Mobile networks are exposing millions of consumers to text scams that allow payments to be taken directly through their phone bills, frequently for services they do not want and have never knowingly signed up for.
Customers say they have discovered charges, sometimes for hundreds of pounds, for companies they have never heard of.
But despite thousands of complaints about unrecognised charges, regulators have allowed a number of third-party companies that have been repeatedly accused of taking payments without consent to continue operating with impunity.
The scams work through so-called direct carrier billing, a system operated by the four major networks – O2, Vodafone, EE and Three – that allows consumers to purchase goods or services on their mobiles at the click of a button without entering any card details.
But The Independent has found evidence that the system is open to abuse, leaving millions of customers unsatisfied and many out of pocket.
To operate direct carrier billing, all of the major networks hand out their customers’ phone numbers to “trusted” third party firms which are allowed to take payments through phone bills. Consenting to the service is part of the networks’ standard terms and conditions when consumers sign up.
To take money in this way, companies have to show the network operator that a person has then provided specific consent to charge for a service.
But thousands have complained they have been charged for services they do not recognise.
How does it work?
Steve White’s experience is typical. He received a text informing him he’d signed up for Bodyin8, which turned out to be a weekly workout plan.
When he text back “stop” to cancel, a pop-up told him he would be charged an undisclosed amount for the message.
“I thought, it must be a scam, and left it,” he says. “It was only when I later checked my Vodafone bill I discovered, to my horror, I’d been charged £36.”
When he contacted Vodafone, he was told its records showed he had signed up for Bodyin8 and that he had to contact Well Fitness Limited, the company behind the service.
After contacting the company by phone and being cut off around 15 times, he got through to someone who told him he could not be refunded the money because he had not cancelled within 14 days.
“They said if I emailed them, they would open an investigation. I’m not going to let this go.”
He has yet to receive any money back.
A representative of Well Fitness said the company operates within the law and always obtains full, valid consent from customers.
However the sector’s regulator, the Phone-Paid Services Authority (PSA), has received at least 364 complaints about the company since the start of the year.
One “trusted provider” that is allowed to take payments via all of the major networks, Tap2Bill, was mentioned as part of an adjudication by the regulator about charges taken without consent in October 2016, but the company was not directly reprimanded.
Yet it was allowed to continue operating without restrictions and has received more than 13,000 complaints since the start of 2016.
These figures are likely to represent only a tiny fraction of the customers who have experienced problems with direct carrier billing overall.
The PSA’s own annual review showed that around a third of the 22.5 million people who used the system in the last year had lost trust in the service.
An estimated £220m was paid for services through phone bills last year and the amount is expected to grow by 26 per cent a year.
None of the four major mobile networks would say how many complaints they have received about the service or how much money they make from it.
Problems look set to continue until regulation is tightened up. To start taking payments through people’s phone bills, all a company needs to do is fill out a form on the PSA website and sign up with a “trusted provider” such as Tap2Bill which is approved by the networks.
When asked about the lack of effective checks and the apparent lack of punishment for companies found to have broken the rules, the PSA said that revoking permission to operate was a very serious sanction that is only taken in the most serious cases.
It also pointed to £3.8m in fines levied last year.
But more than 30 per cent of past fines have not been collected. Many of the companies that owe them go into administration and the PSA has no power to fine the directors in a personal capacity.
The PSA, which is funded by the mobile network operators that profit from direct carrier billing, does not resolve individual complainants’ cases and has no record of how many customers have got their money back. It has no record of how many people who complain are happy with the outcome.
Campaigner Paul Muggleton, of payforitsucks.com, says one Cyprus-based company operates a service that he believes is “blatantly a scam”.
“It’s a £4.50 weekly subscription for an unspecified selection of ‘classic’ e-books, chosen at random,” he says. But most classics are out of copyright meaning electronic versions can be obtained online for free.
Chun Wong, a partner at HJA solicitors says that by handing out phone numbers mobile network operators without explicit consent could be in breach of tough new laws introduced in May.
Under the General Data Protection Regulation (GDPR), consent to provide personal data must be explicit and active, says Ms Wong. Opting in cannot be assumed.
The Independent asked all four major networks how they believed the way they operate direct carrier billing complied with GDPR. Only O2 answered the question directly, saying that it was “necessary for the operation of the service”.
Stopping the current wave of problems with the service would be simple, says Muggleton. All networks would have to do is require companies charging through mobile bills to send potential customers a PIN when they sign up for a new service. The customer would then have to send it back to confirm consent. So far, only EE has implemented this measure.
A spokesperson for Tap2Bill, which is owned by IMI Mobile said the company carries out "comprehensive" due diligence on services which run through its payment platform.
"All services or service formats are approved by the UK mobile operators prior to launch. Merchants who fail to follow guidelines or who are suspected of failing to observe the PSA code of practice or mobile operator rules have their services suspended or terminated.
"Tap2Bill enables millions of billing transactions. Complaint levels by service are closely monitored and can be a prompt to review and or suspend live services."
Join our new commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies