O2 evidence to OfCom concerning the management of Payforit in 2012

This document was presented to Ofcom in 2012 as part of a review of ‘Payforit’

The full original document containing this is here: https://www.ofcom.org.uk/__data/assets/pdf_file/0019/46513/statement.pdf

Monitoring

Monitoring is undertaken by WMC, a specialist company contracted by O2 to monitor the Payforit service. They carry out their work on a daily basis.
When a violation is identified, it is classified as a red or yellow card offence details are applied and sent to Mike Round (Head of Interactive Messaging Products) weekly.

Enforcement

On receipt of the summary from WMC, Telefonica O2 sends a yellow or red card (as appropriate) to the relevant Level 1/Level 2 provider, who is then requested to make the necessary changes, so as to be in line with Telefonica’s audit standards and the PhonepayPlus Code of Practice.
The usual Red/Yellow card standards are applied as agreed by all networks in the past (Red for more serious consumer harming behaviour; yellow for less serious violations that have to be remedied within two working days)

Resolution of customer queries and complaints

O2 Prepay or contract customer contacts the relevant care agent.
Care agent undertakes security check on Prepay confirms data for Postpay and then looks up via Your Companion (online tool) to identify the shortcode and the services using that shortcode and the Level1/Level2 contact details.
On discussion with the consumer if they wish to call the Level1/Level 2 themselves the appropriate telephone number is given as displayed on the care form so that the consumer can call direct to query the charges.
If the consumer does not wish to call separately then the care agent would complete the relevant online form on behalf of the customer which is then automatically sent to the Telefonica O2 offshore team that deals with escalations. The consumer is kept up to date via SMS messages.
If the consumer does not get any satisfaction from calling the Level1/Level2 and calls back to us to resolve the issue we would then complete the online form and the details would be sent automatically to our offshore team to deal with.
The offshore team would then contact the appropriate Level 1 provider and request the call logs to confirm what issues the consumer has raised.
The offshore team then return these findings to the relevant care agent who initially dealt with the consumer query and they then contact the consumer to confirm the findings and apply credits if appropriate.

Vodafone evidence to Ofcom on Payforit Scheme Rules 2012

Submission to OfCom on the subject of the Management and Operation of the Payforit Scheme rules.

Introduction

In July 2011 OfCom issued a “Review of Premium Rate Services- An application of the analytical framework” and the Mobile Broadband Group led by Hamish MacLeod facilitated the MCP response to the review.
Following a meeting at OfCom offices on the 2nd November 2011 it was agreed by the MCP attendees to supply OfCom with a document outlining the current management and operation of the Payforit Scheme rules particular to each MCP.
This document is submitted by Vodafone UK to OfCom and should be viewed in conjunction with submissions from the other UK MCPs in support of the principal that the UK MCPs continue to self-regulate the Trusted Mobile Payment Framework and associated Scheme Rules known as ‘Payforit’.
Vodafone Background:
It is important that key elements of the context in which Payforit sits within Vodafone UK is outlined before detailing specific initiatives relating to its management.
1. Customer Focus: Vodafone UK holds to business principles that includes a requirement for each and every employee to place Vodafone UK’s customers’ satisfaction central to each proposition delivered and in support of this and requires aggregator partners to sign contracts that look to protect Vodafone UK’s customers’ best interests in terms of clear and fair pricing and simple methods of redress should the situation arise.
2. Partner Rationalisation: To ensure Vodafone UK only works with trustworthy partners, over the last two years it has been reducing the number of aggregator partners who are allowed to directly connect to the Vodafone UK network to provide content using MPay (Payforit), SMS,MMS or Voice/video services to Vodafone UK’s end customers.
The effect of this rationalisation is that those that remain are highly professional and diligent and effectively manage the risk that some of their end customers may pose to Vodafone UK’s customers
3. Proactive Partner Management: In September 2011 Vodafone UK launched an aggregator partner program. This looks to refine this attitude still further, a number of categories were defined and these are broadly based on products that they have with Vodafone UK, the volume of business transacted and Vodafone UK’s view of the way aggregator partners do business with it.
It is fully Vodafone UK’s intention to have Aggregator Partners categorised based on performance which will act as an incentive for aggregator partners to behave in a trustworthy and customer centric way.

