Legal Action

The reason payforit scams are so prevalent at the moment is that the regulations in place are much to weak.

 

Dishonest fraudsters will always be out there, but generally people only ever commit fraud or theft if they think they can get away with it. The answer to stop pay for it scams is so simple. Make it as difficult as possible for fraud to occur but still allow merchants (Level 2 providers) who do provide a valued service to continue to grow and expand their businesses.

 

The easiest way to achieve this objective is to make the Mobile Network Operators (MNOs) responsible for any fraudulent activity on a customers account, as long as the customer has not been negligent in any way. If this was implemented, as the industry grows and develops, the MNO’s would have ultimate responsibility to adapt their required security features to protect their customers, much like every other other payment mechanism for goods or services that exists today.

 

OFCOM acknowledges on their website that Rogue software can be embedded in such a way as to circumvent anyverifiable method of consumer consent to charges. MNOs claim that with payforit they are simply providing a service, in much the same way that they provide with phone calls or a text messages. MNOs would argue that it is the responsibility of the phone user and Level 2 providers to ensure that there are agreements in place for digital content purchased on a mobile phone, and that the agreements are consensual and legitimate. On the face of it this is not an unreasonable position to hold because MNO’s should not be held responsible for the text messages, phone calls and subsequent charges that their customers incur. After all, even if a phone is stolen, until the MNOs are notified of the stolen phone the MNO’s are legitimately providing a service in good faith. why should not liable for the calls or text any thief makes?

 

There is an important difference though, call and text billing security is generally reliable, it is very rarely the MNO’s responsibility if fraudulent calls or text messages occur on a customers bill. (There have been cases where MNOs have been notified of a theft of a phone and failed to act accordingly, but generally security is very good and it is rare the MNO is at fault.) However, imagine a hypothetical scenario whereby MNO’s security measures in place were so poor that they routinely allowed fraudulent cloning of their customers SIM card details through no fault of their customers. In this hypothetical situation, it would be the inherent weakness of the MNO security systems that facilitated this hypothetical fraud. Because it would have been the MNOs weak security they would have to compensate customers costs and it would be entirely unreasonable to expect the phone user to foot the bill.

 

Going back to the issue with payforit, when rogue software can be embedded in a mobile phone utilising “clickjacking” “iframing” “sticky pop ups”  and other nasty tricks, because the MNOs do not have any security features whatsoever before offering third parties access to their customers money, they are negligent. It has become unreasonable for the the MNO’s to offer such an inherently unpredictable service without providing any protection for their customers, the reason so many have been caught with payforit scams is not down to the customers negligence, it is the MNOs themselves who have been entirely negligent by not having security requirements.

 

Given it is the weakness of the system that fraudsters are exploiting, and that phone users are generally not being negligent this puts MNOs back squarely into the frame for ultimate responsibility, and they need to be held to account. My objective is a big court case to put this argument forward that forces the greedy MNO’s to refund ALL disputed purchases made on a mobile with no security requirement to be refunded without question.

 

OFCOM have given responsibility for regulating this shady industry to the Phone Paid Services Authority (PSA.) The PSA are funded by the MNOs, and have no powers to investigate individual cases and the system keeps penalising consumers and needs to change. I am not a lawyer, but I think individuals taking their own cases to the courts are unlikely to succeed for a number of reasons. Firstly any victories at the County Courts are not binding so each case will be looked at on a case by case basis and would be difficult to orchestrate a collective strategy. Secondly in my case the Level 2 Provider who scammed me had offered a refund and effectively accepted liability.

My personal opinion is that a Judicial Review against OFCOM or the PSA is the best way to move forward. A Judicial Review on the Grounds that the PSA Code of Practice or Communications Act 2003 are unlawful, because they wrongly absolve MNO’s of their collective responsibility, and provide no stipulation that MNOs are required to be able to refund back using the same method as was used to take payment.  This is a clear breach of s.45(4) of the Consumer Rights Act 2015

This will not be easy or cheap, and will require legal advice, Court Fees etc but I welcome any suggestions on crowdfunding, or pro-bono legal advice etc that can be offered to get this Court action started.

Scammers – Nuyoo

In May 2018 there have been a large number of complaints about Nuyoo fitness. This is a service operated by a company called SB7 Mobile, which has has previously broken the PSA Code. The previous adjudication can be seen here.

