Mobile scams: should we expect help from operators?

The statistics of reading my recent material on mobile fraud (sorry, Habr, it happened :() showed that this topic is extremely relevant. In this regard, I considered it necessary to give an opportunity to express my position to those whose hands have a real opportunity to put sticks in the wheels of fraudsters .

Operators are facing a dilemma today. On the one hand, the VAS services market is potentially very profitable. And, importantly, fraudsters repeatedly increase this profitability. Of course, operators are commercial enterprises, and there is no such crime that capital would not have gone for the sake of superprofits. Consequently, operators are in search of that middle ground, which will provide maximum profitability. It may well turn out that getting rid of fraud will increase confidence in subscribers' VAS services and allow them to spend more than now - so much so that growth compensates for the disappearance of profit associated with fraudulent services.

I asked each of the Big Three operators several questions regarding the current state of things and planned actions. Unfortunately, I could not get the comments of MegaFon. Nevertheless, MTS and Beeline gave their answers, and this is already the basis for thought.

How many calls per day from subscribers in the Moscow region regarding fraud?

Beeline: At the end of last year, on average about 1,500-1800 cases of fraud were received daily. In January and February of this year, the number of calls to Beeline CPC with this problem fluctuates at the level of 1000-1200 per day.
In the Moscow region, the daily calls for January 2010 significantly exceed this figure for Russia as a whole: on average, 700-800 complaints a day, compared with 50-60-80 complaints in other regions.

MTS: Recently, the number of complaints has decreased significantly.

The decrease in the number of cases of fraud recently can be explained by various reasons. Firstly, it was at the end of last year that Trojan.Winlock virus infections peaked, followed by a sharp decline. Secondly, it is possible that due to the actualization of the problem, the operators decided to interpret any suspicions in favor of the subscribers (after all, the statistics speak precisely of the case of fraud recognized as such by the operator’s support service). Finally, one cannot deny the possibility that weakening the problem of fraud is really the result of effective actions by operators.

What is the percentage distribution of requests for various fraud schemes?

Beeline: CPC operators do not keep such statistics, they enter only the category of treatment - fraud, and then in the notes indicate the essence of the treatment. Therefore, a breakdown by type of fraud is not possible. We only note that, according to our CPC, the most common reason for contacting is such types of fraud as unlocking a computer from the Trojan.Winlock virus and various requests to transfer funds: “Wrong payment” and “Call on behalf of the operator” - people, as a rule , do not immediately understand that they communicated with scammers, and go to make money transfers through terminals or enter a USSD command to make a mobile transfer as directed by the fraudster.

MTS: There are many assumptions about the greater or lesser popularity of various fraudulent schemes, but there is no clear distribution. Fraudsters survive only by quickly changing the methods of deceiving subscribers and developing more and more fraudulent schemes that consumers have not yet been warned about and which may not cause them to suspect.

What can I say? The topic of fraud with short numbers really caused a resonance in the blogosphere - among those people who are savvy enough and do not peck at classic tricks. The fact that the progressive part of subscribers no longer seriously considers frauds with the proposal to transfer money to someone else's number does not mean that these schemes are no longer valid. Those who still believe in people need to continue to grow stale and become deaf to other people's troubles, because most likely this trouble will be fake.

What measures apply to content providers that receive a large number of complaints?

Beeline: For two years now we have been applying tougher sanctions - we block short numbers and set significant fines for every confirmed case of fraud. In fact, the problem with short numbers, in our opinion, is greatly exaggerated: we receive about 80-100 complaints a month throughout Russia about this type of fraud, but not thousands, as can be found in some sources. According to our data, there are about 15 of the most popular short numbers, which receive the most complaints from subscribers (incorrect indication of the cost of the service and, as a result, a larger charge-off, undesirable “automatic subscription” to services, etc.).

Over the past three months, we sent written instructions about the incorrect operation of services / cost of services to 5 providers, blocked short numbers more than 20 times in accordance with the complaints of subscribers, and regularly provide information about content providers at the request of law enforcement agencies.

Nevertheless, seeing that the topic is relevant both in the media and on social networks, since February 2010, we decided to tighten sanctions for unscrupulous content providers whose short numbers were used to commit fraudulent actions: a clause on the collection of fines has been added to partnership agreements comparable in size to the partner’s monthly revenue on this short number. We think this measure will force our partners to more carefully conduct monitoring activities among their subcontractors, to whom short numbers are leased.