Management and Operation of the Payforit Scheme rules within Vodafone UK.
Payforit Scheme Rules Summary:

• The Payforit Scheme Rules are designed to protect the Consumer and ensure the Merchants and their Payment Intermediaries deliver a great user experience to ensure satisfied customers return to the service.
• The Scheme Rules exist in parallel and are distinct from the other PRS services regulated by the PhonePay Plus 12th Code of Practice (CoP).
• In fast paced environment in which the aggregators and MCPs function, Payforit has adapted and will continue to adapt at a speed unlikely to be achieved by any formal regulation.
Vodafone UK initiatives and Processes to manage Payforit internally:

1. Contracts with Accredited Payment Intermediaries (APIs/Aggregators)

Each Aggregator Partner has signed contracts that stipulate compliance with English Law, Payforit Scheme rules, Vodafone PRS CoP, Vodafone 3rd Party Content Standards and other relevant Advertising CoP and PRS CoP.

2. Vodafone UK monitoring programme

• Vodafone UK’s Fraud, Risk & Security (FRS) teams actively monitor data/voice traffic to identify fraudulent patterns of activity. Product Managers (PM) are required to escalate, block traffic and/or withhold revenues to aggregator partners when requested.
• The Red/Yellow card alerts issued by MCPs are monitored and Vodafone UK would insist that the agreed alteration is carried through for use on the Vodafone network
• Close, effective working relationships with Phonepay Plus established and maintained in other areas of PRS enforcement are considered useful for intelligence on general fraud issues in the industry
• Vodafone UK conducts independent security access audits to ensure secure protocols are used by aggregator partners to access its Age Verification (AV) systems. AV is based on a contractual undertaking between Vodafone UK and the end customer. Customer Services log complaints and approach product managers to resolve issues as required.
• Product Managers conduct audits of aggregator partners and their adherence to Payforit Scheme Rules. Each aggregator partner is subject to spot audits and requests for information to support any investigation.

3. Vodafone UK enforcement process.

• Financial claw-backs. A system of claw-backs exists whereby credits, disputed revenues and costs incurred to Vodafone UK are removed from Out Payments in line with contractual terms.
• Red & Yellow Card System. Vodafone UK has signed up to the Red and Yellow Card scheme and takes the protection of our customers seriously. If Vodafone UK has issued a Red/Yellow card then the aggregator partner is obliged to rectify as specified All Red card issued are to be complied with by the aggregator partners Vodafone UK contracts with. In summary this means; Red card, comply immediately and/or remove the service from network immediately; the yellow card stipulates fix and/or respond within two days. Failure to remedy leads to a Red card. Vodafone UK has not issued any Red and Yellow cards in the last 12 months for 2 principle reasons;
i. Issues that are common to all MCPs tend to be reported quickly via the automated system that O2 has installed.
ii. As the number of Aggregator Partners has been drastically reduced and the BDM management ensures the dialogue between Vodafone UK and its Aggregator Partners manages conflict effectively.
• Aggregator partners that materially fail to comply with their Vodafone UK contract will be terminated and as Information Providers look for the ‘one-stop shop’ loss of access to a single network ensures ever increasing management of risk by Aggregator Partners. [Note: We are unlikely to terminate for minor breaches of contract]

4. Vodafone UK customer resolution process

1. Customer contact to query an item on the bill
2. Agent records the contact and description of enquiry
3. Using their training and a support script the agent identifies the shortcode and provides the merchant’s name and contact number and advises the customer in the first instance to approach the merchant for an explanation and/or refund.
4. If the customer returns to Vodafone UK dissatisfied with the outcome then the Vodafone customer services agent will take responsibility for remedying the situation and crediting the customer directly.
5. The customer care team keep a central log of complaints and issues to help resolve customer experience. If a merchant is flagged as a recurring problem then the product manager is informed and asked to investigate the cause of the customer dissatisfaction.
6. Credit is moved to the Out Payments team who clawback the credits and costs pertaining to the customer.

When the customer does not receive satisfaction, a Case History:

This was brought forward by PP+ on 10th November 2011 to ask what had been done to support this customer)
Mrs GM, 07786 xxx xxx
PP+ quote: “Samsung Galaxy receiving charges for KKO Mobile”. “I’ve had no texts, no nothing, I’ve been charged since May. any apps I get are free, I haven’t clicked on any adverts. I only found out after I checked my banking and noticed that my bill was £70 this month.”

Vodafone UK Outcome.

