Payment Methods

Gambling sites accept payment by SMS, plus theyā€™re big targets for laundering, so I would have thought this risk is quite high

1 Like

It 100% would be, although we donā€™t allow premium SMSā€¦

1 Like

But this has already been a risk with all the existing networks - you can spam premium-rate calls & texts all day long and theyā€™ll just be added to the next billā€¦ and yet it doesnā€™t seem to be something attackers bother to exploit.

Phones are stolen for 2 reasons: 1) the phone itself, by a low-skill attacker who only wants to resell the hardware for a profit and 2) the data, by high-skill attackers in a targeted attack.

In the first case, the attacker isnā€™t advanced enough to be able to set up a premium rate number (in a untraceable way) they can profit off by calling it from stolen phones.

In the second case, the attacker is more than advanced enough to have access to more profitable money-making schemes than stealing physical devices to spam a premium-rate number.

It just smells like paranoia and nothing more than security theatre which actually makes the situation worse for everyone as it teaches non-technical people that it is actual security (Iā€™m tired of seeing people trusting on-device fingerprint or passcode security when the device is completely taken over by malware displaying ads on the lock screen and notifications).

Not to mention thereā€™s the same issue as Monzoā€™s Touch ID - whatā€™s the onboarding/recovery flow? You have to assume the device would also have access to the email account, so the email ā€œmagic linkā€ login flow wouldnā€™t work otherwise they can just delete & reinstall the app to bypass the security.

4 Likes

I read somewhere that pickpockets were targeting tourists in Spain and calling their own premium rate number, I guess people who live somewhere else wouldnā€™t know how/bother reporting the number of their ofcom equivalent.

Maybe use a card that lets you set monthly limits, like Revolut. Then a fraudster could only top up to the card limit.

Zevvle has a limit of one auto topup per day. This kind of fraud is why Iā€™d be keen to have a weekly or monthly limit on the number of topups automatically done.

Not sure if premium rate numbers are blocked, however harder to do so for international numbers, especially whilst roaming.

The thieves will target tourists as locals would report the issues, and harder for tourists to claim back.

Since the article was written most of the operators now have a roughly Ā£40 limit for roaming spend per billing month.

1 Like

Also this from last year (Ā£2,763) and this from July(!) for Ā£8,300. Same network, same placeā€¦ :grimacing:

And for the record, we disable premium numbers so this canā€™t happen.

Do you think a limit on the # of top-ups or Ā£ spent would be better? Also, is there a reason youā€™d prefer weekly vs monthly (or vice versa)? :slight_smile:

2 Likes

International numbers arenā€™t profitable in terms of scams. Most of the profits would go to the originating carrier (since they inflate the prices of international calls so much) and a tiny bit goes to the destination carrier - not viable for scams so not a risk here.

I thought you did, but couldnā€™t find a statement I could quote in my very brief search.

Number is slightly simpler, as it can be based on nice round numbers. The down side of Ā£ spent, is when the limit is not an exact multiple of the top-up amounts? Will that final auto-top-up per period cause a smaller top-up from the normal amount. e.g. auto-top-up is Ā£10, and the period limit is Ā£25, what happens on the third auto-top-up?

Are the monthly top-ups included?

I can see different people budgeting differently and choosing different ones. Say I have a Ā£10 weekly maximum. That give Ā£520 annual maximum, however a Ā£20 monthly maximum give Ā£240 annual maximum, so less damage if it runs away repeatedly. Monthly also provides more flexibility of weekly spikes in usage that I have.

I could even foresee having both a weekly and a monthly, e.g. Ā£20 weekly, and Ā£40 monthly (both including the monthly top-up). Either way having a manual way to also top-up above the auto-top-up limits.

1 Like

Good questions! We havenā€™t worked out the details yet, but my initial hunch is that on that third auto top-up, itā€™d be reduced to Ā£5, and that monthly top-ups arenā€™t includedā€¦

We do need some better ā€˜budgetingā€™ tools, e.g. if you want to use a maximum of Ā£10/month with only a single top-up, keeping you on track throughout the month with notifications or something.

Do you want notifications for those spikes? Weā€™d need to tune the thresholds, but perhaps something like 50% above average in a day/weekā€¦

Thatā€™s an interesting idea. Could have the percentage of the month currently gone vs the amount. Thinking like the Monzo chart about usage of whether you are in the month vs how much youā€™ve used so far, or your typical usage. Giffgaff had similar usage graphs.

It would be useful to have notifications of unusually high usage. However with my usage being very spiky (commute day 500MB, work from home less than 1MB, other days somewhere in between), Iā€™m yet to come up with a formula that works well in semi-real time.

3 Likes

The easy (and perhaps best) solution would be setting your own thresholdā€¦ our own high-usage formula would no doubt get it wrong for some people.

1 Like

Iā€™d be keen for multiple thresholds, daily, weekly, and monthly.

The monthly would be less than 4 X weekly and weekly would be less than 7 X daily, thus allowing spiky usage.

A fix has been implemented for one of my causes of high usage. Be a month or so before itā€™s on production.

2 Likes

Using the past few months of usage to predict your future balance and when your balance will likely run out.

Could also provide an estimated monthly amount to set for the top-up after a few months.

2 Likes

Iā€™m living that I can easily use an Amex card to top-up online; I donā€™t know of any other network that has this?

Iā€™ve been having to input vouchers either bought from Boots or Poundland in the past (o2) to pay via Amex, which was a small annoyance.

1 Like

O2 will let me add a credit using AmEx but is that considered paying off a loan as my SIMO is a postpaid unsecured loan in essence?

I was on payg with o2 as it weirdly worked out cheaper than a contract!?

Attempting to pay via an Amex would not work at all. O2 couldnā€™t answer why or if they supported Amex at all which was pretty poor so I found the voucher top-up route on my own.

You need to add it from the card section, they do accept it.

If you need to find out who accepts AmEx thereā€™s a website for it here

Oh well, too late now. :stuck_out_tongue:

Seriously though, I couldnā€™t ever get it to work?

To be fair though itā€™s really inconvenient to pay by AmEx in this case as obviously your bill is due on a certain day

You canā€™t have your direct debit as a fallback - if @nick ever does postpaid I would really appreciate if they did this or took by card and tried direct debit afterwards

2 Likes