MTS: In recent months, we have fined several major content aggregators for substantial amounts. On short numbers, where along with popular and popular services among subscribers, a surge in the promotion of fraudulent services was recorded, we quickly connect the confirmation request functionality from the subscriber, when using which the subscriber is previously notified of the cost of the service. And we completely suspended the work of some short numbers.

Of course, content providers renting short numbers will turn a blind eye to the crimes of their sub-tenants as long as the profit is higher than fines. The effectiveness of this measure depends entirely on the decisiveness of the operators.

If there is a complaint about a specific fraud, then other subscribers who have become its victim receive their money back automatically?

Beeline: The fact is that both correct and fraudulent services can work on one short number, because content providers can sublet short numbers, and when a service develops, it can have hundreds of services and thousands of units of content . Everything - there is simply no technical ability to monitor. Yes and expediency. Nevertheless, we assume that our content providers are conscientious partners. As soon as complaints are received, we block the entire short number until the non-compliance with the terms of the contract is eliminated. But, I repeat, we can track fraud only upon request from the subscriber himself, who complained of fraudulent actions, if we checked the affiliate service and recognized the correctness of the subscriber. After that, we can return the money to the account. That is, on a specific statement.

MTS: We have no reason for such an automatic return. Fraud services periodically appear in short numbers, which, in addition to fraudulent services, provide a large number of popular high-quality content services, sell pictures, music and other content. The basis for a refund can only be the application of the subscriber from whose account the money was debited.

It remains a mystery what exactly prevents operators from collecting information about specific prefixes to which messages are sent. As you know, a technical problem is a problem that they do not want to solve.

Does your company plan to introduce a plug-in service "Short code barring"?

Beeline: We will look at the market. While we do not see a strong demand for such a service among subscribers - again, we say that the number of complaints about fraud with short numbers is small. As a rule, all the information about the cost and services in the subscriber’s short number is before your eyes - you just need to read it and evaluate whether you need such a service or not.

In addition, we doubt that such a service in its paid implementation option will be in demand among subscribers. Still, 150 rubles (the monthly cost of the service (probably, the price of the short number ban service for MegaFon - irubtsov subscribers ) is meant ) - this is often the average monthly account of a subscriber.

At the same time, we offer other effective ways to protect yourself from fraud on short numbers - this is a section on the Beeline website called “Caution, scammers!” with the most popular types of fraud and recommendations on how not to become a victim of scams, this is an opportunity to call the CPC for free and clarify information on the cost and types of services provided on a short number (the site also has this information).

MTS: We restrict access to paid content for subscribers whose spending control is most difficult for those who pay their bills - these are corporate clients and children. This service is connected to corporate TP and Klassny TP - in this tariff, developed taking into account the interests and psychology of children and adolescents, there is a unique specialized WAP portal for children with a wide selection of games, pictures, videos and for a low fixed monthly fee.

Indeed, MegaFon’s move looks very strange and looks more like a desperate struggle for ARPU. However, it is not a fact that it is necessary to discard the demand for the service as such. A subscriber can be calm only when he has full control over his account. I repeat, with my own, and not just over my child’s account.

Are there any plans to introduce a service for receiving information about the real price of an SMS / call to a short number, for example, by sending a special request by SMS message to this number? (The question is addressed to Beeline, since MTS already offers the Infocontent service)

Beeline: We focus on the information campaign, guided by the principle: “Forewarned - means armed.” To do this, we actively inform subscribers through the press, collect round tables with experts, create a special information resource “Caution, scammers!” on the corporate website of the company. In our opinion, the main problems are calls on behalf of the operator and various requests for money transfers. The problem associated with an opaque indication of the cost of content is solved in our case by publishing the correct information about the cost of the service and its content on the company’s website (in the “Be sure” section). In addition, when a subscriber makes a complaint, we can check the information and return the money to him if the content provider’s fraud is confirmed.

In addition, almost every content provider that collaborates with Beeline has user support. Sometimes subscribers did not understand the conditions for the provision of services by short numbers or incorrectly downloaded the content, did not see the terms of service or ordered the content, but did not receive it. In these cases, it is premature to conclude that the subscriber was the victim of fraudulent actions by the content provider itself. As an operator, we by no means always have the opportunity to deal with the problem of the user of content services, while the aggregator has all the necessary tools for this, including the ability to find out the reason for not receiving the content. The subscriber can contact the content provider directly, and he is obliged to deal with the complaint.

I can not agree that the company’s website is a sufficient source of information. Still, network users in Russia are slightly fewer mobile subscribers. Yes, and they do not always have access to the Internet at hand.

