Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • diygardener
    • By diygardener 10th Apr 18, 3:19 PM
    • 34Posts
    • 7Thanks
    diygardener
    PAYG mobile phone scam?
    • #1
    • 10th Apr 18, 3:19 PM
    PAYG mobile phone scam? 10th Apr 18 at 3:19 PM
    WARNING of possible scam using pay by mobile phone service.

    I have just had money deducted from my 3-2-1 PAYG mobile phone balance by a company claiming that I signed up to a "Fitmate" service at a cost of £3.00 per week.

    I am certain that I never signed up for any such service, and most certainly not using my PAYG mobile phone for payment.

    I suspect this may be a very clever scam in that the amount is fairly small, so most people will not bother complaining to their mobile phone service provider (as I did).

    I was horrified to discover that there is no way that the mobile phone service provider can switch off the option to pay for goods and services using one's mobile phone, nor do they have the capability of recovering any payments or terminating any ongoing payments. Instead I was told that I had to text STOP to the number that the (alleged) scammer provided for this purpose - something that cost me an extra 10p on top of the £3.00 that they had already deducted.

    The purpose of this post is to alert others as I feel sure I may not be the only person who will get scammed in this way. I never click indescriminately on links on websites, in emails or SMS texts, so there is no way that I would have - even inadvertantly - enabled this subscription to occur.

    Full text of the messages used to scam me are:

    Message 1 (timed 13:13 yesterday)
    FreeMsg: U have joined to get fit @ (url removed for safety) for £3.00 a week. First 24hrs are free. To cancel text STOP to 83463. Help 03300535848

    Message 2 (timed 13:04 today)
    FreeMsg: U are a member of Fitmate @ (url removed for safety) for £3.00 a week. Send stop to 83463 to cancel. Help 03300535848

    It seems that the second message was sufficient for Three to decide to pay £3.00 from my PAYG balance!

    Now I guess I have to wait for the (alleged) scammers to try again, and again, and apparently there's nothing I can do to prevent it!
Page 1
    • Castle
    • By Castle 10th Apr 18, 3:42 PM
    • 1,634 Posts
    • 2,189 Thanks
    Castle
    • #2
    • 10th Apr 18, 3:42 PM
    • #2
    • 10th Apr 18, 3:42 PM
    According to the number checker, the short code belongs to Tap2Bill Limited:-
    https://psauthority.org.uk/about-us/number-checker
    • paulmu
    • By paulmu 11th Apr 18, 12:17 PM
    • 22 Posts
    • 11 Thanks
    paulmu
    • #3
    • 11th Apr 18, 12:17 PM
    Payforit Scams
    • #3
    • 11th Apr 18, 12:17 PM
    I'm sorry you have become a victim of one of these scams.Tap2Bill have been responsible for numerous scams in the past year. It is quite possible that your number was provided via a rogue App on your ‘phone, or you may have clicked on an innocent looking Ad while browsing the web.

    You need to be aware that while you are connected to the internet via mobile data, your number may be passed by your mobile network to third parties for charging purposes. The mechanism by which this happens is called 'Payforit'.

    This can’t happen while you are connected by WiFi.

    Once the third party has your number they can send you chargeable text messages and, very unfairly in my opinion, it will be your job to argue for a refund!


    The Payforit mechanism was intended to make it easy for consumers to purchase goods and services and have them charged to their 'phone bill. Unfortunately Payforit has proven to be very insecure and hardly a day goes by without someone reporting another scam.


    I have put details of how to deal with these scams on my website at http://payforitsucks.co.uk.



    Unfortunately the mobile network operators have no incentive to bring these scams to an end, as they receive a share of the income from them.

    If you fall victim to one of these scams, the steps you ought to be taking are (with links to detailed instructions):
    1. Stop further charges being made
    2. Get a refund of any charges already taken
    3. Complain to the Phone-paid Services Authority
    4. Protect yourself from further 'charge to bill' scams

    Let me know if can offer any further help or advice. These scams are a disgrace to the mobile communications industry.

