Gambling sites accept payment by SMS, plus theyāre big targets for laundering, so I would have thought this risk is quite high
1 Like
It 100% would be, although we donāt allow premium SMSā¦
1 Like
But this has already been a risk with all the existing networks - you can spam premium-rate calls & texts all day long and theyāll just be added to the next billā¦ and yet it doesnāt seem to be something attackers bother to exploit.
Phones are stolen for 2 reasons: 1) the phone itself, by a low-skill attacker who only wants to resell the hardware for a profit and 2) the data, by high-skill attackers in a targeted attack.
In the first case, the attacker isnāt advanced enough to be able to set up a premium rate number (in a untraceable way) they can profit off by calling it from stolen phones.
In the second case, the attacker is more than advanced enough to have access to more profitable money-making schemes than stealing physical devices to spam a premium-rate number.
It just smells like paranoia and nothing more than security theatre which actually makes the situation worse for everyone as it teaches non-technical people that it is actual security (Iām tired of seeing people trusting on-device fingerprint or passcode security when the device is completely taken over by malware displaying ads on the lock screen and notifications).
Not to mention thereās the same issue as Monzoās Touch ID - whatās the onboarding/recovery flow? You have to assume the device would also have access to the email account, so the email āmagic linkā login flow wouldnāt work otherwise they can just delete & reinstall the app to bypass the security.
4 Likes
I read somewhere that pickpockets were targeting tourists in Spain and calling their own premium rate number, I guess people who live somewhere else wouldnāt know how/bother reporting the number of their ofcom equivalent.
Maybe use a card that lets you set monthly limits, like Revolut. Then a fraudster could only top up to the card limit.
Zevvle has a limit of one auto topup per day. This kind of fraud is why Iād be keen to have a weekly or monthly limit on the number of topups automatically done.
Not sure if premium rate numbers are blocked, however harder to do so for international numbers, especially whilst roaming.
The thieves will target tourists as locals would report the issues, and harder for tourists to claim back.
Since the article was written most of the operators now have a roughly Ā£40 limit for roaming spend per billing month.
1 Like
Also this from last year (Ā£2,763) and this from July(!) for Ā£8,300. Same network, same placeā¦ 
And for the record, we disable premium numbers so this canāt happen.
Do you think a limit on the # of top-ups or Ā£ spent would be better? Also, is there a reason youād prefer weekly vs monthly (or vice versa)? 
2 Likes
International numbers arenāt profitable in terms of scams. Most of the profits would go to the originating carrier (since they inflate the prices of international calls so much) and a tiny bit goes to the destination carrier - not viable for scams so not a risk here.
I thought you did, but couldnāt find a statement I could quote in my very brief search.
Number is slightly simpler, as it can be based on nice round numbers. The down side of Ā£ spent, is when the limit is not an exact multiple of the top-up amounts? Will that final auto-top-up per period cause a smaller top-up from the normal amount. e.g. auto-top-up is Ā£10, and the period limit is Ā£25, what happens on the third auto-top-up?
Are the monthly top-ups included?
I can see different people budgeting differently and choosing different ones. Say I have a Ā£10 weekly maximum. That give Ā£520 annual maximum, however a Ā£20 monthly maximum give Ā£240 annual maximum, so less damage if it runs away repeatedly. Monthly also provides more flexibility of weekly spikes in usage that I have.
I could even foresee having both a weekly and a monthly, e.g. Ā£20 weekly, and Ā£40 monthly (both including the monthly top-up). Either way having a manual way to also top-up above the auto-top-up limits.
1 Like
Good questions! We havenāt worked out the details yet, but my initial hunch is that on that third auto top-up, itād be reduced to Ā£5, and that monthly top-ups arenāt includedā¦
We do need some better ābudgetingā tools, e.g. if you want to use a maximum of Ā£10/month with only a single top-up, keeping you on track throughout the month with notifications or something.
Do you want notifications for those spikes? Weād need to tune the thresholds, but perhaps something like 50% above average in a day/weekā¦
Thatās an interesting idea. Could have the percentage of the month currently gone vs the amount. Thinking like the Monzo chart about usage of whether you are in the month vs how much youāve used so far, or your typical usage. Giffgaff had similar usage graphs.
It would be useful to have notifications of unusually high usage. However with my usage being very spiky (commute day 500MB, work from home less than 1MB, other days somewhere in between), Iām yet to come up with a formula that works well in semi-real time.
3 Likes
The easy (and perhaps best) solution would be setting your own thresholdā¦ our own high-usage formula would no doubt get it wrong for some people.
1 Like
Iād be keen for multiple thresholds, daily, weekly, and monthly.
The monthly would be less than 4 X weekly and weekly would be less than 7 X daily, thus allowing spiky usage.
A fix has been implemented for one of my causes of high usage. Be a month or so before itās on production.
2 Likes
Using the past few months of usage to predict your future balance and when your balance will likely run out.
Could also provide an estimated monthly amount to set for the top-up after a few months.
2 Likes
Iām living that I can easily use an Amex card to top-up online; I donāt know of any other network that has this?
Iāve been having to input vouchers either bought from Boots or Poundland in the past (o2) to pay via Amex, which was a small annoyance.
1 Like
O2 will let me add a credit using AmEx but is that considered paying off a loan as my SIMO is a postpaid unsecured loan in essence?
I was on payg with o2 as it weirdly worked out cheaper than a contract!?
Attempting to pay via an Amex would not work at all. O2 couldnāt answer why or if they supported Amex at all which was pretty poor so I found the voucher top-up route on my own.
You need to add it from the card section, they do accept it.
If you need to find out who accepts AmEx thereās a website for it here
Oh well, too late now. 
Seriously though, I couldnāt ever get it to work?
To be fair though itās really inconvenient to pay by AmEx in this case as obviously your bill is due on a certain day
You canāt have your direct debit as a fallback - if @nick ever does postpaid I would really appreciate if they did this or took by card and tried direct debit afterwards
2 Likes