Feeds

back to article Watchdog hits out at malware racking up premium-rate charges

The premium rate phone regulator says it might disregard evidence of consumer consent from paid-for mobile applications if those apps turn out to contain malicious code. Under PhonepayPlus' Code of Practice, premium-rate service (PRS) providers are prohibited from charging without consumers' consent. Certain PRS providers must …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Malware and New Mobile Phone Payment systems

What could possibly go wrong?

0
0
Anonymous Coward

PhonePayPlus

The most idiotic and least informative name since BT Cellnet became O2.

3
0
Bronze badge

A name to distrust

And it's good to be sceptical in this field. So, I like it. If they could get the word "rape" in there somewhere it would be even more suitably scary, but offputting I suppose. But "Pay" and "Plus" already are quite scary, in the context.

I just read about a guy who got drunk on a visit to Poland and had his phone not stolen. Unfuortunately. Stolen would have been so much better for him, read here:

http://www.bbc.co.uk/newsbeat/17188133

0
0
Silver badge
FAIL

Telco Opt-Out

It should be possible to opt out of all premium-rate stuff on a mobile phone by some hard-to-hack means (lest the malware know how to do it from the phone) at telco level so they know to block the stuff and not bill you for it.

1
0
Thumb Up

Re: Telco Opt-Out

Oh my, you can't do this in Blighty? I guess credit where credit's due. I have a phone for the kids with Vodafone in Oz. It's PAYG with credit lasting 365 days. ALL mobile data, premium rate services, international calls, i.e. everything but local calls and local texts are disabled by Vodafone, it's nothing to do with the phone. I had to explicitly request this, but it is available and means that a single $30 recharge lasts about a year.

0
0
Silver badge

indeed

I.E. by logging into your online telco portal and clicking "nothing outside my free stuff ta" but that wont make the telco any money though.

0
0

Can't we just put all 09 numbers on a fire and forget the whole sorry premium rate fuck up ever existed?

4
1

Room 101

0
0
Alert

WHAT!?!

But, but.. what will Simon do then!?!

2
0

I agree 100%. It is wholly irrational for anyone, under any circumstance, to be able to charge your phone bill for tens or hundreds of pounds. There should be a low cap for one-off charges (a fiver?) and an even lower cap for these scams where your phone gets charged repeatedly for rubbish like ring-tones, wallpaper or horoscopes*.

* For the avoidance of doubt, I haven't been robbed for these things, but my son was unfortunately sufficiently naive to be caught out. Until, having put a tenner on his PAYG account I told him to check it *15*minutes*later* and found that three (!) £2.50 charges had been taken immediately. I phoned the network and told them they could refund the money or give me a PAC code.

1
1
Silver badge

There is a simple way to stop this

1) All networks should be required to disable international phone and text messages which go to premium rate numbers on a country or region by region basis (i.e. I can enable calls to US premium rate numbers without suddenly enabling calls to Burkino Faso premium rate).

2) Users must explicitly to opt-in to enable these services (obviously not through automated means via the phone).

3) All domestic premium rate providers should be required to deposit a lump sum of cash in escrow, e.g. £10,000 which if necessary can be used to compensate users who complain and should be forfeit for gross violations of the code.

4) Network providers should insist that all smart phones regardless of operating system explicitly intervene and ask for permission whenever any 3rd party application installed by the user attempts to access SMS or Phone services. The user should be able override this from a setting on a per application basis, but the default behaviour is to ask.

In other words practice security by default. A user can override the defaults if they must but the attack surface is so much less to begin with.

4
0
Boffin

Re: There is a simple way to stop this

I think you are missing the point here.

Everybody makes money out of this... so where is the harm?

Oops sorry everybody except the poor sucker that has to pay. Now if the telco's had to pay I think you would find security a lot tighter.

1
1
Bronze badge

Re: There is a simple way to stop this

I applaud your intent - but it's never going to work. It relies on the mobile phone companies knowing about all the premium rate numbers both in the UK and oversees.

In the UK, the number plan (whilst not perfect) is fairly easy to understand. (01 & 02 landlines, 07 mobiles (et al), 03 & 08 non-geographic, 09 premium) Other countries number plans are less easy to understand: Brazil is one country that springs to mind for having a hiddeous dial plan.

At my work, I've had to tell our telco when a new international destination needed adding to their network routing tables. Or when they charge the wrong amount for a call 'cause they have the wrong charge band for it (mobile Vs landline, for example).

If there was a global list of these premium rate dialing codes, it *might* just stand a chance, but that would require a lot of international co-operation.

0
0
Anonymous Coward

Re: Re: There is a simple way to stop this

I have heard of premium rate numbers beginning 07.

0
0
Bronze badge
Alert

Re: There is a simple way to stop this

"It relies on the mobile phone companies knowing about all the premium rate numbers both in the UK and oversees"

The phone companies profit from the scams. Figuring out the numbers should be entirely their problem. As someone else said here, if they have to pay, security will suddenly, magically get better.

0
0
Mushroom

wow

What was that over there?

Aaaaaa its too bright

Wait....wait...what does that spell?

ok i can see it now.

It spells Obvious

0
0
Bronze badge

There is another simple way to stop this

Give every consumer the right to unilaterally repudiate specific premium charges on his bill. His telco refunds the amounts on the next bill and unilaterally reclaims its costs (including the extra costs of handling this) from the next one, and so on down the line until the premium rate provider reclaims its costs from the scammer^W business that makes the money. If that business has done a runner, tough luck for the premium rate provider, and so on: last one still available in the chain bears all the costs. A win for society: the premium rate business will be doomed.

1
0
Silver badge

Re: There is another simple way to stop this

Legally putting the burden for fraud on the telcos would make them hop to it double fast. Like you say they'd either have to swallow the costs of the fraud or recoup them from another telecoms provider. In no time they'd get their house in order and would start withholding money from known "problem" providers to cover for any claims that could be expected to arise.

1
0
Bronze badge

Re: Re: There is another simple way to stop this

But it would also require the regular to grow some balls....

2
0
Anonymous Coward

Re: Re: There is another simple way to stop this

Putting the burden on the telcos would cause price rises across the board, to pay for insurance/lawyers and because they can.

0
1
Bronze badge
Alert

Re: There is another simple way to stop this

...or it would put the premium rate business out of business, which would hardly be a great loss to society.

0
0

Premium Rate Fraud-how it works

1/ Ofcom/Networks allocate the short codes/premium rate numbers to the Premium Rate Industry.

2/ Premium Rate Industry think up ways of making our phones ring the premium rate numbers or receive the premium rate message.

3/ Our Network bills us, pockets 50% of the money and passes the rest on to the Premium Rate Industry. They also pass on all the blame for the 'fraud' and the complaining customer.

We have been here before and learnt nothing. The rogue dialer is dead, long live the rogue dialer.

1
0

"Spot the Most Weasel Words Competition", Number 127832

May I please submit this entry:

'When proposing the draft guidance in September last year, PhonepayPlus chief executive Paul Whiteing said that the regulator would "not hesitate to use [its] robust sanctioning powers to drive out rogue providers who could damage a vital part of the UK’s growing and innovative digital and creative economies".'

Bonus words are: Guidance, Might Disregard, Code of Practice, Should Not be Necessary, Easy to Understand for the Reader, Strongly Recommended,

How about a responsible person capable of using simple words like "DO" and "DO NOT" instead of waffle, please.

1
0
This topic is closed for new posts.