They operate through a Level 1 provider called Tap2Bill who are responsible for the 83463 shortcode which is associated with quite a few of these scams.

It also seems that a large number of affected consumers are with the Three network, so I wonder whether there may be a network specific problem here.

Advice if you’ve been affected by the Nuyoo scam.

Unfortunately, the way that this works is that you have to contact SB7 and get them to stop the subscription. You should also ask for a full refund of any money they have taken. You are entitled, under Section 45(3) of the Consumer Rights Act 2015 to insist that this refund is made back to the account from which it was taken. Under section 45(4) of the same act, any refund needs to be made within 14 days of it being offered and accepted.

If SB7do not co-operate or do not refund in full, you can then revert to your own network, and ask them to take action under the Mobile Operators Code Of Practice for the management and operation of PFI (Payforit).  O2, EE, Three and Vodafone also have their own procedures for handling ‘Payforit’  and these are linked on this page which gives more detailed advice on how to proceed if you are refused a full refund.

Ultimately if a full refund is refused I have evidence that these companies will pay out when faced with the possibility of a claim in the small claims court. Ultimately they have to prove that you knowingly consented to the payments or make a full refund.

You should also complain to the Phone-paid Services Authority about the unauthorised charges. The regulator will not handle individual cases, but will take action if specific companies generate a disproportionate number of complaints. SB7 have been the subject of a number of other recent complaints.

Sample reports of the Nuyoo ‘Payforit’ scam

On GiffGaff Forum

Nuyoo spam text
by aaronmc97 in Help & Support
‎12-04-2018 00:29
Hi, I’ve been hit with a spam message, said ive apparently joined “Nuyoo.co” and received a text telling me that I’ll pay £3 a week or I can text STOP to a number, I texted STOP and it wouldn’t go…
Show results in replies (3)

oscarmr has a question about Hello I am receiving …
by oscarmr in Help & Support
‎10-04-2018 20:32
…and I don’t even understand how it came to my phone. They are charging every time they send me a message at least 3 pounds. I have cancel premium calls and I am going to try to block the number with…
Show results in replies (5)

drpetermezes has a question about I recieved scam …
by drpetermezes in Help & Support
‎02-04-2018 22:21
I recieved the following text: FreeMsg: U have joined to get fit @ http://nuyoo.co for £3.00 a week. Ur first 24 hours are free. To cancel text stop to 83463. Help? 03300535869″ Please advise

spam text

by pharmaroxxx in Help & Support
‎24-03-2018 02:27
hi, i have received a text message from an online gym company (nuyoo.com) which wants to charge me £3 a week to recieve text messages from them. it says i have already signed up but i haven’t. what…
Hide results in replies

Been charged £3 for unknown text
by missbarron90 in Help & Support
‎12-01-2018 17:48
Hello i received a text message the other day from 3009007 the text said paid for it charge and it took £3 off my credit i have no idea what this is and have blocked the number has anyone else had…
Show results in replies (1)

 

 

O2 evidence to OfCom concerning the management of Payforit in 2012

This document was presented to Ofcom in 2012 as part of a review of ‘Payforit’

The full original document containing this is here: https://www.ofcom.org.uk/__data/assets/pdf_file/0019/46513/statement.pdf

Monitoring

Monitoring is undertaken by WMC, a specialist company contracted by O2 to monitor the Payforit service. They carry out their work on a daily basis.
When a violation is identified, it is classified as a red or yellow card offence details are applied and sent to Mike Round (Head of Interactive Messaging Products) weekly.

Enforcement

On receipt of the summary from WMC, Telefonica O2 sends a yellow or red card (as appropriate) to the relevant Level 1/Level 2 provider, who is then requested to make the necessary changes, so as to be in line with Telefonica’s audit standards and the PhonepayPlus Code of Practice.
The usual Red/Yellow card standards are applied as agreed by all networks in the past (Red for more serious consumer harming behaviour; yellow for less serious violations that have to be remedied within two working days)

