What to do if you can’t identify the originator of the charges

If you have received a ‘Payforit’ receipt text, but have no other text messages to identify the originator of the charges, things have the potential to get more complicated.

The first thing to check is that you are not barring the receipt of premium rate texts. There is little point in barring the receipt of these texts, as you are charged for them whether you receive them or not!

Check your messages,
Also check to see if you’ve placed a 5 digit number on your blocked /spam /reject list. If you have, unblock it and text the words STOP ALL to it

If you can’t identify the originator of the texts, you could try this link
http://mobilepaymentsupport.com
Input your mobile number and click send pin
You’ll receive a 4 digit number by text
Input that back on the page and click send

The next page will show details of any subscription your number is currently linked to including contact details and the 5 digit number to text the STOP ALL text.

Unfortunately this won’t work for all ‘services’, so even after this, you may still be unable to identify the ‘service’ you are signed up to.

At this stage you will need to raise the issue with your network. The regulator expects networks to render this minimal level of assistance, so if they are unhelpful, raise it as a formal complaint.

 

 

My response to PSA consultation

Stop Payforit FraudStop Payforit Fraud

Response to PSA Consultation on Business Plan 2018/19

Introduction

I am writing this response because these consultations tend to get many responses from the industry and few or none from the consumers that PSA are supposed to be protecting.

I have begun to campaign for reform of direct carrier billing in the UK after a member of my family was the victim of fraud via ‘Payforit’. She was signed up, without her consent, to a subscription service costing £4.50 per week. I was able to cap her losses at £4.50 by sending a STOP message within three hours of the initial subscription message. However, the battle to get the £4.50 returned took eight weeks, twelve telephone calls, 17 emails two ‘signed for’ letters and the threat of legal action. My battle to get an explanation of how she came to be subscribed is ongoing.

The timescales and difficulty I experienced in complaining are completely in conflict with para 2.6 of the Code of Conduct, and I am not alone in experiencing these difficulties. The failure to deal with complaints in a timely manner should be sufficient to enable the regulator to suspend the offending company’s ‘services’.

I was astonished at the lack of any form of consumer protection against these frauds and at the lack of cooperation or concern from the network, the level 1 provider and the regulator.

A look through the user forums of the major networks will leave nobody in any doubt that there is a serious problem with fraudulent subscription services. Hardly a day goes by without a consumer claiming that they have been signed up, without consent, to a subscription service costing £4.50 per week (or occasionally less).  I refuse to believe that all these people are lying or stupid!

Payforit is an archaic and inherently insecure payment mechanism. It has not adapted to reduce the incidence of fraud as other payment mechanisms have. It doesn’t have a centralised service for complaints and disputes. It doesn’t have a refund mechanism. PSA are well aware of these shortcomings, but do nothing to encourage reform. They know that malicious code in a web page, or in a downloaded App can sign users up to these services, without the consumer being aware that it has happened. They have been aware of the use of these exploits for several years, but nothing has been done to prevent them. They sit on their hands instead of being proactive in bringing these frauds to a halt.

Consumers are becoming increasingly aware of the fraudulent use of direct billing and are coming to regard the industry as a bit like the ‘Wild West’ with an ineffective and reluctant sheriff in the form of PSA.

 

 

Q1 – Do our plans for 2018/19 sufficiently deliver our role as a regulator?

Most consumers are unaware of the role of PSA and only become aware when they have a problem with a ‘service’. Even the industry doesn’t seem to understand the regulator’s role. One of the major networks still refers defrauded customers to PSA ‘to get a refund’, implying that PSA would deal with their individual complaint.

Those consumers who refer issues to the regulator are frequently dissatisfied. Facebook reviews show a predominance of 1 star reviews from consumers dissatisfied with the service PSA has provided. Some of this dissatisfaction stems from a misunderstanding of PSA’s role. However, there is nothing more galling for a complainant, weeks after reporting a ‘service’, than to find that ‘service’ is still defrauding consumers.  I see little prospect of improvement while the PSA exhibits such complacency. The regulator needs to engage more with the consumers it is supposed to be protecting.