    Paul
    payforitsucks.co.uk
    • Castle
    • By Castle 11th Apr 18, 2:32 PM
    • 1,634 Posts
    • 2,189 Thanks
    Castle
    • #4
    • 11th Apr 18, 2:32 PM
    • #4
    • 11th Apr 18, 2:32 PM
    Once the third party has your number they can send you chargeable text messages and, very unfairly in my opinion, it will be your job to argue for a refund!
    Originally posted by paulmu
    But the third party will still be required, (if challenged), to provide proof of consent to receive the text messages; otherwise it would be breach of the 1998DPA and the PECR2003 regulations.
    • paulmu
    • By paulmu 11th Apr 18, 3:13 PM
    • 22 Posts
    • 11 Thanks
    paulmu
    • #5
    • 11th Apr 18, 3:13 PM
    Payforit scams
    • #5
    • 11th Apr 18, 3:13 PM
    But the third party will still be required, (if challenged), to provide proof of consent to receive the text messages; otherwise it would be breach of the 1998DPA and the PECR2003 regulations.
    Originally posted by Castle
    In theory this is true. IF the Phone-paid Services Authority (PSA) takes up your case they will ask for this evidence. They only take up cases where there are a large number of complaints against the same company, so this is the first stumbling block.

    In previous cases pursued by PSA, the 'service providers' have been found to have falsified this 'evidence'. It's quite hard to tell the difference between a genuine signup where the consumer clicked 'OK' and a case where this was done by Javascript exploit without the user's knowledge or consent.
    I'm not aware of any cases which have gone to court to test a consumer's right to demand the evidence and to a refund if this is not provided.
    The essential problem is that the scammers have your money and it can be very difficult if not impossible to get it back.
    • Castle
    • By Castle 11th Apr 18, 5:28 PM
    • 1,634 Posts
    • 2,189 Thanks
    Castle
    • #6
    • 11th Apr 18, 5:28 PM
    • #6
    • 11th Apr 18, 5:28 PM
    In theory this is true. IF the Phone-paid Services Authority (PSA) takes up your case they will ask for this evidence. They only take up cases where there are a large number of complaints against the same company, so this is the first stumbling block.
    Originally posted by paulmu
    There's no need to involve the PSA; the customer can simply send a Subject Access Request, (£10 at present, F.O.C after 25th May), and include a request for proof of consent to receive the text messages on their phone number.

    Legally the sender of the message must provide evidence that consent has been specifically given to their company otherwise the text messages are automatically deemed to be unsolicited and in breach of Regulation 22(2) of the PECR2003.
    http://www.legislation.gov.uk/uksi/2003/2426/regulation/22/made

    Processing of your phone number without consent is also unlawful under the 1998DPA.
    • paulmu
    • By paulmu 11th Apr 18, 7:06 PM
    • 22 Posts
    • 11 Thanks
    paulmu
    • #7
    • 11th Apr 18, 7:06 PM
    Payforit Scams
    • #7
    • 11th Apr 18, 7:06 PM
    There's no need to involve the PSA; the customer can simply send a Subject Access Request, (£10 at present, F.O.C after 25th May), and include a request for proof of consent to receive the text messages on their phone number.

    Legally the sender of the message must provide evidence that consent has been specifically given to their company otherwise the text messages are automatically deemed to be unsolicited and in breach of Regulation 22(2) of the PECR2003.
    http://www.legislation.gov.uk/uksi/2003/2426/regulation/22/made

    Processing of your phone number without consent is also unlawful under the 1998DPA.
    Originally posted by Castle
    OK I asked for this data back in November 2017 and offered to pay (but did not include) the statutory fee. This request was sent by email, and by Royal Mail signed for service to the registered head office of the company. The request was successfully delivered, so I can prove receipt.
    I haven't even received an acknowledgement. What should I try next?

    You seem very knowledgeable on legal matters. At present the mobile operators hide your consent to pass your number to the 'service providers' in the small print of your contract. Specific consent is not requested. It is currently legal to do this and not to provide an opt-out or specifically request consent.
    Will this change under GDPR?
    • unholyangel
    • By unholyangel 11th Apr 18, 8:05 PM
    • 12,150 Posts
    • 9,514 Thanks
    unholyangel
    • #8
    • 11th Apr 18, 8:05 PM
    • #8
    • 11th Apr 18, 8:05 PM
    OK I asked for this data back in November 2017 and offered to pay (but did not include) the statutory fee. This request was sent by email, and by Royal Mail signed for service to the registered head office of the company. The request was successfully delivered, so I can prove receipt.
    I haven't even received an acknowledgement. What should I try next?