Resolution of customer queries and complaints

O2 Prepay or contract customer contacts the relevant care agent.
Care agent undertakes security check on Prepay confirms data for Postpay and then looks up via Your Companion (online tool) to identify the shortcode and the services using that shortcode and the Level1/Level2 contact details.
On discussion with the consumer if they wish to call the Level1/Level 2 themselves the appropriate telephone number is given as displayed on the care form so that the consumer can call direct to query the charges.
If the consumer does not wish to call separately then the care agent would complete the relevant online form on behalf of the customer which is then automatically sent to the Telefonica O2 offshore team that deals with escalations. The consumer is kept up to date via SMS messages.
If the consumer does not get any satisfaction from calling the Level1/Level2 and calls back to us to resolve the issue we would then complete the online form and the details would be sent automatically to our offshore team to deal with.
The offshore team would then contact the appropriate Level 1 provider and request the call logs to confirm what issues the consumer has raised.
The offshore team then return these findings to the relevant care agent who initially dealt with the consumer query and they then contact the consumer to confirm the findings and apply credits if appropriate.

Vodafone evidence to Ofcom on Payforit Scheme Rules 2012

Submission to OfCom on the subject of the Management and Operation of the Payforit Scheme rules.

Introduction

In July 2011 OfCom issued a “Review of Premium Rate Services- An application of the analytical framework” and the Mobile Broadband Group led by Hamish MacLeod facilitated the MCP response to the review.
Following a meeting at OfCom offices on the 2nd November 2011 it was agreed by the MCP attendees to supply OfCom with a document outlining the current management and operation of the Payforit Scheme rules particular to each MCP.
This document is submitted by Vodafone UK to OfCom and should be viewed in conjunction with submissions from the other UK MCPs in support of the principal that the UK MCPs continue to self-regulate the Trusted Mobile Payment Framework and associated Scheme Rules known as ‘Payforit’.
Vodafone Background:
It is important that key elements of the context in which Payforit sits within Vodafone UK is outlined before detailing specific initiatives relating to its management.
1. Customer Focus: Vodafone UK holds to business principles that includes a requirement for each and every employee to place Vodafone UK’s customers’ satisfaction central to each proposition delivered and in support of this and requires aggregator partners to sign contracts that look to protect Vodafone UK’s customers’ best interests in terms of clear and fair pricing and simple methods of redress should the situation arise.
2. Partner Rationalisation: To ensure Vodafone UK only works with trustworthy partners, over the last two years it has been reducing the number of aggregator partners who are allowed to directly connect to the Vodafone UK network to provide content using MPay (Payforit), SMS,MMS or Voice/video services to Vodafone UK’s end customers.
The effect of this rationalisation is that those that remain are highly professional and diligent and effectively manage the risk that some of their end customers may pose to Vodafone UK’s customers
3. Proactive Partner Management: In September 2011 Vodafone UK launched an aggregator partner program. This looks to refine this attitude still further, a number of categories were defined and these are broadly based on products that they have with Vodafone UK, the volume of business transacted and Vodafone UK’s view of the way aggregator partners do business with it.
It is fully Vodafone UK’s intention to have Aggregator Partners categorised based on performance which will act as an incentive for aggregator partners to behave in a trustworthy and customer centric way.

Management and Operation of the Payforit Scheme rules within Vodafone UK.
Payforit Scheme Rules Summary:

• The Payforit Scheme Rules are designed to protect the Consumer and ensure the Merchants and their Payment Intermediaries deliver a great user experience to ensure satisfied customers return to the service.
• The Scheme Rules exist in parallel and are distinct from the other PRS services regulated by the PhonePay Plus 12th Code of Practice (CoP).
• In fast paced environment in which the aggregators and MCPs function, Payforit has adapted and will continue to adapt at a speed unlikely to be achieved by any formal regulation.
Vodafone UK initiatives and Processes to manage Payforit internally:

1. Contracts with Accredited Payment Intermediaries (APIs/Aggregators)

Each Aggregator Partner has signed contracts that stipulate compliance with English Law, Payforit Scheme rules, Vodafone PRS CoP, Vodafone 3rd Party Content Standards and other relevant Advertising CoP and PRS CoP.