Consumers will compare the consumer protection offered by phone paid services with those of other payment methods (Paypal, Contactless Payments, Direct Debits, Credit Cards, Debit Cards etc). The providers of all these payment methods provide clear mechanisms for the resolution of disputed transactions. Payforit and other direct operator billing methods offer no clearly defined or published mechanism for the resolution of disputes.

Obtaining a refund for losses due to fraud is rarely possible due to the nature of the ‘service providers’ who hide behind an automated phone number, an email address which is never replied to,  and an accommodation address shared with dozens of other companies. Most consumers admit defeat and write off their losses.

If I dispute a direct debit with my bank, the burden of proof will rest on the payee to prove that the debit was authorised and not with the payer to prove that it wasn’t! If I report fraudulent transactions to my bank, they will take the matter seriously and put a stop on any further fraudulent payments. The MNOs don’t even offer this minimal level of support. Instead, they ask the consumer to send a message to the fraudster asking them to STOP. To add insult to injury, they are charged for sending this message!

Payforit expects the consumer to negotiate directly with the originator of the charge. What is worse is that, if the recipient of the payment fails to respond, there is no process to follow to resolve the issue. In the absence of a defined process, these uncooperative companies continue to trade for months, until the volume of complaints is such that PSA cannot ignore them.

It is not the role of PSA to adjudicate on individual disputes. However, it could insist on the introduction of a mechanism by which consumers can receive swift refunds when they are defrauded by rogue companies. Much of this could be automated, as it is with other payment mechanisms.

The problem is not that fraud happens. It will happen to some extent with any payment system regardless of the security and authentication measures put in place. Fraudsters are continually refining their methods and finding new ones. Most payment systems respond to attempted fraud by putting effort in to fraud prevention, but this has not happened with the arrangements for charging to a phone bill.

The problem is the lack of any defined process for the consumer to resolve their complaint (within a reasonable timescale) and obtain a refund if one is adjudged to be appropriate. Current arrangements would appear to be in breach of the Consumer Rights Act 2015 as it applies to digital services, in terms of methods and timescales for dealing with consumer complaints, and in terms of the refund process.

Looking at Tribunal Cases in the 2017 calendar year, of 18 cases, no less than 8 related to subscription services priced at £4.50 per week or less. A further 7 related to non-compliance with sanctions. In most of these 7 cases, the initial breach resulted from a similar subscription service. Surely money and time could be saved by subjecting these ‘services’ to a more rigorous regulatory regime.

Fraudulent subscription services are doing untold harm to the reputation of the industry as a whole .

Q2 – Do you have any comments on the proposed budget for 2018/19?

The priorities here seem to be wrong. If these payment mechanisms want to gain consumer trust, the amount spent on regulation will probably need to increase, at least until the industry is ‘cleaned up’.

From the weak and slow actions of the networks and the regulator, one gets the impression that the MNOs and the regulator are quite content to be complicit in fraud.

Resources need to be deployed to investigate these frauds quickly, as soon as the regulator becomes aware of them.  There really is no excuse for fraudulent ‘service providers’ to be allowed to continue plundering consumers’ phone accounts for months before the regulator belatedly acts.

Q3 – Do you have any comments on the proposed levy for 2018/19?

In Appendix A you write:

“Different types of content, goods and services have different consumer satisfaction levels. They operate at different levels of compliance with our Code of Practice, as measured by the consumer queries and complaints we receive, and the monitoring we are able to do”

Would it not be possible to impose different rates of levy on different services, based on the regulatory work they generate? A higher rate of levy on subscription services priced at £4.50 or less, and without a double opt-in, would seem appropriate given the evidently large number of complaints these generate.

Of course, one method of reducing costs would be to require ALL subscription services to have a double opt-in. (This is currently recommended in your guidance, but not mandated). It is clear that your guidance is ignored by some rogue companies which deliberately price their service at £4.50 per week in order to avoid these requirements, knowing that malicious code can then be exploited to obtain ‘consent’ from ‘subscribers’.

