Mobile companies may jeopardise the future of mobile banking

Shahin Shojai, director, strategic research and Sherri Khan, associate, Capco, reveal some scams that cellular service providers trigger by sharing customer data.

It has always been of interest to see how easily mobile phone companies evade any kind of responsibility for their customers being targeted by fraudulent organisations.

We are sure that most readers have either experienced or know someone who has been victimised by mobile fraudsters. And, the range of the types of attacks they face is as varied as the number of countries where mobile networks are available.

The most common attack is the 'ringtone' scams through which companies offer 'free ringtones' on websites in return for people submitting their phone number. Unaware mobile users then receive a text message asking them to choose one of various ringtones, but the text fails to advise them that as a consequence of requesting and receiving the 'free ringtone,' they will be signing up to receive three ringtones a week costing £1.50 each, a service which is extremely difficult and sometimes impossible to opt out of.

Crueller scams play on natural human instinct and curiosity, such as the scam that has received a lot of attention in Japan, known as 'wangiri,' which means 'one ring and cut.' The scam uses a computer to dial mobile phone numbers at random and hangs up after one ring, leaving a number stored as a 'missed call' on the receiving party's phone. If the person returns the call, and in most cases they do, they are charged premium rates for the call.

There are also similar SMS scams, which involve texting random mobile phone numbers pretending to be secret admirers or long lost friends, using ambiguous and often flattering messages designed to be irresistible. In these cases mobile users are charged ridiculous rates for replying to the message as well as receiving texts back. Similar tactics have been used to announce non-existent prizes.

Earlier this year, a plague of fraudulent banking text messages broke out in China. This scam was on a very large scale and Beijing Security Bureau received reports of 1,265 cases.

In this case messages were sent to handsets claiming to be from their bank, telling users that a certain amount of their money had been spent in shopping malls along with a phone number to call for inquiries. Their calls were then answered by fraudsters posing as bank officials who deceived many people successfully by asking for their bank details and passwords, and caused individual losses of up to $38,000.

But, the question is how can mobile companies negate any kind of responsibility towards the victims. It has always been a mystery to us as to why fraudulent transactions on the mobile networks need to be paid for and almost impossible to question. For example, if one is incorrectly charged on a credit card it is almost always possible to question, and where fraud is involved, definitely possible to avoid payment.

How is it that such a service is not available to mobile phone users? Do the mobile companies immediately pay these fraudsters when a transaction is charged for on the mobile network? We would be extremely surprised if that was in deed the case.

There must certainly be a period between when a transaction has been consummated and the mobile company paying the provider for the service. So, how is it that they act as if the cash to the provider was dispensed instantaneously? Could it be that the share of profits for the mobile companies from such fraudulent activities outweighs the benefit of maintaining happy clients?

No matter what the logic behind such totally illogical behaviour, the fact that mobile phone companies negate any kind of responsibility and pass on the entire risk of the transaction onto the client without providing any kind of barriers for protection could jeopardize the potential growth of mobile payments in the future. How comfortable would individuals be in making payments to providers using their mobiles when we now hear that you can even be charged for receiving SMS messages?

Of course, it is close to impossible to stop fraudsters when they can basically send you messages and charge you, and the only response you get from your mobile provider is "there is nothing we can do." And, the efforts by some of the regulators, such as, the UK's Independent Committee for the Supervision of Standards of the Telephone Information Services (ICSTIS), which is the industry-funded regulatory body for all premium rate charged telecommunications services, are simply not enough to fully protect the consumers.

The potential for mobile payments is huge. And, everyday we hear of yet another development in this space. But, this potential will be hard to realise if individuals become concerned about the protection they receive against fraudsters. We are all familiar with phishing on the internet. And, few can deny that this activity has hurt online banking. Many people have been victimised by phishers asking for their banking details and many have lost money. Those people and their close associates have been very weary about banking online.

But, the potential for victimisation on the mobile network would dwarf the risks faced in online banking fraud. There are two reasons for this. Firstly, most people are now aware that they need to be more careful about divulging their private banking details online. Secondly, and perhaps more importantly, it is almost impossible to defend against being charged when receiving messages. Just imagine that depositors could be charged for every email they received from spammers.

That is the world that the mobile companies have created and until they provide ways for customers to defend themselves from this type of fraud they are putting the future of mobile banking at risk.