Phone payment scams "worse than mobile malware"

 

Gallery

By Stewart Mitchell

Posted on 15 Aug 2012 at 11:16

Phone scams and dubious practices are more of a threat to phone users than mobile malware, experts have warned, as thousands of complaints are reported by regulators.

PhonepayPlus, which regulates the premium rate industry, said it received 25,600 consumer calls in the year to April 2012, resulting in 8,499 complaints.

Although there's no breakdown of the figures, the complaints often relate to users who have signed up to premium rate services inadvertently or been signed up maliciously to services that charge up to £4.50 per message via the short code payments system.

The first indication there's a problem only surfaces when the bill arrives. "These sort of scams are more of a threat to end users than malware, which gets all the attention," said Gareth Maclachlan, chief operating officer of mobile security company AdaptiveMobile.

One example of how easy it is to incur unjustified mobile charges came earlier this week, when the BBC reported how a flaw at content platform Buongiorno meant anyone visiting the site could enter someone else's phone number, with the phone owner being billed.

We do see at the worse end of the spectrum just bad, scammy behaviour and we don't want these people in the market

The company said the situation didn't impact many accounts, but it's indicative of a wider problem, where apps and websites can hoodwink consumers into signing up for services, or allow others to do so on their behalf.

“You'll get a consumer and something has happened and they've got a high phone bill,” said Shirley Dent, director of communications at PhonepayPlus. “All the consumer knows is there's a high bill and they don't remember engaging with this number or service and don't know how it's happened. They might not even remember they've put their number in somewhere online.”

According to Dent, there are many legitimate services that charge using the short code method, but they need to make it clear what costs are involved.

"We do see at the worse end of the spectrum just bad, scammy behaviour and we don't want these people in the market," she said. "As you go through the spectrum there are companies where the terms explaining charges are there, but they are not clear enough, and then there are times when the terms are there but consumers don't pay enough attention to them."

Code care

With short codes giving direct access to the phone company billing system, Dent said users should be far more careful about where they post mobile numbers.

“Think of your phone number like your bank card pin number – you wouldn't put that in anywhere, but your phone number can give access to your money,” Dent said.

At the heart of the issue is the ease with which user actions - such as updating an app or entering an online competition - can spark a charge.

"What's good about premium rate short codes is that it's frictionless way for people to pay," Dent said. "But because it's frictionless it needs to be clear to consumers about what their actions will cost them.

Reporting confusion

For victims of scams, anxious to understand who is charging them and why, finding the right place to report the issue can be confusing.

Last year, Get Safe Online advised users to report all rogue apps to Action Fraud, which works with the police. However, when we called Action Fraud to ask about the number of reports coming in, we were told that it didn't hold records because it wasn't its department.

“It's not something people should report to us, because while it might be a scam, it's not actually a crime,” a spokesperson said. “It's not really our area. Try the Office of Fair Trading.”

The OFT was equally dismissive, referring consumers to Citizen's Advice.

“Consumers do get passed around between different organisations, and it can be frustrating because they want to stop this being charged to their account,” said Dent, adding that PhonepayPlus was the first reporting point for anything relating to premium rate charges.