It seems unfair that services that create few complaints and are fully compliant with the Code are charged at the same rate as services which continually test the boundaries of the Code and generate significant volumes of work for the regulator.

If the size of the levy is to be reduced, the level of consumer complaints needs to be reduced. Making ‘direct carrier billing’ services ‘opt-in’ rather than ‘opt-out’ would make a massive difference, as many consumers are unaware that third parties can charge their bill in this manner. The GDPR should address this, as companies will need to have explicit and unambiguous consent to pass consumers phone numbers to a third party, whether for charging purposes or not. It will no longer be acceptable to hide this consent in the small print. A requirement that consumers opt-in to the use of PRS services would increase awareness of these services and make consumers more careful when navigating ‘service providers’ web sites.

PSA need to become more effective at collecting the financial penalties they impose. Fined services should be suspended until the fines and administrative charges are paid. An increased rate of collection of these financial penalties would allow a reduction in the levy on compliant services.

Q4 – What is your view on the estimated size of the market for 2018/19?

Direct payments from ‘phone accounts are competing with an increasing number of other payment processes. Consumers are poorly educated about these services and often, as in my case, only become aware of the potential to charge goods and services to a phone bill when they are the victim of a fraudulent transaction. Consumer confidence is the key to growth, but it has been given a low priority. In my view ‘Payforit’ and other direct to bill payment mechanisms will gain a smaller market share of a growing market. Until the industry takes its responsibilities to consumers more seriously, they will choose to pay by other mechanisms wherever possible. If Direct Carrier Billing is to compete seriously for market share, it will need to implement consumer protection measures and refund mechanisms similar to those of its competitors.

Two major Australian MNO’s (Telstra and Optus) have been forced to abandon third party billing for premium rate subscription services after a succession of scams similar to those we have experienced in recent years.  Unless the networks stop aiding and abetting these frauds, public opinion will eventually force a similar result in the UK.

 

Q5 – Do you have any other comments on the Business Plan and Budget 2018/19?

PSA seems to listen to the service providers, but appears out of touch with the concerns of consumers. A consumer panel could help to correct this imbalance. Consultations rarely include any input from consumer organisations.  The lack of a clearly defined disputes resolution process puts consumers at a massive disadvantage. PSA has failed to protect consumers adequately thus far and I have little confidence that this will change.

Reading the https://psauthority.org.uk/for-consumers/solutions-centre page of the PSA website one finds this:

I was charged when I clicked on the X symbol to close the site. What do I do? (false X?)

Answer: There should always be a way to exit the page without making a purchase. In some instances you must interact with the site but you should be able to exit the site. In some circumstances, exiting a site may lead you to an advert for another service. If you do not want to exit in this way, enter a different website address in your browser toolbar.

 

After reading this the consumer comes to the conclusion that ‘anything goes’ in this industry. It doesn’t matter how you trick consumers into clicking on a disguised subscription link. According to you it’s legitimate to disguise the subscribe button as an X (to close a popup!). That is immoral and unethical. I can’t believe that an organisation, supposed to protect consumers, implies, in print, that it thinks this is an acceptable practice.

If the industry is to dispel its ‘Wild West’ image it needs to stop condoning these practices and state, quite simply, that they are fraudulent and wrong. Deceptions of this sort are in conflict with the Code of Conduct.  They destroy consumer confidence. PSA would do well to review its guidance to consumers, to avoid the impression that it condones fraudulent practices. It should be encouraging consumers to complain when they encounter these deceptive practices, and taking action against the perpetrators.

PSA needs to be able to be held to account when they fail to act in a timely manner to prevent consumers being defrauded. It seems that the economic survival of offending companies is always put ahead of consumer protection.