The customer was directly credited £210 by Vodafone UK on the 31.10.11 when the ‘due process’ had been followed to determine the validity of the claim. The customer logs show that she signed up online for a service on 31/03/11 and has had regular charges of £18 a month £4.50×4.
This case was resolved in a single day by the Vodafone UK Customer Care team in the normal process (with no prompting from external parties) and the customer was satisfied with the prompt resolution that Vodafone UK delivered for her.
This case was not escalated to the product manager as the issue was not deemed to contain fraud and would have been included in the weekly credit report.
Conclusion:
Vodafone UK believes it has the processes in place to fully support customers and the desire to see this sector of the market grow and it believes this can be done with the current self-regulatory frame work in place

EE procedures for ‘Payforit’ complaints as given to Ofcom in 2012

Monitoring

– Any queries/ complaints that come through from front line as an escalation point are investigated on a case by case basis and can result in red/ yellow cards being issued. Any API’s found to be consistently in breach are then taken action against which can again result in red/yellow cards being issued
– In a self-regulated environment, EE are happy to put in place a third party entity to monitor API behaviour to make sure that payment flows, merchant contact details, delivery of digital goods etc are all in compliance with the scheme rules.

Enforcement Process

– If an API has been found to be in breach of the scheme rules, there is a dedicated team that works on issuing a red or yellow card depending on the severity of the breach and the potential for consumer harm. In some cases, if a yellow card is issued and the problem has not been resolved within 48 hours, then a red card may be issued.
– As PhonepayPlus is aware, information on breaches is quickly shared with the rest of the operators for information purposes only. In a similar manner, we appreciate information shared to us by other operators. All red/yellow card decisions are made purely on an individual basis only.

Customer Resolution Process

– If a customer has a query on a Payforit charge which shows on their bill or is deducted from their Pay As You Go allowance and do not have the details of the third party, they would initially turn to their MCP customer service line (by dialling 150 from their handsets) . Our customer service call centre advisers on both T-Mobile and Orange are provided with and trained on systems that can identify Payforit transactions as well as the associated API (on Orange) and API/ merchant (on T-Mobile). Central support systems are also in place within the call centres for both T-Mobile and Orange, and any information the advisor may need on the Payforit service, how it works, who to contact etc is all detailed within these support systems.
– An example Orange Payforit support system for front line customer services:
– If a customer contacts the Orange or T-Mobile customer service call centres about a transaction they didn’t make via Payforit, our frontline agent for Orange would be able to identify the API that billed for the service and would then either pass the customer to the API by providing them with the API’s phone number/ email address or they may just refund the amount if it was a small amount. On T-Mobile, the merchant can be identified using the MT service ID that appears on the customer’s bill and the customer would then be passed to the merchant by means of providing them with a phone number/ email address or a refund may be issued if it is a small amount. The MT service id range on T-Mobile for Payforit is different to that of PSMS so both types of transaction can be identified from their service ids straight away. There is also a different bill description which states “Payforit charge” for Payforit and “Premium Text” for PSMS.
– If the customer does not get any satisfaction from calling the API or merchant and calls back to Everything Everywhere to resolve the issue, Everything Everywhere would then pursue the matter to resolution directly with the API or merchant.
– T-Mobile customers can now use an online tool (https://www.t-mobile.co.uk/pricing-data/sms-code-check/result/) where they can input either a Service ID from the bill (e.g 700030099) or a shortcode to obtain details of the third party. The above URL is also printed on the back of customer bills.
– Any query that cannot be resolved by front line customer service advisors are routed through an escalation process for which we have a designated team:
Orange – Issues are escalated by frontline agents using a tool called ‘Merlin’. These are then managed by a back office team in our Plymouth call centre who contact the API and resolve the issue on the customer’s behalf. If a refund is due then the team will apply this directly to the customer’s bill for contract customers, or provide airtime credit to if PAYG. The refund will be clawed back from the API. The back office team will also include the details of the issue in a report which is sent to the Operation Team on a weekly basis so that they have visibility of the escalations which they can then monitor and review (and where necessary issue warnings and red/yellow cards).
T-Mobile – Escalations are sent to the Operations Team via a follow-up email and these are then dealt with in the same way as Orange escalations above.

Remote Games – Scams reported on GiffGaff during two weeks in October 2017

 

These report appeared during the period 16th-31st October 2017 on the GiffGaff forum. There were numerous similar reports in other forums and social media..