2. Vodafone UK monitoring programme

• Vodafone UK’s Fraud, Risk & Security (FRS) teams actively monitor data/voice traffic to identify fraudulent patterns of activity. Product Managers (PM) are required to escalate, block traffic and/or withhold revenues to aggregator partners when requested.
• The Red/Yellow card alerts issued by MCPs are monitored and Vodafone UK would insist that the agreed alteration is carried through for use on the Vodafone network
• Close, effective working relationships with Phonepay Plus established and maintained in other areas of PRS enforcement are considered useful for intelligence on general fraud issues in the industry
• Vodafone UK conducts independent security access audits to ensure secure protocols are used by aggregator partners to access its Age Verification (AV) systems. AV is based on a contractual undertaking between Vodafone UK and the end customer. Customer Services log complaints and approach product managers to resolve issues as required.
• Product Managers conduct audits of aggregator partners and their adherence to Payforit Scheme Rules. Each aggregator partner is subject to spot audits and requests for information to support any investigation.

3. Vodafone UK enforcement process.

• Financial claw-backs. A system of claw-backs exists whereby credits, disputed revenues and costs incurred to Vodafone UK are removed from Out Payments in line with contractual terms.
• Red & Yellow Card System. Vodafone UK has signed up to the Red and Yellow Card scheme and takes the protection of our customers seriously. If Vodafone UK has issued a Red/Yellow card then the aggregator partner is obliged to rectify as specified All Red card issued are to be complied with by the aggregator partners Vodafone UK contracts with. In summary this means; Red card, comply immediately and/or remove the service from network immediately; the yellow card stipulates fix and/or respond within two days. Failure to remedy leads to a Red card. Vodafone UK has not issued any Red and Yellow cards in the last 12 months for 2 principle reasons;
i. Issues that are common to all MCPs tend to be reported quickly via the automated system that O2 has installed.
ii. As the number of Aggregator Partners has been drastically reduced and the BDM management ensures the dialogue between Vodafone UK and its Aggregator Partners manages conflict effectively.
• Aggregator partners that materially fail to comply with their Vodafone UK contract will be terminated and as Information Providers look for the ‘one-stop shop’ loss of access to a single network ensures ever increasing management of risk by Aggregator Partners. [Note: We are unlikely to terminate for minor breaches of contract]

4. Vodafone UK customer resolution process

1. Customer contact to query an item on the bill
2. Agent records the contact and description of enquiry
3. Using their training and a support script the agent identifies the shortcode and provides the merchant’s name and contact number and advises the customer in the first instance to approach the merchant for an explanation and/or refund.
4. If the customer returns to Vodafone UK dissatisfied with the outcome then the Vodafone customer services agent will take responsibility for remedying the situation and crediting the customer directly.
5. The customer care team keep a central log of complaints and issues to help resolve customer experience. If a merchant is flagged as a recurring problem then the product manager is informed and asked to investigate the cause of the customer dissatisfaction.
6. Credit is moved to the Out Payments team who clawback the credits and costs pertaining to the customer.

When the customer does not receive satisfaction, a Case History:

This was brought forward by PP+ on 10th November 2011 to ask what had been done to support this customer)
Mrs GM, 07786 xxx xxx
PP+ quote: “Samsung Galaxy receiving charges for KKO Mobile”. “I’ve had no texts, no nothing, I’ve been charged since May. any apps I get are free, I haven’t clicked on any adverts. I only found out after I checked my banking and noticed that my bill was £70 this month.”

Vodafone UK Outcome.

The customer was directly credited £210 by Vodafone UK on the 31.10.11 when the ‘due process’ had been followed to determine the validity of the claim. The customer logs show that she signed up online for a service on 31/03/11 and has had regular charges of £18 a month £4.50×4.
This case was resolved in a single day by the Vodafone UK Customer Care team in the normal process (with no prompting from external parties) and the customer was satisfied with the prompt resolution that Vodafone UK delivered for her.
This case was not escalated to the product manager as the issue was not deemed to contain fraud and would have been included in the weekly credit report.
Conclusion:
Vodafone UK believes it has the processes in place to fully support customers and the desire to see this sector of the market grow and it believes this can be done with the current self-regulatory frame work in place

EE procedures for ‘Payforit’ complaints as given to Ofcom in 2012

Monitoring

– Any queries/ complaints that come through from front line as an escalation point are investigated on a case by case basis and can result in red/ yellow cards being issued. Any API’s found to be consistently in breach are then taken action against which can again result in red/yellow cards being issued
– In a self-regulated environment, EE are happy to put in place a third party entity to monitor API behaviour to make sure that payment flows, merchant contact details, delivery of digital goods etc are all in compliance with the scheme rules.