By providing a mechanism for third party payments to be taken from consumer’s telephone accounts, the MNO’s are setting themselves up as payment processors. I therefore believe it is fundamentally wrong for the MNO’s and level 1 providers to be exempted from the requirements of the Payment Services Directive v2 (PSD2). The exemption, however, restricts both the size and type of purchase that can be made via Direct Carrier Billing. If services like Payforit want to be able to handle larger purchases, or be used other than for the purchase of digital content and similar products, they will need to conform to the requirements of PSD2.

In fairness, direct carrier billing services should be subject to the same regulations as the payment services they are competing with. The directive provides additional safeguards to consumers. It reduces their potential losses from fraud, and requires the Service Providers to provide robust, two factor, authentication. The directive also forces Payment Service Providers to provide a proper dispute mechanism. I am disappointed that consumers will be denied the additional protection these safeguards would have afforded them.

Ultimately it is not good enough to say that the MNO’s are just providing a payment mechanism. They are responsible for the design and rules of that payment mechanism, agree to provide it to their customers, and profit from it. It is time that the regulator forced them to take their responsibilities seriously and provide support to customers who have been defrauded.

The suggestion that PSA might look at a system whereby consumers might be refunded automatically when a service provider has been found non-compliant is welcome, but does not go far enough. The current system of handling third party payments is unfair to consumers and needs to be changed.

In the event of a disputed transaction, the burden of proof should lie with the recipient of the funds to prove that the payment was taken lawfully and in compliance with the Code. In the absence of such proof (within a specified period, say 3 weeks) the consumer could and should be automatically refunded. At present, many of these ‘service providers’ fail to engage with consumers, on any meaningful level, leaving the consumer with no redress and no refund.

Another issue is that, even if the service provider accepts that a refund should be made, there is no proper mechanism for that to happen. There is a general principle in commerce (embodied in the Consumer Rights Act 2015) that refunds should go to the account from which the original payment was made.

Refunds for transactions made on a credit or debit card are made back to the same card. If a fraudulent payment occurs on my bank account, the refund is made to my bank account. When a Paypal payment is reversed, the refund will go back to the Paypal account from which it was taken.

Why can’t refunded Payforit charges be returned to the account from which they were taken? Why can the refund not be made by the same method and with the same speed and ease as the transaction which is being reversed? We are told that this is ‘technically impossible’. This just goes to show how anachronistic and poorly regulated this payment system is.

Summary

The industry is at a turning point. If it continues to turn a blind eye to fraud it will lose consumer confidence, and remain a niche payment system. The alternative is to take steps to prevent abuse of the payment system by fraudsters. Direct carrier billing can compete with other payment services, but only if it can match them, not only for convenience, but for security and consumer protection.

 

Paul Muggleton

payforitsucks.co.uk

 

 

 

Complaining to PSA

Step 3 – Make a complaint to the Phone-paid Services Authority

If you have been signed up without consent to one of these premium rate services it really is important that you report it.

It it contrary to the PSA Code of Conduct to sign people up for these services without their consent, and these companies need to be shut down quickly. Your complaint may help others.

Before complaining you need to know the following.

  1. The premium rate service the number relates to. This can be retrieved either from your text message confirmation or your phone bill.
  2. The name of the company providing the premium rate service.
  3. Your personal details, such as your name, address and contact details.
  4. The name of your phone or mobile network.

You do not need to attach a copy of your phone bill to make a complaint to PSA.

To make a complaint:

Go to the number checker on the PSA website: https://psauthority.org.uk/about-us/number-checker.

Put in the shortcode you are complaining about and click ‘Check it!’. You may need to complete a Captcha challenge in order to proceed to the next stage.

The next screen shows details of the company(s) responsible for the shortcode. Towards the bottom of the page there is ‘If you are unsatisfied with the outcome from the service provider, please get in touch with us here.’. Click on ‘here’ and you will be taken to the complaint form.

The more information you can include in your complaint, the easier it will be for PSA to take action.

If you find the online process too cumbersome you can complain by ‘phone on 0300 30 300 20 (Monday – Friday, 9.30am – 5pm, excluding bank holidays). This is charged as a normal landline call.

You can also contact them via Facebook messenger.

If you still have problems making a complaint, contact me through this site for help.