Phone-paid Services Agency say that there is not sufficient evidence ‘on the balance of probabilities’ that there was anything wrong! Just how much evidence would they need before it became obvious that the sign-up process for this ‘service’ was not compliant with the regulator’s Code of Practice.

Are PSA saying that all these consumers were lying, and knowingly signed up to this? This has totally destroyed any confidence I had in PSA as a regulator.

Received 2 unsolicited premium texts, at £4.50 eac…

by badgerist in Help & Support

‎31-10-2017 17:25

Hi just noticed two premium texts have taken £4.50 each out of my airtime credit (only had £10 in as I use goodybag). No idea what they are or where from, and no number listed (just a hyphen) on the …

Show results in replies (2)

Remote Games/ FunnyVideos/ PayForIT scams using sh…

by muggles708 in General Discussion

‎30-10-2017 20:24

7 Kudos

…account by Remote Games Ltd on 31st October, despite a STOP message being sent on 27th October and being assured on the phone that there would be no charges. Phoned Remote Games Ltd twice. The first…

Show results in replies (8)

HELP I am being scammed

by kimtrapese in Help & Support

‎25-10-2017 12:17

Hi there I am really desperate, £4.50 keeps getting taking of my account from 30090009 and 83463. I have texted STOP and htey take more money of me and they keep coming. what can I do Kim

Show results in replies (2)

Receiving unwanted premium texts

by nairski in Help & Support

‎24-10-2017 10:46

Hi, A few weeks ago I received “FreeMsg: Thank you for subscribing to FunnyVideos for £4.50 every week from Remote Games Ltd until you text STOP to 83463, HELP?  033300535843” Also at same…

Show results in replies (5)

Received Payforit Charge text without any purchase

by mister_t in Help & Support

‎21-10-2017 20:40

Last wk I had 3 texts.  First from 30090009 just stating PayForIt charge, then a 2nd  from Receipt thanking me for subscribing to Funnyvideos and I would be charged £4.50 a wk and a 3rd wit…

Show results in replies (4)

Help with message 83463

by kartac2016 in Help & Support

‎20-10-2017 20:31

Hello,  Please could You help me. I received message: FreeMsg: Thank you for subscribing to FunnyVideos for £4.50 every week from Remote Games Ltd until you text STOP to 83463. HELP? 03300535843…

Show results in replies (4)

Remote Games Ltd Scam at £4.50 a time Not Happy

by ernies_nan in Help & Support

‎20-10-2017 15:59

hello fellow Giff Gaff Members, I am really annoyed and frustrated as Wednesday evening I received text message on my phone telling me that an on line Company known as REMOTE GAMES LTD had kindly…

Show results in replies (3)

PayForIT Charge

by cazzawozza in Help & Support

‎19-10-2017 22:57

Hi – I have been debited 4.50 twice in the last 2 hours on my phone 🙁  Any idea how I stop this? no idea where this has come from

Show results in replies (4)

unwanted subscription

by morecakeplease in Help & Support

‎19-10-2017 17:59

Recieved at 10.30 today saying  FreeMSG: Thank you fo subsribing to FunnyVideos for £4.50 every week from Remote Games Ltd until you text STOP to 83463 HELP 03300535843. Please…

Weird message…

by agathia in Help & Support

‎16-10-2017 19:16

PSA were no help at all to me. Their reply stated that they could not identify the number I received, and unless I told them who had charged my phone they could not assist. I don’t know who charged t…

Show results in replies (2)

I have been fraud

by kristophoros in Help & Support

‎16-10-2017 16:25

In this morning I’ve received 3 text messeges from Remote Games ltd. They took 4.50 pounds from me without any permission, claiming that I had subscibed to their service which I had not. I’ve…

Show results in replies (4)

 

Scams using shortcode 83463

Many Payforit scams make use of shortcode 83463. So who is responsible?

The PSA has the following information about shortcode number:

83463

 

Customer care number: 0333 003 0599
Customer care email: customer.service@tap2bill.com
Customer care website: Tap2Bill Limited has not provided this information
Search result provided by: Tap2Bill Limited
Service connected on: 26 May 2016
Service terminated on: This service is still operating
Name of service: PayforIt Product Free to User Shortcode
Type of service: Tap2Bill Limited has not provided this information
Service description: Shortcode used for sending free reminder messages and consumers to text STOP to.
How much does this service cost? zero

If you would like to find out more about this service or have a question about it, then you should contact the service provider: Tap2Bill Limited

Tap2Bill Limited
5 St. John’s Lane
Farringdon
London
EC1M 4BH
United Kingdom

What to do if you can’t identify the originator of the charges

If you have received a ‘Payforit’ receipt text, but have no other text messages to identify the originator of the charges, things have the potential to get more complicated.

