El impacto de los códigos cortos y largos en el futuro del SMS: ¿Cuál es la mejor opción para tu negocio?

This is a piece about mobile messaging – SMS to be precise. Remember SMS, that mobile messaging medium that has been decimated by non-SMS chat applications like WhatsApp, Facebook Messenger, WeChat and many others? Well, it is still very much around, live and well and, I’ll say it: prospering.

Rumors of SMS’s death are greatly exaggerated.

So, what does this title mean and how does it pertain to SMS? Let’s start with Long Codes. Long Codes are in fact telephone numbers – any telephone number from any country. They can be mobile device numbers, landline or geographic numbers and even toll-free numbers. That’s a long code. Sometimes in the industry, we call them MSISDNs; however, to be clear, that term is mostly used in the GSM network world. Phone numbers in the GSM world are called MSISDNs (or Mobile Station International Subscriber Directory Number). Phone numbers adhere to an international standard called a E.164.

In SMS, typically you have an originator long code and a destination long code (e.g. phone number) when someone sends a message to someone else. It’s how we address that party. In the Application to Person world where a business texts a consumer (e.g. mobile subscriber), the business might be identified with a long code.

Short codes are typically 4, 5, or 6 digit numbers that are exclusively used by businesses to identify themselves to the messaging ecosystem. For example, Chase Bank has a short code of 24273 (which spells C-H-A-S-E). Short codes that are pre-chosen and might spell out a business name are called Vanity Short Codes and have a greater cost than a non-vanity or random short code. In most countries, short codes are managed by some authority. For the United States, it is the Common Short Code Administration (CSCA), a CTIA initiative, managed by iConectiv. A major benefit of short codes is that they are interoperable across operators within the country – in other words, only subscribers of that particular country can exchange information with an enterprise within that country.

Short codes typically have a cost associated with them and can take up to several weeks to be approved and activated across all participating mobile operators within the country. Contrast that to long codes, which can be almost immediately activated after acquisition and at much lower prices per long code.

In the United States, the publication of the CTIA Messaging Principles and Best Practices, opened the door for the usage of long codes for consumer engagement (e.g. A2P messaging). As of this writing, many of the US mobile operators are still in the process of opening their messaging platforms to long code A2P traffic. Many other countries already allow both long code and short code A2P messaging.

It has been said that the opening of long code A2P traffic within the USA, specifically, will lead to the demise of short codes. I beg to differ and certainly don’t recommend the businesses that use and rely on short codes, all of a sudden give them up in lieu of long codes. CTIA has noted that short codes drive between $8-$12 billion in annual revenues.

Let’s look at a few facts:

1. Short code campaigns are heavily vetted by mobile operators and messaging providers and consequently, one can almost always vouch for the consistent reliability of short codes. More so, if a business uses a vanity short code, then they have significant equity built into that code that ties them to the reputation of the business.


2. 5 or 6 digit numbers are easy to remember and recognize. In situations where high-value traffic is delivered such as two-factor authentication (2FA) codes, the business should have a recognizable source address and teach their consumers to only expect 2FA traffic from that short code. Yes, a long code could be used, but 6 months after a consumer reads about that short code and receives a message from some random long code, it becomes more difficult to verify that it isn’t a phishing attack.


3. In many markets, only short code traffic is viewed as legitimate, whereas long code traffic may utilize different, long cost routes and could be subject to blocking or filtering. Until all mobile operators in the US activate their platforms to use legitimate long codes for A2P, the United States could still be viewed in that category.


4. Too many messaging providers over-use long codes to go around legitimate routes to mobile operators. Look at this example. The user (me!) signed up for SMS alerts for Mobile World Congress 2017. Every message received was from a different long code and they were scattered among all my other messages. I would question the legitimacy of many of these – especially if they had links to follow. This is extremely bad form and from the GSMA, no less. They should know better. At the expense of saving a few dollars here and there, they provided a less-than-adequate experience for users.

Receipt of SMS messages from a previously unknown or unexpected long code is no different than receiving a message from a previously unknown or expected email address. At best, it may be recognized; however, at worst, it could be a phishing attack. There is no legitimacy. At least with short codes, you have some measure of confidence that the message is legitimate as the sender is likely recognized. In fact, if an organization is sending important, time-sensitive messages such as 2FA codes, then we would recommend that the originating address of the SMS messages should be an easy-to-remember and recognize short code.

Notwithstanding newer messaging ecosystems such as Facebook Messenger, WeChat, and even RCS with verified send