After complaining to PSA you need to consider how to protect yourself from these scams in the future.

Step 4 – Protect yourself

Refunds

Step 2 – Getting a refund for charges already made.

Once you have successfully stopped the texts, it is time to set about getting a refund. Don’t expect your network to be helpful, but you can ask. If you get help please report it by leaving a comment below. There are reports of some networks arranging three way calls with these companies to assist customers. If they do this for you they are doing much more than they are required to do and deserve a pat on the back.

Getting your money refunded can be very simple or almost impossible. If the amount of money is small, you will probably get a refund from the ‘service provider’ without any problem. If the amount is larger, they will probably offer a partial refund. Don’t accept a partial refund!

Start as you mean to go on. You need to collect evidence, so record all calls, keep all texts and ask for confirmation in writing where appropriate.

The chances are that your network will not be in the slightest bit interested. The logical argument that they allowed the charge to be made and therefore should accept some responsibility won’t work.

So it is left to you to seek a refund.

Call the ‘service provider’ on the helpline number provided in the text. Make sure you record the call. Be absolutely clear that you never consented to their charges and ask for proof of that consent. Tell them that you want a full refund of all the charges made to your account. Different companies will respond in different ways to this request. Many of the slightly more reputable companies will admit that they hold no evidence, or at least that they had ‘technical difficulties’ and will proceed to make a refund by one of the mechanisms listed below. The reality is that, because it often takes weeks for consumers to notice these charges on their bills, by paying refunds they avoid complaints. This results in fewer complaints about their ‘service’ and consequently they are able to operate for longer before being closed down.

Other will insist that you consented to their charges and will steadfastly refuse to make any refund. Some will tell you to apply for a refund by email – to an address which never receives a reply. When emailing, request a delivery receipt and a read receipt. If you get these back, keep them as evidence.

If a full or partial refund is agreed it will not be credited back to your ‘phone account. This is an example of just how broken the Payforit system is. Money is taken from your ‘phone account. If a refund is agreed you would expect it to be credited back to the same account. But this is ‘not technically possible!’.

The refund is likely to use one of two mechanisms:

  1. A Paypal payment to your email address
  2. A text message sent to your ‘phone which has to be presented to a Post Office for payment.

You are entitled to insist on a refund to your phone account. This right is enshrined in the Consumer Rights Act Section 45(3). If you want to be difficult you can insist on this. Additionally, section 45(4) of the Consumer Rights Act allows 14 days for the refund to be made once it has been agreed. Keep evidence of the agreement to refund and the date it was agreed and the method which was agreed. I wouldn’t advise giving any additional personal information to these companies, so the refund options are somewhat limited.

If all attempts to get a refund from the scamming company fail, you can then go back to your network. Present them with the evidence that you have attempted to negotiate with the service provider, but that say that you remain dissatisfied. Remind them of Mobile Operators’ Code of Practice for the management and operation of Payforit. Ask them to provide the support that this Code requires. If the scammer has failed to engage with you, failed to provide evidence of your consent to the charge, or if the contact information supplied doesn’t work, you may have  case against your network. You will have done everything they asked you to do and it hasn’t worked! In these circumstances OfCom expect them to provide help and to make their own investigation. There is some evidence that the networks will make an ‘ex gratia’ payment to avoid bad publicity and avoid accusations of negligence.

If the network refuses to help you you will need to consider other courses of action. It is important to follow the process correctly in order to maximise your chances of success should the matter go to the Ombudsman, ADR or to the Small Claims Court.

Regardless of whether you are successful in getting a refund, there is still more for you to do!

Step 3 – Making a complaint to the Phone-paid Services Authority.

I’m receiving unexpected ‘Payforit’ charges – what should I do?

Step 1 – STOP further payforit charges from the same source.

example of the text we want to stop

If you are receiving text messages like those above, you need to stop them to avoid further charges.  Don’t ignore them. Don’t waste time at this stage arguing with your network. They won’t take responsibility and are unlikely to help you. You need to take action to prevent further unauthorised charges to your account. The best way to do this is by sending a STOP message to the shortcode number responsible for the subscription.