    You seem very knowledgeable on legal matters. At present the mobile operators hide your consent to pass your number to the 'service providers' in the small print of your contract. Specific consent is not requested. It is currently legal to do this and not to provide an opt-out or specifically request consent.
    Will this change under GDPR?
    Originally posted by paulmu

    Have you read the ICO's website on subject access requests? Specifically, this part:
    Can I charge a fee for dealing with a subject access request?
    Yes, an organisation receiving a subject access request may charge a fee for dealing with it, except in certain circumstances relating to health records. If you choose to charge a fee, you need not comply with the request until you have received the fee. The usual maximum fee you can charge is £10. There are different fee arrangements for organisations that hold credit, health or education records
    Money doesn't solve poverty.....it creates it.
    • Castle
    • By Castle 11th Apr 18, 8:13 PM
    • 1,634 Posts
    • 2,189 Thanks
    Castle
    • #9
    • 11th Apr 18, 8:13 PM
    • #9
    • 11th Apr 18, 8:13 PM
    OK I asked for this data back in November 2017 and offered to pay (but did not include) the statutory fee. This request was sent by email, and by Royal Mail signed for service to the registered head office of the company. The request was successfully delivered, so I can prove receipt.
    I haven't even received an acknowledgement. What should I try next?

    You seem very knowledgeable on legal matters. At present the mobile operators hide your consent to pass your number to the 'service providers' in the small print of your contract. Specific consent is not requested. It is currently legal to do this and not to provide an opt-out or specifically request consent.
    Will this change under GDPR?
    Originally posted by paulmu

    1) In respect of the missing SAR, you can file a complaint with the ICO.

    2) With regards to the phone contract; unless you're told which service providers your number will be provided to, I can't see how it can be legal.

    The legal case for specific consent is set out in Optical Express v Information Commissioner (EA/2015/0014); where consumers filled in a Thomas Cook Survey and ended up with text messages being sent by Optical Express.

    https://panopticonblog.com/2015/09/03/blindly-fumbling-for-consent-pecr-and-optical-express/
    • Castle
    • By Castle 11th Apr 18, 8:19 PM
    • 1,634 Posts
    • 2,189 Thanks
    Castle
    Have you read the ICO's website on subject access requests? Specifically, this part:
    Originally posted by unholyangel
    You missed out the second paragraph which follows your quote:-

    "Although you need not comply with a request until you have received a fee, you cannot ignore a request simply because the individual has not sent a fee. If a fee is payable but has not been sent with the request, you should contact the individual promptly and inform them that they need to pay."
    • unholyangel
    • By unholyangel 11th Apr 18, 8:59 PM
    • 12,150 Posts
    • 9,514 Thanks
    unholyangel
    You missed out the second paragraph which follows your quote:-

    "Although you need not comply with a request until you have received a fee, you cannot ignore a request simply because the individual has not sent a fee. If a fee is payable but has not been sent with the request, you should contact the individual promptly and inform them that they need to pay."
    Originally posted by Castle
    The difference is that the part I quoted is backed by legislation, where the part you quoted isn't and is just guidelines given by ICO to data controllers.

    Legislation says:

    (2)A data controller is not obliged to supply any information under subsection (1) unless he has received—
    (a)a request in writing, and
    (b)except in prescribed cases, such fee (not exceeding the prescribed maximum) as he may require.
    Money doesn't solve poverty.....it creates it.
    • diygardener
    • By diygardener 13th Apr 18, 9:02 PM
    • 34 Posts
    • 7 Thanks
    diygardener
    Thank you everyone for your suggestions. I have now reported this scam to Action Fraud and have a crime reference number which I have passed on to customer services at "Three".

    I guess I've probably spent more on phone calls reporting this than I lost in the original scam, but I have at least made it perfectly clear to "Three" that I consider them complicit in this scam by not allowing me any way to opt out of the PayForIt service. I think they now understand I am taking this seriously. Being a PAYG customer means I have no itemised bill to refer to which makes it extremely easy for the fraudsters to get away with it undetected.

    Am I correct in assuming that PayForIt transactions are not regulated by the Financial Conduct Authority?

    Anyway - I now wait to see what will happen on Tuesday when the next "subscription" of £3.00 might fall due. I shall be checking my PAYG balance regularly and will report back here if any developments.

    In the meantime, please everyone, be on the lookout for this and similar scams. Individual amounts may appear small but if thousands of people are affected, the profits for the scammers could be quite significant.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

1,350Posts Today

6,471Users online

Martin's Twitter
  • RT @Kirsty_M_N: KFC Take off the disgusting skin & coating and eat the chicken with salad (lettuce) I presume they'll have. https://t.co/YF?

  • OK. Im taking a break from discussing today's poll to go for a run (i'll need it with all those calories to come!)

  • There's always one! Dave. You can't have Nando's. You've been shipwrecked. The choice is what it is. This real l? https://t.co/rBadHIHM0e

  • Follow Martin