Big Bills and Passed Bucks

If there is one constant in telecoms, it is that a big bill is always somebody else’s fault. This was beautifully illustrated by two recent stories reported by the British press. In the first, the Guardian published a letter received from a small business whose PBX was hacked, leading to a surge of international premium rate calls. Who was responsible?

My provider, Focus Group, was unaware of the charges until I contacted it. It placed a bar on all international calls and premium rate numbers, but advised me that a further £8,282 had been racked up in the previous 11 days.

Pennine supplies my actual telephone systems, and it and Focus are blaming each other. Pennine says Focus should have noticed the large call rates, which were occurring at night and were out of character, while Focus says Pennine should have offered a more secure system.

Was the system supplied by Pennine secure?

“We cannot comment on an individual client; however, there have been no reported instances where passwords we are responsible for have been compromised.”

Err… this system was compromised. In what way can they claim that passwords have never been compromised even though hackers did compromise this system? But maybe the people charging for usage should have noticed how many calls were being made…

Focus, however, says that as a reseller of services it only receives information about customer usage from carriers periodically. “We rely on the alerts provided to us by the carriers, as they are the only ones with ‘real-time’ information about the calls that customers are making,” says a spokesperson.

So Focus knows how to make money but has no idea about how much customers are being charged until after the customer complains about a big bill. In this instance, the customer had to tell Focus that his bill was unusually high. Can anyone else see what is wrong with this picture?

Given that this business fell victim to a crime, perhaps the police could do something to help.

A police investigation found the fraudsters are based in Russia and there is nothing they can do.

This makes me wonder what investigation work was done by the police, and why they wasted their own time on such a futile exercise.

A different story in the Mirror features another common complaint: huge data roaming charges incurred whilst on holiday.

A BT customer got a shock when he returned from an overseas break to a £2,682 phone bill.

Arron Coles, 32, was under the misapprehension that his phone has linked up to his hotel wi-fi during a holiday in Egypt but found out the hard way – after his 10-day holiday – that it had actually switched to data roaming.

Really? He spent ten days browsing data in his hotel room only, and was surprised to discover that the service he received was identical to that he would have received if he had been anywhere else in Egypt? I am trying to imagine the person who returns to their hotel after a day gazing at the wi-fi-less pyramids, only to assume there was no interruption to his hotel wi-fi connection.

The Taunton man, who works in software, was shocked that his account wasn’t capped…

I suppose that might be pretty shocking, if you asked for the account to be capped. Did he?

“I’m willing to be honest and admit it was a mistake to just put my phone to one side – and not check the mobile data was on – but I feel like they have seen it as an opportunity to make money.”

That would be because data roaming is an opportunity to make money. That is why they charge people to use it. And the people who use it are then expected to pay for it.

“I put the phone to one side and it must have disconnected from wi-fi. There must have been apps running in the background.”

The mind boggles at the apps this customer has installed on his phone, especially as they seem to be doing lots of things that have no interest for him.

“Why didn’t they block it? Surely there is nobody who would want to come back to that kind of bill.”

Perhaps BT thought he was a fancy high-rolling Harvey Weinstein business type who jets around the world and does not care about phone bills. After all, this was a corporate telephone which is being used for ten days on holiday with lots of data-hungry ‘apps’ running in the background…

When he got home HR staff questioned him about “extra charges” on this account after a bill for £2,085 arrived – and insisted he must reimburse the company in full.

So perhaps his employer should have selected a capped tariff? Or told their staff it was against the rules to use a company phone for data roaming whilst on holiday?

“It’s a fairly new job as well and it’s a work phone, which makes it even worse.”

Indeed.

BT were not as negligent as this customer claims:

A spokesman for BT said: “The roaming charges that Mr Coles has been charged are from his time in Egypt between the 14th and 23rd of August. When Mr Coles arrived in Egypt we sent him a text message to make him aware of the £4 per MB charge. We sent this directly to his mobile and not to his company. On the same date however we also tried to call the company.