In the example above it is necessary to text STOP or STOP ALL to 83463 to prevent further charges to your account. ‘STOP ALL’  should stop all services on the given shortcode. This can be useful if you have, or think you might have, been signed up to more than one service.

You need to be sure to send the STOP message to the shortcode number in the subscription text. This text should be charged at your standard network rate. You should receive a confirmation text to confirm that you have been unsubscribed. Keep these texts until the whole matter is satisfactorily resolved.

Sending a STOP text and getting confirmation

Alternatively there is normally a phone number which you can call at standard rates, or out of your bundled minutes. You will also find this in the subscription text. If you phone, record the conversation so that there can be no subsequent dispute about what was said.

The charge receipt comes from Payforit and looks like this:

It is no use replying to this message, or indeed sending any message to Payforit.

Sometimes, all that is received is the Payforit receipt. In this case you need to identify the five digit number which is originating the charges.

What to do if you can’t identify the originator of the charges

Try to approach the process in an organised and businesslike manner. Record calls and keep texts. Ask for written confirmation of anything agreed verbally. Most people get a full refund, but you do need to follow the process. You can rant all you like at your network, but the system makes it difficult for them to stop the charges. I agree that they could and should do much more, but if you delay in taking action yourself you will weaken your legal position.

If you’re not clear what Payforit is, look here.

Stopped the texts? Time for Step 2 – try to get a refund.

 

Barring Third Party Charges

Step 4 – Protecting yourself from further scams

Update 10/04/2018

O2 now claim to be able to apply a ‘charge to bill’ bar which is effective against Payforit.


Update 29/03/18  Three inform me that they are unable to implement a ‘charge to bill’ bar for their customers.

There is a lot of confusion about what is possible to avoid third party charges to your ‘phone account.

Barring premium rate texts is sometimes proposed as a way of stopping these scams. It won’t work. It will prevent you sending premium rate texts, and may prevent you from seeing incoming premium rate texts. It will not stop you from being charged for incoming premium rate texts.

To stop these charges, you need a bar on third party charges to your account. At the time or writing it would appear that Vodafone,O2 and EE can put this bar on your account,  while Three can’t (or won’t?). If you have discovered otherwise, please comment on this post and let us know what your network can or can’t do.

You can test whether you have a charge to account bar in place by using a bus information service as follows – it shouldn’t cost more than about 25p:

Send a text to 87287.  In the body of the text just put 54321

It’ll cost your standard network text charge to send the text.
And another 12p to receive the reply.

Check your balance before you send the text

The test is, do you also get charged another 12p, and will a reply arrive.

Do let us know how you get on if you try this test. If your network has successfully applied a bar, please leave a comment so that this post can be updated.

The problem with Payforit – Why we need an ombudsman

Payforit is not a company, but is the name given to a system of making charges to ‘phone bills. The system is run by the four major networks (O2, Three, Vodafone and EE).

Many consumers are unaware that when they are browsing the internet over a 4G connection,  clicking on a link can result in their phone number being passed to a company to be used for charging purposes. This is fundamentally different to what happens when using a WiFi connection, where the consumer would have to knowingly enter their phone number.

The Payforit system assumes that all the companies making charges through it are reputable and will deal with complaints. In reality many of these companies (especially the scammers) are almost impossible to talk to. The helplines are often automated with no option to get a complaint dealt with by a human being.

When a consumer receives  charge on their bill, their first response is to call their network. The network denies all responsibility saying it is a third party charge. They are told to ask for a refund from the third party which has charged them.

The consumer takes this advice and tries to contact the company on the published helpline number. If they are lucky the helpline will respond with a quick refund. The scammers do this because it enables them to reduce the number of complaints, thereby lengthening the time they are able to operate. If you are unlucky the company will refuse to refund you, or worse still will be impossible to talk to.

At this point the consumer may go back to their network The network will still not accept responsibility and will refer them to PSA.

