Malware and New Mobile Phone Payment systems
What could possibly go wrong?
The premium rate phone regulator says it might disregard evidence of consumer consent from paid-for mobile applications if those apps turn out to contain malicious code. Under PhonepayPlus' Code of Practice, premium-rate service (PRS) providers are prohibited from charging without consumers' consent. Certain PRS providers must …
What could possibly go wrong?
The most idiotic and least informative name since BT Cellnet became O2.
And it's good to be sceptical in this field. So, I like it. If they could get the word "rape" in there somewhere it would be even more suitably scary, but offputting I suppose. But "Pay" and "Plus" already are quite scary, in the context.
I just read about a guy who got drunk on a visit to Poland and had his phone not stolen. Unfuortunately. Stolen would have been so much better for him, read here:
It should be possible to opt out of all premium-rate stuff on a mobile phone by some hard-to-hack means (lest the malware know how to do it from the phone) at telco level so they know to block the stuff and not bill you for it.
Oh my, you can't do this in Blighty? I guess credit where credit's due. I have a phone for the kids with Vodafone in Oz. It's PAYG with credit lasting 365 days. ALL mobile data, premium rate services, international calls, i.e. everything but local calls and local texts are disabled by Vodafone, it's nothing to do with the phone. I had to explicitly request this, but it is available and means that a single $30 recharge lasts about a year.
I.E. by logging into your online telco portal and clicking "nothing outside my free stuff ta" but that wont make the telco any money though.
Can't we just put all 09 numbers on a fire and forget the whole sorry premium rate fuck up ever existed?
But, but.. what will Simon do then!?!
I agree 100%. It is wholly irrational for anyone, under any circumstance, to be able to charge your phone bill for tens or hundreds of pounds. There should be a low cap for one-off charges (a fiver?) and an even lower cap for these scams where your phone gets charged repeatedly for rubbish like ring-tones, wallpaper or horoscopes*.
* For the avoidance of doubt, I haven't been robbed for these things, but my son was unfortunately sufficiently naive to be caught out. Until, having put a tenner on his PAYG account I told him to check it *15*minutes*later* and found that three (!) £2.50 charges had been taken immediately. I phoned the network and told them they could refund the money or give me a PAC code.
1) All networks should be required to disable international phone and text messages which go to premium rate numbers on a country or region by region basis (i.e. I can enable calls to US premium rate numbers without suddenly enabling calls to Burkino Faso premium rate).
2) Users must explicitly to opt-in to enable these services (obviously not through automated means via the phone).
3) All domestic premium rate providers should be required to deposit a lump sum of cash in escrow, e.g. £10,000 which if necessary can be used to compensate users who complain and should be forfeit for gross violations of the code.
4) Network providers should insist that all smart phones regardless of operating system explicitly intervene and ask for permission whenever any 3rd party application installed by the user attempts to access SMS or Phone services. The user should be able override this from a setting on a per application basis, but the default behaviour is to ask.
In other words practice security by default. A user can override the defaults if they must but the attack surface is so much less to begin with.
I think you are missing the point here.
Everybody makes money out of this... so where is the harm?
Oops sorry everybody except the poor sucker that has to pay. Now if the telco's had to pay I think you would find security a lot tighter.
I applaud your intent - but it's never going to work. It relies on the mobile phone companies knowing about all the premium rate numbers both in the UK and oversees.
In the UK, the number plan (whilst not perfect) is fairly easy to understand. (01 & 02 landlines, 07 mobiles (et al), 03 & 08 non-geographic, 09 premium) Other countries number plans are less easy to understand: Brazil is one country that springs to mind for having a hiddeous dial plan.
At my work, I've had to tell our telco when a new international destination needed adding to their network routing tables. Or when they charge the wrong amount for a call 'cause they have the wrong charge band for it (mobile Vs landline, for example).
If there was a global list of these premium rate dialing codes, it *might* just stand a chance, but that would require a lot of international co-operation.
I have heard of premium rate numbers beginning 07.
What was that over there?
Aaaaaa its too bright
Wait....wait...what does that spell?
ok i can see it now.
It spells Obvious
Legally putting the burden for fraud on the telcos would make them hop to it double fast. Like you say they'd either have to swallow the costs of the fraud or recoup them from another telecoms provider. In no time they'd get their house in order and would start withholding money from known "problem" providers to cover for any claims that could be expected to arise.
But it would also require the regular to grow some balls....
Putting the burden on the telcos would cause price rises across the board, to pay for insurance/lawyers and because they can.
1/ Ofcom/Networks allocate the short codes/premium rate numbers to the Premium Rate Industry.
2/ Premium Rate Industry think up ways of making our phones ring the premium rate numbers or receive the premium rate message.
3/ Our Network bills us, pockets 50% of the money and passes the rest on to the Premium Rate Industry. They also pass on all the blame for the 'fraud' and the complaining customer.
We have been here before and learnt nothing. The rogue dialer is dead, long live the rogue dialer.
May I please submit this entry:
'When proposing the draft guidance in September last year, PhonepayPlus chief executive Paul Whiteing said that the regulator would "not hesitate to use [its] robust sanctioning powers to drive out rogue providers who could damage a vital part of the UK’s growing and innovative digital and creative economies".'
Bonus words are: Guidance, Might Disregard, Code of Practice, Should Not be Necessary, Easy to Understand for the Reader, Strongly Recommended,
How about a responsible person capable of using simple words like "DO" and "DO NOT" instead of waffle, please.
Biting the hand that feeds IT © 1998–2017