The PSA are consulting on new Special conditions for Subscription services. These Special conditions are the inevitable result of the high levels of fraud facilitated by the Payforit payment mechanic. Many “services” have appeared in the past year which appear to be a cynical attempt to exploit the vulnerabilities of this system.
Q1. Do you agree with the PSA’s assessment that the evidence gathered from the research and other information, data and inputs considered support implementation of Special conditions for all subscriptions as an appropriate and proportionate response? If not, please set out your alternative approach and the supporting evidence.
The proposed Special Conditions seem entirely appropriate, given the high level of consumer harm generated by the current regulation. However they fail to address other deficiencies in Direct Carrier Billing(DCB) such as the lack of a formal disputes procedure and the lack of a refund mechanism that meets current consumer legislation and expectations. In their response to the initial consultation, Lateral Corp said
“Rather than just creating confidence, the objective should be positive promotion of DCB as the best and most trusted option for any customer”.
A laudable aim which these Special conditions will fail to achieve. There is an opportunity here for DCB to really clean up it’s act and put in place the mechanisms that consumers expect of a 21st century payment service.
Lateral Corp go on to list (on page ) what it sees as the advantages of DCB. I’m not going to query all of them, although it would be easy to do so, but this “advatage” is just plain ridiculous:
Fully refundable transaction:
Carrier Billing is a commercial anomaly. Generally,other payment methods prohibit or seriously limit refunds. Carrier Billing offers full refunds to customers on request, regardless of the reasons for the request.
One of the biggest issues for consumers is the difficulty of obtaining a refund even when it is clear that there was no consent to charge for the “service”and the “service” has not been used. If there was one change which would make a difference to the consumer perception of Payforit, it would be a refunds system that worked as simply as Lateral Corp seem to believe it does now.
A system which users can opt-in to, and which puts the MSISDN passthrough behind an account login would be an improvement. If consumers could then access their account to get a real time view of tranactions and to cancel subscriptions that would have the potential to be a “game changer”. A disputes mechanism could also be built in to the system allowing consumers to dispute transactions and receive a refund back to their phone account if the dispute was resolved in their favour.
Lateral Corp say” DCB represents the payment method with potentially the highest protection to customers, in comparison to credit card-based systems”. Potential is the operative word here! As currently implemented, Payforit is insecure and allows numerous fraudulent services to operate with impunity.
The Empello submission makes these points in relation to PIN flow:
- Recent data presented by Empello at the Global Carrier Billing conference shows that PIN does not necessarily prevent Payments Fraud, as App Malware has now evolved to automatically read and submit PINs without any user interaction.
- The internal security of PIN systems is questionable given recent cases in one European country where it was shown that there have been multiple security breaches
I don’t accept the argument that, because a measure may not be 100% effective, it is a reason not to employ it. However Phone-paid Services have been a vehicle of choice for fraudsters for many years. Many of the “services” currently on offer are a cynical attempt to exploit the current vulnerabilities of the system. The proposed Special conditions will defeat most of the exploits currently being used, but there is no doubt that attempts will be made to circumvent these measures. The industry needs to take fraud prevention much more seriously.
There is a danger that as has happened before, these Special conditions are “too little and too late”.
In its response to the initial consultation, Lateral sought to minimise the incidence of fraud in DCB transactions by saying:
If the Carrier Billing industry thinks it has a fraud problem, we should be aware that it is miniscule compared to other types of on-line fraud, which amounts to 1.5 trillion dollars each year.
However the transaction value handled by Carrier Billing is also miniscule. If the credit card industry had a percentage of fraudulent transactions equal to that of Direct Carrier Billing, the losses would be horrendous and unsustainable, especially, as unlike DCB, the credit card companies can’t force consumers to bear the costs of their negligence in failing to actively address issues of fraud.
Q2. Do you agree with our proposed approach that the proposed Special conditions be applied to all phone-paid subscription services to create clarity and certainty for providers of subscription services, with any additional requirements under other Special conditions not being replicated in the proposed conditions?