The first thing to check is that you are not barring the receipt of premium rate texts. There is little point in barring the receipt of these texts, as you are charged for them whether you receive them or not!

Check your messages,
Also check to see if you’ve placed a 5 digit number on your blocked /spam /reject list. If you have, unblock it and text the words STOP ALL to it

If you can’t identify the originator of the texts, you could try this link
http://mobilepaymentsupport.com
Input your mobile number and click send pin
You’ll receive a 4 digit number by text
Input that back on the page and click send

The next page will show details of any subscription your number is currently linked to including contact details and the 5 digit number to text the STOP ALL text.

Unfortunately this won’t work for all ‘services’, so even after this, you may still be unable to identify the ‘service’ you are signed up to.

At this stage you will need to raise the issue with your network. The regulator expects networks to render this minimal level of assistance, so if they are unhelpful, raise it as a formal complaint.

 

 

EE take action to stop Payforit subscription scams

It would appear that, at last, EE are doing something about these subscription scams.

The links below relate to changes being required by EE for subscription services using Payforit. Essentially EE are now requiring two step authentication for all subscription services using Payforit. This means it will no longer be possible to become signed up to these services just by clicking a link.

https://blog.impulsepay.com/post/170580247572/ee-flow-changes-15th-february-2018

https://clients.txtnation.com/hc/en-us/articles/360000656991-UK-Changes-to-PFI-payment-flow-on-EE

What isn’t clear is whether EE will apply these requirements to it’s ‘own portal’ services (which don’t use Payforit).

At least one of the networks appears to be taking some action to stop these scams.

My response to PSA consultation

Stop Payforit FraudStop Payforit Fraud

Response to PSA Consultation on Business Plan 2018/19

Introduction

I am writing this response because these consultations tend to get many responses from the industry and few or none from the consumers that PSA are supposed to be protecting.

I have begun to campaign for reform of direct carrier billing in the UK after a member of my family was the victim of fraud via ‘Payforit’. She was signed up, without her consent, to a subscription service costing £4.50 per week. I was able to cap her losses at £4.50 by sending a STOP message within three hours of the initial subscription message. However, the battle to get the £4.50 returned took eight weeks, twelve telephone calls, 17 emails two ‘signed for’ letters and the threat of legal action. My battle to get an explanation of how she came to be subscribed is ongoing.

The timescales and difficulty I experienced in complaining are completely in conflict with para 2.6 of the Code of Conduct, and I am not alone in experiencing these difficulties. The failure to deal with complaints in a timely manner should be sufficient to enable the regulator to suspend the offending company’s ‘services’.

I was astonished at the lack of any form of consumer protection against these frauds and at the lack of cooperation or concern from the network, the level 1 provider and the regulator.

A look through the user forums of the major networks will leave nobody in any doubt that there is a serious problem with fraudulent subscription services. Hardly a day goes by without a consumer claiming that they have been signed up, without consent, to a subscription service costing £4.50 per week (or occasionally less).  I refuse to believe that all these people are lying or stupid!

Payforit is an archaic and inherently insecure payment mechanism. It has not adapted to reduce the incidence of fraud as other payment mechanisms have. It doesn’t have a centralised service for complaints and disputes. It doesn’t have a refund mechanism. PSA are well aware of these shortcomings, but do nothing to encourage reform. They know that malicious code in a web page, or in a downloaded App can sign users up to these services, without the consumer being aware that it has happened. They have been aware of the use of these exploits for several years, but nothing has been done to prevent them. They sit on their hands instead of being proactive in bringing these frauds to a halt.

Consumers are becoming increasingly aware of the fraudulent use of direct billing and are coming to regard the industry as a bit like the ‘Wild West’ with an ineffective and reluctant sheriff in the form of PSA.

 

 

Q1 – Do our plans for 2018/19 sufficiently deliver our role as a regulator?

