The Sender ID Register is open. The hard part starts now.
Vericode · 2 December 2025
In one week, Treasury named the three industries that have to carry the first version of the new scam regime and ACMA opened the front door to the Sender ID Register. Banks, telcos and digital platforms. One designation. One register. One 1 July 2026 date that quietly tells you when the lights actually come on.
The kind of week that does not make the news because nobody scammed anyone in the announcement. The kind of week that matters because of what it sets up.
The Scams Prevention Framework designation is the broad move. It brings banks, telecommunications providers and digital platforms into the first wave of the regime. Codes will do the harder work after this, but the shape is now visible. These are the sectors expected to prevent, detect, disrupt and respond to scams in a more coordinated way.
The SMS Sender ID Register is the narrower move, and it is easier to explain. Brands use alpha tags in SMS. A message appears to come from “CommBank”, “myGov”, “AusPost” or another trusted name. Scammers have abused that trust for years because the name in the sender field has been too easy to fake.
The register changes the premise. An entity registers the sender IDs it is entitled to use. Telcos check against that register at delivery. The end state is simple: if you are not authorised to send from a protected name, the message should not arrive wearing that name.
That is outbound brand authentication. It matters.
It matters because SMS is still a workhorse channel in Australian fraud. Not because SMS is elegant, but because it is familiar, immediate and good enough to move people. A fake delivery message, bank alert, tax prompt, parcel link or account warning can still start the chain. If the name on the thread looks right, the user gives the message more credit than it deserves.
The register is not a magic line through SMS fraud. It does not remove malicious links from ordinary numbers. It does not fix every compromised account, every mule flow or every social-engineering script. It also does not become effective for everyone on the day the front door opens. Onboarding is the start of the operational work, not the end.
Still, the direction is important. Australia is moving the trust question from the user to the infrastructure. Instead of asking every person to decide whether “CommBank” is really CommBank, the system starts asking whether the sender had the right to use the name before the message lands.
That is the right place for this kind of check.
The distinction worth keeping sharp is what the register does not touch. It does not verify the person calling your contact centre. It does not prove that a caller claiming to be from a bank is actually from that bank. It does not help a staff member decide whether to disclose account information to someone with the right name, the right phone number and a plausible story.
That is not a criticism of the register. Tools should not be marked down for failing to solve a different problem. The point is that outbound SMS brand trust now has a named mechanism and a regulatory path. Inbound caller verification does not yet have an equivalent owner.
That gap will matter more as the other pieces harden. When SMS impersonation gets harder, pressure moves. When banks improve payee checks, pressure moves. When platforms remove more scam ads, pressure moves. Fraud does not disappear because one channel gets more expensive. It looks for the next believable conversation.
This week gave Australian messaging trust its backbone. The announcements were the easy part. 1 July 2026 is where the work shows up.