Yes, I can see no benefit in complicating matters by exempting any services from the proposed Special Conditions. The most important issue though, is that of enforcement. Current rules are not being rigorously enforced. Can we have confidence that these Special conditions will be robustly applied?
Q3. Do you agree that the research and other information, data and inputs we considered support action on each of the identified issues outlined in this document? If not, please provide supporting evidence?
No, your proposed actions still fail to address some of the issues, such as the difficulty consumers have in making a complaint and getting redress. If the intention is to “clean up” this sector of PRS, consideration should have been given to complaints procedures and refund mechanisms. Consumers should be able to opt out of having their numbers passed to third parties via the Payforit API, or better still have to opt-in to it.
Q4. Do you agree with our analysis using the risk taxonomy (outlined from paragraph 249 of this document) that Special conditions represent a proportionate regulatory response to the risk of harm posed by phone-paid subscription services? If not, please provide supporting evidence.
I really don’t see how, given the level of complaints and consumer harm, you could do any less! These measures are the very minimum that are required to reduce very high levels of consumer harm. Restoring consumer confidence will require a great deal more!
Q5. Are there any other issues not addressed through our proposed response that you consider warrant regulatory action in light of the research and other information, data and inputs considered? If yes, please provide supporting evidence.
Having identified “Post-purchase experience and complaint handling” as an area to consider, no proposals have been made to deal with the high levels of consumer dissatisfaction.
If Direct Carrier Billing is to compete with other modern payment methods there are issues other than consent to charge which need to be considered. Other payment methods have clear, published disputes mechanisms which actually work. Much of the consumer dissatisfaction with Payforit stems from the difficulty they experience in resolving disputes. If nothing is done to correct this, no amount of fraud prevention will restore trust.
In the consultation the PSA say:
188.Section 2.6 of the Code sets out the requirements for Level 2 providers in relation to complaint handling. The Code outcome that relates to this is that consumers can have complaints resolved quickly and easily by the Level 2 provider responsible for the service and that any redress is also provided quickly and easily. The Code also requires that Level 2 providers must provide an appropriate and effective complaints process which is free or low cost.
There is a serious problem here, not with the code, but with the enforcement thereof. In the past year, numerous consumers have been forced to resort to the Small Claims procedure, because of the lack of a “appropriate and effective complaints procedure that is free or low cost”. Other consumers have been forced to accept losses because the company which has taken their money is based overseas and is impossible to hold to account. The MNO’s are supposed to help in this respect but invariably fail to do so.
PSA are well aware that service providers are failing to meet this obligation under the Code, but seem reluctant to take any action to ensure that consumers are treated fairly when they complain.
The difficulty of obtaining redress for consumers who have had money taken by a Payforit subscription service is one of the principal drivers of consumer dissatisfaction. High levels of fraud are a cause for consumer concern, but the acquiescence of the networks and the regulator to these high levels of fraud is a cause for consumer anger and distrust! A statement that PSA will in future robustly enforce this aspect of the code, followed up by such robust enforcement would help restore consumer confidence. Maybe the Special condition could require that the company’s complaint procedure be published on it’s website. MNO’s should be made to accept their responsibility for dispute resolution under the Payforit rules. The rules do currently give them the role of investigating and deciding disputes, but these responsibilities are being shirked.
If they are not willing to meet their obligations as regards dispute resolution, a compulsory ADR scheme should be introduced.
Similarly, the lack of a refund mechanism is likely to detract from attractiveness of carrier billing. I note that this is being considered as a separate issue, but the inability to refund directly and speedily to the consumer’s phone account is another area where Carrier billing lags way behind other payment mechanisms.
As a consumer, I like to know that the payment mechanism I am using has safeguards in the event that something goes wrong.
MNO’s should be required to provide a bar that blocks charges from these services. Some networks still fail to allow this. It is a legal requirement in many parts of Europe, but not in the UK.