Most consumers are unaware of the role of PSA and only become aware when they have a problem with a ‘service’. Even the industry doesn’t seem to understand the regulator’s role. One of the major networks still refers defrauded customers to PSA ‘to get a refund’, implying that PSA would deal with their individual complaint.

Those consumers who refer issues to the regulator are frequently dissatisfied. Facebook reviews show a predominance of 1 star reviews from consumers dissatisfied with the service PSA has provided. Some of this dissatisfaction stems from a misunderstanding of PSA’s role. However, there is nothing more galling for a complainant, weeks after reporting a ‘service’, than to find that ‘service’ is still defrauding consumers.  I see little prospect of improvement while the PSA exhibits such complacency. The regulator needs to engage more with the consumers it is supposed to be protecting.

Consumers will compare the consumer protection offered by phone paid services with those of other payment methods (Paypal, Contactless Payments, Direct Debits, Credit Cards, Debit Cards etc). The providers of all these payment methods provide clear mechanisms for the resolution of disputed transactions. Payforit and other direct operator billing methods offer no clearly defined or published mechanism for the resolution of disputes.

Obtaining a refund for losses due to fraud is rarely possible due to the nature of the ‘service providers’ who hide behind an automated phone number, an email address which is never replied to,  and an accommodation address shared with dozens of other companies. Most consumers admit defeat and write off their losses.

If I dispute a direct debit with my bank, the burden of proof will rest on the payee to prove that the debit was authorised and not with the payer to prove that it wasn’t! If I report fraudulent transactions to my bank, they will take the matter seriously and put a stop on any further fraudulent payments. The MNOs don’t even offer this minimal level of support. Instead, they ask the consumer to send a message to the fraudster asking them to STOP. To add insult to injury, they are charged for sending this message!

Payforit expects the consumer to negotiate directly with the originator of the charge. What is worse is that, if the recipient of the payment fails to respond, there is no process to follow to resolve the issue. In the absence of a defined process, these uncooperative companies continue to trade for months, until the volume of complaints is such that PSA cannot ignore them.

It is not the role of PSA to adjudicate on individual disputes. However, it could insist on the introduction of a mechanism by which consumers can receive swift refunds when they are defrauded by rogue companies. Much of this could be automated, as it is with other payment mechanisms.

The problem is not that fraud happens. It will happen to some extent with any payment system regardless of the security and authentication measures put in place. Fraudsters are continually refining their methods and finding new ones. Most payment systems respond to attempted fraud by putting effort in to fraud prevention, but this has not happened with the arrangements for charging to a phone bill.

The problem is the lack of any defined process for the consumer to resolve their complaint (within a reasonable timescale) and obtain a refund if one is adjudged to be appropriate. Current arrangements would appear to be in breach of the Consumer Rights Act 2015 as it applies to digital services, in terms of methods and timescales for dealing with consumer complaints, and in terms of the refund process.

Looking at Tribunal Cases in the 2017 calendar year, of 18 cases, no less than 8 related to subscription services priced at £4.50 per week or less. A further 7 related to non-compliance with sanctions. In most of these 7 cases, the initial breach resulted from a similar subscription service. Surely money and time could be saved by subjecting these ‘services’ to a more rigorous regulatory regime.

Fraudulent subscription services are doing untold harm to the reputation of the industry as a whole .

Q2 – Do you have any comments on the proposed budget for 2018/19?

The priorities here seem to be wrong. If these payment mechanisms want to gain consumer trust, the amount spent on regulation will probably need to increase, at least until the industry is ‘cleaned up’.

From the weak and slow actions of the networks and the regulator, one gets the impression that the MNOs and the regulator are quite content to be complicit in fraud.

Resources need to be deployed to investigate these frauds quickly, as soon as the regulator becomes aware of them.  There really is no excuse for fraudulent ‘service providers’ to be allowed to continue plundering consumers’ phone accounts for months before the regulator belatedly acts.

Q3 – Do you have any comments on the proposed levy for 2018/19?

In Appendix A you write:

“Different types of content, goods and services have different consumer satisfaction levels. They operate at different levels of compliance with our Code of Practice, as measured by the consumer queries and complaints we receive, and the monitoring we are able to do”

Would it not be possible to impose different rates of levy on different services, based on the regulatory work they generate? A higher rate of levy on subscription services priced at £4.50 or less, and without a double opt-in, would seem appropriate given the evidently large number of complaints these generate.