Are you planning to introduce a scheme with a request to confirm the order of a service by a short number? (The question is addressed to Beeline, because a similar scheme has already been implemented by MTS for some numbers - see the next question)

Beeline: Again, we will look at the market. Most likely, we will follow the path of closer cooperation with CPA partners with a view to developing joint actions to limit fraud on short numbers.

Will the scheme with the request to confirm the order of the service by short number be extended to all numbers, and not to individual ones (the most expensive / “fraudulent”)? (The question is addressed to MTS)

MTS: We will include an SMS notification about the real cost of the service on those numbers that cause suspicion of fraud, until the provider corrects the situation. This is a necessary measure, the confirmation request from the subscriber is set to “dangerous” numbers, which are mentioned in the complaints of subscribers about fraud. If you use this scheme on all numbers, then many services, for example, SMS chats, will be very difficult to use.

Constant monitoring of the degree of “riskiness” of various short numbers is a laudable thing. Indeed, constant confirmation requests will make communication in SMS chats simply unbearable. Maybe you should invert the policy: create a white list of numbers for which order confirmation is not required?

Will there be any campaigns (for Beeline: in addition to creating the safe.beeline.ru site) to inform subscribers about existing fraud schemes and recommended actions?

Beeline: Of course. The topic is extremely topical and does not lose its relevance. It must be said that we assess the topic of mobile fraud as one of the social risks that the company faces in the process of its development, and we identified these risks for ourselves back in 2008, when we were the first in the market to conduct a major study on this topic and decide on to work with this topic at the highest level and go out with subscribers to it, thereby demonstrating a responsible approach to business.

In 2008, 50 round tables were held throughout Russia, where experts in various fields assessed and recorded possible risks for mobile users and offered specific recommendations for subscribers on how to minimize these risks.

MTS: We were the first of the Big Three to launch the Infocontent service in Russia, which allows subscribers to receive information on short numbers and paid links. We are already conducting newsletters for our subscribers about this service, telling subscribers who have contacted the contact center, have posted a short number guide on the MTS website, and are preparing a special section with information on types of fraud and how to avoid falling into the trap of fraudsters.

What other measures will your company take in the near future to combat mobile fraud?

Beeline:We have planned a number of events that we are not ready to announce now, so that these measures are effective. But once again we want to note that it is extremely important to learn as much as possible about fraudulent schemes, analyze the messages you receive, and double-check the information received from unknown people. The operator assumes the function of informing, consolidating and summarizing information, so that the subscriber only needs to be careful, informed and alert. These are the basics of life safety in our modern society, and cellular communication, which today has become a social phenomenon, is no exception. As an analogy: when we talk about “roadblocks” on the roads, we assume that the driver should know a certain mechanism of action, certain recommendations on how not to get into this unpleasant situation,

The same thing with the owner of a cell phone - there are certain rules. Beeline initiated their production in 2008, in 2009 - actively promoted, in 2010 - made it as accessible as possible. It remains to call on all our subscribers - find out more, and you will be more protected.

MTS: On the one hand, we are tightening the requirements for content providers regarding the quality of services provided, implementation of partnership schemes, rules for promoting services and information and technical support for subscribers, we apply penalties to content providers that allow the appearance of fraudulent services allocated to them short numbers. On the other hand, we are developing new technical schemes for quickly closing access to suspicious services at the time of their discovery, we are improving technology for informing subscribers about the real cost of a service when ordering it.

Should the support service operators inform subscribers of the list of premium sites or information about the cost of traffic for a particular premium site? (The question is addressed to Beeline, because MTS provides complete information about the addresses of premium resources on its website)

Beeline: Of course they should. Moreover, it is prescribed in the procedure.

Let me remind you that practice has refuted this assertion: the support service operator suggested following the notes on the sites visited and, accordingly, paying for the pleasure of realizing that the paid site has already been visited.

How is your company going to deal with dishonest schemes for generating premium traffic (for example, publishing images from a premium site on publicly available popular resources - so that the visitor will not guess the true source of the content)?

Beeline: At the level of technology, we can’t catch this, and theoretically such a scheme of fraud is possible. We ourselves sometimes conduct monitoring, and if we find something, we block it, apply sanctions. But there is no way to monitor the entire Internet. So if a subscriber complains, we check and fine.

MTS: As well as with other fraudulent services.

If a fraud scheme is possible, then it will definitely be used. This is the law of life. Subscribers in 99% of cases will not notice unnecessary write-offs, they will decide that there are just too many webserfs. And that means there will be no statement. So, we are waiting for a wave of frauds with premium traffic. Get ready!