It seems that company’s phones are connected when staff are holidaying abroad, but do not get answered when they should be at work!

There is a temptation to hold network carriers responsible for every big bill but these incidents show how many mistakes can be made by others. The customer, their employer, the hotel, the wi-fi, the roaming partner network, the reseller, the equipment supplier… the list of dependencies goes on, but it is the home network operator always being asked to endure the cost. Whilst it may be seen as a victory for the customer if their bills are reversed, the truth is that other customers are paying higher bills to compensate for poor security, poor decisions or for the simple foolishness of others.

Whether roaming in Egypt or terminating calls in Russia, customers want every phone company to connect to every other phone company, but may accept none of the downsides that come with everybody depending on each other. The smartest option for telcos is to treat these customers like the credit risk they are, and if that means their service gets disconnected because they use their phones slightly more than usual… well, whose fault is that?

Eric Priezkalns
Eric Priezkalns

Eric is a recognized expert on communications risk and assurance. He was Director of Risk Management for Qatar Telecom and has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and others.

 

Eric was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He was a founding member of Qatar’s National Committee for Internet Safety and the first leader of the TM Forum’s Enterprise Risk Management team. Eric currently sits on the committee of the Risk & Assurance Group, and is an editorial advisor to Black Swan. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.

 

Commsrisk is edited by Eric. Look here for more about Eric’s history as editor.

  • akrittok

    I don’t know where that expectation comes from, to have your bill reversed if your pbx was hacked.
    If someone breaks into your wifi router and starts messing around, I doubt anyone would start blaming the router companies or the ISP.

    • That’s a good point, but I’m not so sure the real-life data would support your assumption. Perhaps ISPs do receive complaints like those. I’d be curious to hear the answer from somebody who is working in a role where they have visibility of complaints.

      One reason I hesitate to make an assumption is that the modern broadband situation has de-risked the issue for customers because they usually pay flat rates for access. Though it’s a long time ago, I’m pretty sure that telcos ***did*** receive many complaints from customers of dial-up internet services who downloaded auto-dialer malware (after visiting porn websites etc) which then used the modem to call premium rate and/or international numbers. My working assumption is that when a customer gets a big bill from a telco they will complain in the hope of sparing themselves the cost, even if they are largely or completely at fault.

      • akrittok

        I think it’s a question of framing. Internet, in general is framed as “insecure”. That’s why people usually buy anti-viruses, that’s why when there’s a hack, the blame usually goes on a security department who did not “patch” something. I’ve never seen it go to the provider of the code that had the vulnerability in the first place.
        Other industries are framed differently, more “secure”, although this is just a relic from the past. Banking for instance is framed “secure” and customers usually assume that they are protected. Telecom is from that same category I think – an old school system that you had to break into physically in the old days.
        The internet is erasing all these lines, so having a PBX service is no different really than having an Equifax account :)

      • Michael Lazarou

        If the PBX is hosted by the telco provider then they are the ones responsible for the security as well. Therefore, they also need to ensure that they monitor the traffic in case their security measures do not manage to keep intruders out. If the PBX is setup by the subscriber (and the telco only provides the line – SIP trunk) then they should bear the responsibility of securing their PBX. However, the subscriber will retort that you as the telecom should have noticed the large and unusual traffic pattern. The subscriber can also claim that the competitor monitors and notifies their clients about such cases and they will leave if they are not reimbursed. So either way you reimburse them.
        What does a smart telco do? They implement controls, monitor them and cut any lines doing suspicious traffic. Even if you block legit traffic they will be grateful knowing you “saved them from a hacker”….

        But the roaming case described in the article is not about this. I believe its mostly about someone not knowing how to use their phone… This traffic should also have simply been blocked as it is completely our of the norm. The telco did attempt to contact the client so they could claim that is the policy, we did notify you…