Indeed the EU regulations contain a requirement for
“Selective barring for outgoing calls or Premium SMS or MMS or where technically feasible, other kinds of similar applications, free of charge”
Clearly, as some networks are able to apply charge to bill bars and spending caps that do apply to DCB charges, it is technically feasible.
It should also be made possible to stop future recurring charges even in the event that it is not possible to contact the service provider. Consumers often draw an unfavourable comparison between Payforit and Direct Debit or Continuous Credit Card Authorities in this respect. They expect to be able to stop future payments by contacting the payment processor (their network).
The leaking of MSISDN’s via the Payforit API (MSISDN Pass-through) is unnecessary and has caused much consumer harm. It is possibly a breach of GDPR. Although the proposed Special conditions will provide additional safeguards, I still believe it to be wrong in principle to be leaking consumers MSISDNs in this way without their explicit consent. Consumers are often unaware that this happens. Consumers should be made aware of it and be allowed to opt-in or opt-out as they wish. This would make the processing indisputably lawful. Consumers opting out wouldn’t be prevented from signing up to subscription services, but would experience additional “friction” as Payforit would revert to the WiFi path requiring them to manually enter their MSISDN. I agree that the STOP mechanism generally works well. However, I believe that the STOP text should be free. A problem sometimes arises with some consumers of PAYG networks. These consumers buy a monthly bundle of texts, calls and data. They operate their accounts with no airtime credit.
When they find themselves signed up to a subscription service (whether inadvertently or as the result of fraud), they are unable to send the STOP text as they lack the credit to do so. If they do add airtime credit, the charge for the unwanted subscription will be taken. This situation is unsatisfactory and could be avoided by making texts to STOP subscription services free. Other consumers are reluctant to send the STOP text because their phone warns them that it is chargeable. Consumers often confuse the subscription charge of £4.50 or £3 with the much lower charge for the STOP text.
Q6. Do you have any views or evidence on the use and effectiveness of free trial periods of varying durations to support the PSA in considering what might be appropriate in the context of phone-paid subscription services.
One of the problems PSA face is that there are a number of companies which will seek to stretch any rules to their limit with a view to defrauding consumers. As long as PSA continue to turn a blind eye to these practices, they will continue. This is likely to be an issue with any rules around free trial periods. Any rules should perhaps be reviewed after 12 months, so that any abuses can be identified and eliminated.
Free Trial periods can be effective in allowing new services to demonstrate their value to consumers. It is a common feature of subscription services and needs to be allowed under the rules.
However, there do need to be safeguards
Payment details should be taken using a double opt-in procedure at the time the free trial period starts (this tends to be the norm for other payment mechanisms) . This makes it obvious to the consumer that, at the end of the free trial period, the service will become chargeable.
The subscription should end at the end of the free trial period unless the consumer has extended it by going through a double opt-in procedure
Free trial periods should be able to be terminated by using a STOP text. Free trial periods should not be so short that it is impossible to cancel if, for some reason the STOP text can’t be sent. 24 hour free trial periods can be problematic in this respect. This is a particular issue where helplines are not manned at weekends.
Q7. Do you have any additional comments?
Fraud prevention has been a very low priority for far too long. If the opportunity is not taken for the industry to clean up its act, other payment mechanisms are likely to take the largest share of any growth. Consumers who have been defrauded by one of the rogue operators are going to take a lot of convincing to use this payment mechanism Those who believe that Carrier Billing and Payforit don’t have an image problem need only do a search for “Payforit” on one of the networks customer forums to see the uphill struggle they will have to regain consumer confidence.
If/when the new Special conditions take effect, consideration will need to be given to subscriptions already in force. It is not unusual for consumers to discover they have been paying for a weekly subscription for a period of 2 years or more. The Payforit 120Day rule doesn’t seem to be having the effect that it should, probably because it is only being enforced retrospectively. If action isn’t taken to reconfirm existing subscriptions, either by confirming that the subscriber is regularly interacting with the service, or by asking the subscriber to confirm that the service is still required, it is likely that complaints will continue for months, if not years, after the introduction of the new regime.