Enforcement Process

– If an API has been found to be in breach of the scheme rules, there is a dedicated team that works on issuing a red or yellow card depending on the severity of the breach and the potential for consumer harm. In some cases, if a yellow card is issued and the problem has not been resolved within 48 hours, then a red card may be issued.
– As PhonepayPlus is aware, information on breaches is quickly shared with the rest of the operators for information purposes only. In a similar manner, we appreciate information shared to us by other operators. All red/yellow card decisions are made purely on an individual basis only.

Customer Resolution Process

– If a customer has a query on a Payforit charge which shows on their bill or is deducted from their Pay As You Go allowance and do not have the details of the third party, they would initially turn to their MCP customer service line (by dialling 150 from their handsets) . Our customer service call centre advisers on both T-Mobile and Orange are provided with and trained on systems that can identify Payforit transactions as well as the associated API (on Orange) and API/ merchant (on T-Mobile). Central support systems are also in place within the call centres for both T-Mobile and Orange, and any information the advisor may need on the Payforit service, how it works, who to contact etc is all detailed within these support systems.
– An example Orange Payforit support system for front line customer services:
– If a customer contacts the Orange or T-Mobile customer service call centres about a transaction they didn’t make via Payforit, our frontline agent for Orange would be able to identify the API that billed for the service and would then either pass the customer to the API by providing them with the API’s phone number/ email address or they may just refund the amount if it was a small amount. On T-Mobile, the merchant can be identified using the MT service ID that appears on the customer’s bill and the customer would then be passed to the merchant by means of providing them with a phone number/ email address or a refund may be issued if it is a small amount. The MT service id range on T-Mobile for Payforit is different to that of PSMS so both types of transaction can be identified from their service ids straight away. There is also a different bill description which states “Payforit charge” for Payforit and “Premium Text” for PSMS.
– If the customer does not get any satisfaction from calling the API or merchant and calls back to Everything Everywhere to resolve the issue, Everything Everywhere would then pursue the matter to resolution directly with the API or merchant.
– T-Mobile customers can now use an online tool (https://www.t-mobile.co.uk/pricing-data/sms-code-check/result/) where they can input either a Service ID from the bill (e.g 700030099) or a shortcode to obtain details of the third party. The above URL is also printed on the back of customer bills.
– Any query that cannot be resolved by front line customer service advisors are routed through an escalation process for which we have a designated team:
Orange – Issues are escalated by frontline agents using a tool called ‘Merlin’. These are then managed by a back office team in our Plymouth call centre who contact the API and resolve the issue on the customer’s behalf. If a refund is due then the team will apply this directly to the customer’s bill for contract customers, or provide airtime credit to if PAYG. The refund will be clawed back from the API. The back office team will also include the details of the issue in a report which is sent to the Operation Team on a weekly basis so that they have visibility of the escalations which they can then monitor and review (and where necessary issue warnings and red/yellow cards).
T-Mobile – Escalations are sent to the Operations Team via a follow-up email and these are then dealt with in the same way as Orange escalations above.

Remote Games – Scams reported on GiffGaff during two weeks in October 2017

 

These report appeared during the period 16th-31st October 2017 on the GiffGaff forum. There were numerous similar reports in other forums and social media..

Phone-paid Services Agency say that there is not sufficient evidence ‘on the balance of probabilities’ that there was anything wrong! Just how much evidence would they need before it became obvious that the sign-up process for this ‘service’ was not compliant with the regulator’s Code of Practice.

Are PSA saying that all these consumers were lying, and knowingly signed up to this? This has totally destroyed any confidence I had in PSA as a regulator.

