhatsApp, Messenger, or email — into a new text message and send it to 50999 for verification.

2. MetaCert’s SMS short code service

MetaCert verifies the URL against its ‘Zero Trust’ registry, identifying it as safe, malicious, or unverified.

3. MetaCert identifies the link as ‘unverified’ and warns Adrian

MetaCert warns Adrian not to engage with the link, safeguarding Adrian from fraud while protecting AIB’s reputation.

How 50999 Differs From 7726

7726 Service (UK/US Operators):

7726 is a reactive service that requires mobile subscribers to forward suspicious messages for investigation. It lacks real-time feedback or link verification, leaving subscribers exposed to ongoing threats. Designed for intelligence gathering rather than user protection, 7726 fails to address the relentless wave of SMS fraud and provides no direct support for brand protection or trust-building.

50999 Service (MetaCert):

MetaCert’s 50999 service transforms SMS security by delivering real-time verification, immediate user feedback, and robust brand protection. Unlike reactive tools, it proactively verifies the safety of links, empowering mobile users and reducing fraud. This innovative solution builds trust between banks, payment providers, and their customers while providing a scalable defense against SMS phishing.

Examples of the Service in Action

Adrian’s Experience with SMS Fraud

Adrian receives a text from “Your Bank” about suspicious activity. By forwarding the link to 50999, he quickly learns it’s malicious, saving him from falling victim.

Jane’s Encounter with a Fake QR Code

Jane scans a parking QR code that directs her to a payment page. Before entering her details, she forwards the link to 50999 and discovers it’s a scam.

Charity Scam Prevention

Jason is suspicious of a holiday donation request, so he verifies the link with 50999, ensuring their contribution goes to a legitimate organization.

Why Banks and Payment Providers Should Act

Rebuild Customer Trust: Empower customers with the tools to verify communications, demonstrating your commitment to their security.

Reduce Fraud Costs: Lower the financial and operational burden of fraud investigations and reimbursements.

Lead the Industry: Position your organization as a pioneer in proactive fraud prevention.

The Cost of Inaction

Without proactive measures, mobile fraud will continue to erode consumer trust, damage brand reputations, and result in significant financial losses. With SMS and QR fraud growing at an unprecedented rate, the window for action is closing rapidly.

A Call to Leadership

Imagine being the first bank or payment provider in Ireland or the UK to implement the 50999 service, setting a new benchmark for fraud prevention. While this holiday season may be challenging, it’s the perfect time to demonstrate your commitment to customer safety and lead the fight against cybercrime.

Together, let’s make 2025 a safer year for everyone. By adopting solutions like 50999, we can protect consumers, reduce fraud, and rebuild trust in financial communications.

Sincerely,

Paul Walsh
Founder & CEO, MetaCert

--

--

Paul Walsh
Paul Walsh

Written by Paul Walsh

MetaCert CEO. Passionate about Cybersecurity, Blockchain, Crypto, Snowboarding & Red Wine. Part of the AOL team that launched AIM. Co-founded 2 W3C Standards.

No responses yet