Establishing Trust in RBM Through Verification
To ensure consumer trust in RCS Business Messaging, the U.S. wireless industry is developing rigorous partner and brand verification requirements designed to prevent bad actors from impersonating brands or other message senders, including by using brand logos or other brand assets in an RBM Agent without proper rights. This effort is based on decades of experience developing and implementing best practices and policies to verify that businesses, nonprofits, and other non-consumer organizations who want to interact with individuals via messaging are who they say they are.
Overview of the U.S. RBM Verification Process
Prior to wireless provider review of an RBM agent seeking approval for launch, brands need to go through a vetting and verification process for that agent, conducted by an authorized RBM Verification Authority.
This process is designed to confirm:
The brand is actually who it says it is
The brand has the legal rights and permissions to the digital assets (like a logo) that it is using
The brand is not a bad actor
Once verified, the Authorized RBM Verification Authority will issue a unique web token for that brand’s agent. Brands must be re-vetted on a regular cadence for each RBM Agent and may be subject to additional vetting based on their activity (e.g., complaints, changes in how they use the channel, or their activities in other messaging and voice channels).
In the U.S., CTIA certifies third-party companies to act as Authorized RBM Verification Authorities. To maintain a high standard for consumer protection, Authorized RBM Verification Authorities must comply with a series of requirements around their partner and brand verification processes and submit to a comprehensive audit regime and compliance framework.
Overview of the U.S. RBM Partner and Brand Verification Requirements
In coordination with participating U.S. wireless providers, DCA and CSP partners, and prospective Authorized RBM Verification Authorities, CTIA is developing common baseline requirements for Authorized RBM Verification Authorities, which will address:
Partner Verification Criteria
Partner Verification Criteria
The vetting and verification services and requirements that certified RBM Verification Authorities will need to perform to authenticate partners that brands work with to manage their messaging channels and, where applicable, the different criteria that apply to DCA and CSP partners, including items like legal name, entity type, website etc.
Brand Organization Verification Criteria
Brand Organization Verification Criteria
The vetting and verification services and requirements that Authorized RBM Verification Authorities will need to perform to validate enterprise brands who wish to use RBM.
Verification Authority Process Requirements
Verification Authority Process Requirements
The key process requirements for Authorized RBM Verification Authorities to implement, including items like audits, dispute resolution, and re-vetting.
Entities who are interested in serving as Authorized RBM Verification Authorities for policial campaigns or small businesses will be required to comply with separate verification criteria that are tailored to those more specific audiences.