The problem with PSA is that it is not an ombudsman or a dispute resolution service. It doesn’t deal with individual complaints.

So the consumer is left with no means of resolution other than the courts. He could go the small claims court (which will mean he has to shell out more money!). The claim is unlikely to be disputed and he will probably succeed in getting a judgement. The problem then is in getting the judgement satisfied. Most of these companies have a headquarters address which is nothing more than an a post office box. There are no assets to track down and there is no property to put a charge on.

Given the huge volume of complaints about these services, an ombudsman service is urgently required.

PSA Consultation on Business Plan 2018/19

The regulator is currently consulting on its business plan for 2018/19. The PSA seem to live in  bubble where they are unaware of the scale of consumer dissatisfaction. It is estimated that only about 2% of defrauded consumers take the time to make a complaint. Whilst the regulator lacks effectiveness, they continue to pat themselves on the back for doing a good job!

https://psauthority.org.uk/blogs/2017/december/consultation-on-our-business-plan-and-budget-2018-19

I am making a submission as an interested consumer and I would urge others to do the same. The regulator needs to understand that there is a serious problem here and that consumers need a reliable method of obtaining a resolution when they dispute a Payforit transaction.

My response to the consultation can be read here.

The closing date for responses is 26th January 2018. Instructions for submitting responses are in section 8 of the consultation document, and are also reproduced below.

8. Consultation Process
8.1. Please structure your consultation response as answers to the following questions:

Q1 – Do our plans for 2018/19 sufficiently deliver our role as a regulator? What else do you think we should be doing or not doing?

Q2 – Do you have any comments on the proposed budget for 2018/19? If you recommend any changes, please clearly identify which areas of activity you expect this to impact upon.

Q3 – Do you have any comments on the proposed levy for 2018/19?

Q4 – What is your view on the estimated size of the market for 2018/19?

Q5 – Do you have any other comments on the Business Plan and Budget 2018/19?

8.2. We plan to publish the outcome of this consultation and to make available all responses received. If you want all, or part, of your submission to remain confidential, please clearly identify where this applies along with your reasons for doing so.

8.3. The closing date for responses is 26 January 2018, which is designed to allow the time necessary to issue notices regarding changes to the levy in good time for the start of the financial year on 1 April 2018.

8.4. Where possible, comments should be submitted in writing and sent by email to: pbarker@psauthority.org.uk
Copies may also be sent by mail to:
Peter Barker
Director of Corporate Services and Operations
Phone-paid Services Authority
25th Floor, 40 Bank Street
Canary Wharf
London E14 5NR
Tel: 020 7940 7405
If you have any queries about this consultation please telephone or email Peter Barker using the above contact details.

My response to the consultation. Feel free to use this as a model if you also wish to make a response.

Been scammed – Here’s how to complain to the Phone-paid Services Authority

 

Even if you have received a refund, you should still complain. It it contrary to the PSA Code of Conduct to sign people up for these services without their consent and these companies need to be shut down quickly. Your complaint may help others.

You can complain if you feel that the PSA guidance on consent to charge has not been followed.

Before complaining you need to know the following.

  1. The premium rate service the number relates to. This can be retrieved either from your text message confirmation or your phone bill.
  2. The name of the company providing the premium rate service.
  3. Your personal details, such as your name, address and contact details.
  4. The name of your phone or mobile network.

You do not need to attach a copy of your phone bill to make a complaint to PSA.

To make a complaint:

Go to the number checker on the PSA website: https://psauthority.org.uk/about-us/number-checker.

Put in the shortcode you are complaining about and click ‘Check it!’. You may need to complete a Captcha challenge in order to proceed to the next stage.

The next screen shows details of the company(s) responsible for the shortcode. Towards the bottom of the page there is ‘If you are unsatisfied with the outcome from the service provider, please get in touch with us here.’. Click on ‘here’ and you will be taken to the complaint form.

The more information you can include in your complaint, the easier it will be for PSA to take action.