Received 2 unsolicited premium texts, at £4.50 eac…

by badgerist in Help & Support

‎31-10-2017 17:25

Hi just noticed two premium texts have taken £4.50 each out of my airtime credit (only had £10 in as I use goodybag). No idea what they are or where from, and no number listed (just a hyphen) on the …

Show results in replies (2)

Remote Games/ FunnyVideos/ PayForIT scams using sh…

by muggles708 in General Discussion

‎30-10-2017 20:24

7 Kudos

…account by Remote Games Ltd on 31st October, despite a STOP message being sent on 27th October and being assured on the phone that there would be no charges. Phoned Remote Games Ltd twice. The first…

Show results in replies (8)

HELP I am being scammed

by kimtrapese in Help & Support

‎25-10-2017 12:17

Hi there I am really desperate, £4.50 keeps getting taking of my account from 30090009 and 83463. I have texted STOP and htey take more money of me and they keep coming. what can I do Kim

Show results in replies (2)

Receiving unwanted premium texts

by nairski in Help & Support

‎24-10-2017 10:46

Hi, A few weeks ago I received “FreeMsg: Thank you for subscribing to FunnyVideos for £4.50 every week from Remote Games Ltd until you text STOP to 83463, HELP?  033300535843” Also at same…

Show results in replies (5)

Received Payforit Charge text without any purchase

by mister_t in Help & Support

‎21-10-2017 20:40

Last wk I had 3 texts.  First from 30090009 just stating PayForIt charge, then a 2nd  from Receipt thanking me for subscribing to Funnyvideos and I would be charged £4.50 a wk and a 3rd wit…

Show results in replies (4)

Help with message 83463

by kartac2016 in Help & Support

‎20-10-2017 20:31

Hello,  Please could You help me. I received message: FreeMsg: Thank you for subscribing to FunnyVideos for £4.50 every week from Remote Games Ltd until you text STOP to 83463. HELP? 03300535843…

Show results in replies (4)

Remote Games Ltd Scam at £4.50 a time Not Happy

by ernies_nan in Help & Support

‎20-10-2017 15:59

hello fellow Giff Gaff Members, I am really annoyed and frustrated as Wednesday evening I received text message on my phone telling me that an on line Company known as REMOTE GAMES LTD had kindly…

Show results in replies (3)

PayForIT Charge

by cazzawozza in Help & Support

‎19-10-2017 22:57

Hi – I have been debited 4.50 twice in the last 2 hours on my phone 🙁  Any idea how I stop this? no idea where this has come from

Show results in replies (4)

unwanted subscription

by morecakeplease in Help & Support

‎19-10-2017 17:59

Recieved at 10.30 today saying  FreeMSG: Thank you fo subsribing to FunnyVideos for £4.50 every week from Remote Games Ltd until you text STOP to 83463 HELP 03300535843. Please…

Weird message…

by agathia in Help & Support

‎16-10-2017 19:16

PSA were no help at all to me. Their reply stated that they could not identify the number I received, and unless I told them who had charged my phone they could not assist. I don’t know who charged t…

Show results in replies (2)

I have been fraud

by kristophoros in Help & Support

‎16-10-2017 16:25

In this morning I’ve received 3 text messeges from Remote Games ltd. They took 4.50 pounds from me without any permission, claiming that I had subscibed to their service which I had not. I’ve…

Show results in replies (4)

 

Scams using shortcode 83463

Many Payforit scams make use of shortcode 83463. So who is responsible?

The PSA has the following information about shortcode number:

83463

 

Customer care number: 0333 003 0599
Customer care email: customer.service@tap2bill.com
Customer care website: Tap2Bill Limited has not provided this information
Search result provided by: Tap2Bill Limited
Service connected on: 26 May 2016
Service terminated on: This service is still operating
Name of service: PayforIt Product Free to User Shortcode
Type of service: Tap2Bill Limited has not provided this information
Service description: Shortcode used for sending free reminder messages and consumers to text STOP to.
How much does this service cost? zero

If you would like to find out more about this service or have a question about it, then you should contact the service provider: Tap2Bill Limited

Tap2Bill Limited
5 St. John’s Lane
Farringdon
London
EC1M 4BH
United Kingdom

EE take action to stop Payforit subscription scams

It would appear that, at last, EE are doing something about these subscription scams.

The links below relate to changes being required by EE for subscription services using Payforit. Essentially EE are now requiring two step authentication for all subscription services using Payforit. This means it will no longer be possible to become signed up to these services just by clicking a link.

https://blog.impulsepay.com/post/170580247572/ee-flow-changes-15th-february-2018

https://clients.txtnation.com/hc/en-us/articles/360000656991-UK-Changes-to-PFI-payment-flow-on-EE

What isn’t clear is whether EE will apply these requirements to it’s ‘own portal’ services (which don’t use Payforit).

At least one of the networks appears to be taking some action to stop these scams.