Of course, one method of reducing costs would be to require ALL subscription services to have a double opt-in. (This is currently recommended in your guidance, but not mandated). It is clear that your guidance is ignored by some rogue companies which deliberately price their service at £4.50 per week in order to avoid these requirements, knowing that malicious code can then be exploited to obtain ‘consent’ from ‘subscribers’.

It seems unfair that services that create few complaints and are fully compliant with the Code are charged at the same rate as services which continually test the boundaries of the Code and generate significant volumes of work for the regulator.

If the size of the levy is to be reduced, the level of consumer complaints needs to be reduced. Making ‘direct carrier billing’ services ‘opt-in’ rather than ‘opt-out’ would make a massive difference, as many consumers are unaware that third parties can charge their bill in this manner. The GDPR should address this, as companies will need to have explicit and unambiguous consent to pass consumers phone numbers to a third party, whether for charging purposes or not. It will no longer be acceptable to hide this consent in the small print. A requirement that consumers opt-in to the use of PRS services would increase awareness of these services and make consumers more careful when navigating ‘service providers’ web sites.

PSA need to become more effective at collecting the financial penalties they impose. Fined services should be suspended until the fines and administrative charges are paid. An increased rate of collection of these financial penalties would allow a reduction in the levy on compliant services.

Q4 – What is your view on the estimated size of the market for 2018/19?

Direct payments from ‘phone accounts are competing with an increasing number of other payment processes. Consumers are poorly educated about these services and often, as in my case, only become aware of the potential to charge goods and services to a phone bill when they are the victim of a fraudulent transaction. Consumer confidence is the key to growth, but it has been given a low priority. In my view ‘Payforit’ and other direct to bill payment mechanisms will gain a smaller market share of a growing market. Until the industry takes its responsibilities to consumers more seriously, they will choose to pay by other mechanisms wherever possible. If Direct Carrier Billing is to compete seriously for market share, it will need to implement consumer protection measures and refund mechanisms similar to those of its competitors.

Two major Australian MNO’s (Telstra and Optus) have been forced to abandon third party billing for premium rate subscription services after a succession of scams similar to those we have experienced in recent years.  Unless the networks stop aiding and abetting these frauds, public opinion will eventually force a similar result in the UK.

 

Q5 – Do you have any other comments on the Business Plan and Budget 2018/19?

PSA seems to listen to the service providers, but appears out of touch with the concerns of consumers. A consumer panel could help to correct this imbalance. Consultations rarely include any input from consumer organisations.  The lack of a clearly defined disputes resolution process puts consumers at a massive disadvantage. PSA has failed to protect consumers adequately thus far and I have little confidence that this will change.

Reading the https://psauthority.org.uk/for-consumers/solutions-centre page of the PSA website one finds this:

I was charged when I clicked on the X symbol to close the site. What do I do? (false X?)

Answer: There should always be a way to exit the page without making a purchase. In some instances you must interact with the site but you should be able to exit the site. In some circumstances, exiting a site may lead you to an advert for another service. If you do not want to exit in this way, enter a different website address in your browser toolbar.

 

After reading this the consumer comes to the conclusion that ‘anything goes’ in this industry. It doesn’t matter how you trick consumers into clicking on a disguised subscription link. According to you it’s legitimate to disguise the subscribe button as an X (to close a popup!). That is immoral and unethical. I can’t believe that an organisation, supposed to protect consumers, implies, in print, that it thinks this is an acceptable practice.

If the industry is to dispel its ‘Wild West’ image it needs to stop condoning these practices and state, quite simply, that they are fraudulent and wrong. Deceptions of this sort are in conflict with the Code of Conduct.  They destroy consumer confidence. PSA would do well to review its guidance to consumers, to avoid the impression that it condones fraudulent practices. It should be encouraging consumers to complain when they encounter these deceptive practices, and taking action against the perpetrators.

PSA needs to be able to be held to account when they fail to act in a timely manner to prevent consumers being defrauded. It seems that the economic survival of offending companies is always put ahead of consumer protection.

By providing a mechanism for third party payments to be taken from consumer’s telephone accounts, the MNO’s are setting themselves up as payment processors. I therefore believe it is fundamentally wrong for the MNO’s and level 1 providers to be exempted from the requirements of the Payment Services Directive v2 (PSD2). The exemption, however, restricts both the size and type of purchase that can be made via Direct Carrier Billing. If services like Payforit want to be able to handle larger purchases, or be used other than for the purchase of digital content and similar products, they will need to conform to the requirements of PSD2.