If you find the online process too cumbersome you can complain by ‘phone on 0300 30 300 20 (Monday – Friday, 9.30am – 5pm, excluding bank holidays). This is charged as a normal landline call.

You can also contact them via Facebook messenger to ask questions, although you cannot submit a complaint this way.

If you still have problems making a complaint, contact me through this site for help.

If PSA try to discourage you from complaining, for example by insisting that you ask the company for details of how you signed up, be insistent. It is their job to investigate, not yours! Don’t forget you can message PSA on Facebook or Twitter and these conversations can be seen by the public!

You can also leave a review of PSA at https://www.facebook.com/pg/psauthority/reviews/

Having problems with your complaint to PSA?

Payforit Sucks – Here’ s Why

Welcome

Welcome to Payforit Sucks. This site is dedicated to highlighting the security issues with the Payforit system implemented by all of the major UK mobile networks.

What is Payforit?

Payforit is a mobile payment scheme which was originally set up by the four “big” UK mobile network operators, EE, O2, Three and Vodafone. The Mobile Virtual Networks like GiffGaff, Virgin and Tesco are not directly involved but are consulted and share in the profits.

It allows subscribers to purchase goods and services, directly from their mobile phone. Purchases made through Payforit are charged depending on whether the subscriber is on a pre-paid (or “Pay as you go”) plan, or whether they are on a pay-monthly plan.

In the case of a subscriber on a pre-paid plan, the charge will be deducted from the subscriber’s credit or airtime. If the subscriber is on a pay-monthly plan, then the charge will be added to their monthly phone bill.

How does Payforit work?

Payforit provides the facilities to bill mobile users directly through their mobile phone. There are two common methods, single-click billing and Wi-Fi billing.(1)

Single-click billing works only when the subscriber is browsing via their mobile data, and cannot work if the subscriber is using Wi-Fi. With single-click billing, all the subscriber needs to do is simply to click or tap a button, and the charge is immediately made. The phone number is automatically detected over mobile data, which is used for the billing of premium-rate services.

With Wi-Fi billing, things become more complicated. It is not currently possible to detect a subscriber’s mobile phone number through a Wi-Fi connection (unless it’s a “personal hotspot”, or mobile broadband connection, in which single-click billing applies instead), so the Payforit system will request the phone number of the subscriber. The subscriber enters their phone number, and a text is sent to that number with a confirmation code. The confirmation code needs to be entered into the Payforit system, in order to authorise the charge.

Stop Payforit helping thieves

So what’s the problem?

Briefly, when browsing or using Apps on a 4G network, this ‘service’  is capable of passing your phone number to a rogue trader and then allowing them to take money directly out of your phone account. Many consumers are unaware that this can happen and are shocked when they become the victim of one of these scams.

Payforit can be abused by scammers, especially in the single-click scenario, mentioned above. The single-click billing method requires no “real” authorization, other than clicking a link or a button in a web page, whereas the Wi-Fi billing method requires the user to receive a text message, and enter information from that message into a website.

Scammers have found various ways of getting consumers to click on these links. A popular one is to create a pop up box. When you click the X to close the box, you are deemed to have signed up to a subscription costing up to £4.50 per week.

It is also very easy to simulate a user clicking or tapping a button using Javascript. Javascript is client-side (meaning that it runs on your device) code used widely on the internet to provide interactivity with websites. Payforit  can’t tell whether a user willingly clicked or tapped a button, or whether it was done with Javascript code, without the user’s consent. In both cases it will pass the consumer’s phone number to the website and allow them to make charges against it. (2)

Some recent scams have used Apps downloaded from Google Play which contain malicious code which performs a sign up on your behalf. It is impossible to tell from the permissions requested by the App that there is a problem, as all that is required to sign you up is internet access through a mobile network. (3)

Let’s be clear about this, Payforit in itself is not a scam, but it does aid and abet scams and over recent years has been proven to be insecure.

References

  1. Full rules of the Payforit scheme
  2. Adjudication from PSA showing use of Javascript exploits
  3. Article on rogue Apps in Google Play Store