Ireland’s New SMS Sender ID Scheme: A Step in the Right Direction or a Missed Opportunity?

Ireland is rolling out a new SMS Sender ID registration system in October, led by ComReg, to block unregistered senders and reduce fraudulent messages impersonating trusted organizations. While this may seem like progress, does it actually stop SMS scams, or does it just add friction for legitimate businesses?

The Reality: Spam Isn’t the Problem — Scams Are

One of the biggest misconceptions in SMS fraud prevention is equating spam with scams:

• Spam: Annoying but mostly harmless promotional messages from businesses. Spammers don’t impersonate trusted contacts or organizations — they aim to promote their own products or services to as many people as possible, often without proper opt-in consent, but without the intent to deceive or steal information.
• Scams (Phishing/Smishing): Fraudulent messages designed to steal data, redirect victims to fake websites, trick recipients into making payments, compromise banking credentials, install malware, hijack accounts, or manipulate victims into disclosing sensitive personal or financial information. Attackers also use these tactics to target organizations, as seen in past breaches of Twilio, Okta, Microsoft, Uber, and Cisco — where employees were deceived by SMS messages mimicking their own branded alerts, links, and login pages. No criminal would rely on a marketing agency for that.

The new Sender ID scheme may help reduce spam, but spam isn’t the problem — SMS phishing is.

Why This Won’t Stop SMS Fraud

🚨 Most phishing scams don’t use the alphanumeric Sender IDs this scheme is designed to regulate. Instead, fraudsters send malicious SMS from regular SIM cards — completely bypassing this system. This system is known to industry insiders as “Application-2-Person” (A2P).

We’ve seen this play out before. In the U.S., a similar system has been in place for years, yet SMS phishing remains the fastest-growing cyber threat — bypassing email as the number one problem on mobile devices in 2024. These policies increase compliance costs for businesses but fail to stop fraud.

The Bigger Issue: Network-Level Security Isn’t Possible in Ireland

Unlike most other countries, Ireland’s privacy regulations prevent mobile operators from scanning the content of SMS messages — which means they can’t authenticate links or block malicious ones before they reach customers. This creates a massive security gap that scammers continue to exploit. ComReg and the telecom industry needs to lobby government to make changes to these regulations.

Since mobile operators legally cannot provide network-based protection, Ireland needs an alternative approach that actually stops phishing before fraud occurs.

A Smarter Solution: 50099

Recognizing this gap, MetaCert developed the 50099 SMS verification service — a real-time anti-phishing solution that protects consumers without violating privacy laws.

How It Works:

Customers can forward any suspicious SMS or copy and paste any web link to 50099 for instant verification.

✅ Authenticated links: If the link has been verified as safe, the customer receives confirmation.

⚠️ Unverified links: If the link has not been authenticated, the customer is warned to proceed with extreme caution.

⛔️ Dangerous links: If the link has been reported as fraudulent, the customer is immediately alerted to avoid it.

Unlike 7726, which only collects reports after scams occur, 50099 gives mobile users instant answers — before they enter credentials, download an app, or make payments.

Why Banks & Payment Providers Need to Step Up

Since mobile operators can’t offer SMS security at the network level, financial institutions must take a more active role in funding and deploying real solutions. Banks and payment providers lose the most from SMS fraud — today’s measures don’t do anything to protect their customers, yet.

This is why we’re working directly with the financial sector to adopt 50099 as a national standard for SMS fraud prevention — because waiting until fraud happens isn’t security.

The Bottom Line

The new Sender ID system may help filter out some bad actors, but it does nothing to stop phishing scams from reaching customers. Ireland needs a better approach — one that doesn’t just regulate SMS but actually prevents fraud.

🇮🇪 Ireland’s approach to SMS fraud needs to change. If you’re in banking, payments, telecom, or security, let’s discuss how we can fix this — before more customers fall victim. You can reach me here: paul@MetaCert.com