In fairness, direct carrier billing services should be subject to the same regulations as the payment services they are competing with. The directive provides additional safeguards to consumers. It reduces their potential losses from fraud, and requires the Service Providers to provide robust, two factor, authentication. The directive also forces Payment Service Providers to provide a proper dispute mechanism. I am disappointed that consumers will be denied the additional protection these safeguards would have afforded them.

Ultimately it is not good enough to say that the MNO’s are just providing a payment mechanism. They are responsible for the design and rules of that payment mechanism, agree to provide it to their customers, and profit from it. It is time that the regulator forced them to take their responsibilities seriously and provide support to customers who have been defrauded.

The suggestion that PSA might look at a system whereby consumers might be refunded automatically when a service provider has been found non-compliant is welcome, but does not go far enough. The current system of handling third party payments is unfair to consumers and needs to be changed.

In the event of a disputed transaction, the burden of proof should lie with the recipient of the funds to prove that the payment was taken lawfully and in compliance with the Code. In the absence of such proof (within a specified period, say 3 weeks) the consumer could and should be automatically refunded. At present, many of these ‘service providers’ fail to engage with consumers, on any meaningful level, leaving the consumer with no redress and no refund.

Another issue is that, even if the service provider accepts that a refund should be made, there is no proper mechanism for that to happen. There is a general principle in commerce (embodied in the Consumer Rights Act 2015) that refunds should go to the account from which the original payment was made.

Refunds for transactions made on a credit or debit card are made back to the same card. If a fraudulent payment occurs on my bank account, the refund is made to my bank account. When a Paypal payment is reversed, the refund will go back to the Paypal account from which it was taken.

Why can’t refunded Payforit charges be returned to the account from which they were taken? Why can the refund not be made by the same method and with the same speed and ease as the transaction which is being reversed? We are told that this is ‘technically impossible’. This just goes to show how anachronistic and poorly regulated this payment system is.

Summary

The industry is at a turning point. If it continues to turn a blind eye to fraud it will lose consumer confidence, and remain a niche payment system. The alternative is to take steps to prevent abuse of the payment system by fraudsters. Direct carrier billing can compete with other payment services, but only if it can match them, not only for convenience, but for security and consumer protection.

 

Paul Muggleton

payforitsucks.co.uk

 

 

 

EE forum post by moog concerning EE mobile portal scams

by moog Established Contributor

Established Contributor
Re: Why is we allowing bounce mobi on their network? It is fraudulent company

This is not the fault of the customer so stop blaming us…. just stop it!

 

The reason why this forum is full of complaints about the following PMConnect services is that their payment pages are not secure and are being hacked:

 

These are the services offered exclusively against EE customers and presumably the ads that push to these pages are paid for and targetted accordingly… only EE customer are victims.

 

Here is the bounce games payment page:

Unsecure non-HTTPS page Unsecure non-HTTPS page

This page is non secured by HTTPS and so is wide open for hackers.

 

Notice the text “Charges added to this EE mobile bill”.  This text is hard coded regardless of what type of connction or device is used… so the page has been designed to be used against EE customers to make payments against  EE accounts… this alone is very worrying.. why only EE.. Why are they not using PayforIt?

 

EE have for over two years denied  having an agreement with this company despite the fact that these service are designated in the PMConnect LTd terms and conditions as Mobile Portal Services” that according to Ofcom can only exist as a  relationship bewteen 3rd party and Network. All the other direct to bill service must use the heavily regulated( via PSA) PayforIt scheme.

 

Now there are two possiblities here:

 

  1. EE are complicit and are using every trick in the book to deflect this issue.
  2. EE are not complicit and are simply not addressing a very serious issue by sheer negligence and bullheadiness on the part of it’s staff.. not our problem.

Regardless of the reason It is clear that EE accounts are being targetted by Malpractice of come sort against this companies insecure payment pages. EE can only be negligent if they do not at least invesigate and protect their customers.

 

 

 

With the demise of Payforit, and a PSA consultation on a new Code of Practice for Phone-paid Services, we have decided to launch the Phone-paid Services Consumer Group (PSCG). You can visit the new website by clicking here. IF you need help, please contact us via the contact link on the new website.
Follow by Email
WordPress Appliance - Powered by TurnKey Linux