Telstra Overcharged Roaming Customers Since 2006

Australian operator Telstra has started to issue refunds after the discovery that its outbound mobile roamers have been overcharged for data services since 2006. The total refund is expected to be approximately AUD30mn (USD31mn). You can read the full story from here.

The overcharging was discovered by an audit within Telstra. A spokesman for the company reportedly said:

Telstra became aware of an issue whereby some customers were charged multiple data session fees due to the way international carriers generate their data usage records. Once we identified the issue, we put immediate steps in place to prevent further multiple charging.

A typical consumer protection rent-a-quote-know-it-all (Elise Davidson of the Australian Communciations Consumer Action Network) responded by saying:

It is surprising that the inaccurate charging was undetected for six years and staggering to think of the number of bills Telstra will have had to review in order to provide refunds to consumer and business customers.

Yes, it is surprising – unless you know how telcos really work. Most consumer protection advocates know as much about telecoms as you would expect a typical media studies/social policy graduate to know. They know what the service providers say publicly, and what they can see from their own bills, but nothing else. That is why the industry has to police itself. No external party is going to do an effective job. When you know how most telcos behave, you realize the real surprise is that Telstra did an audit that was thorough enough to discover this problem. Instead of criticizing Telstra for auditing this area once in 6 years, it should be pointed out that most telcos would never have audited this. In fact, there must be other telcos that have overcharged their customers for the same reason, but who continue to be ignorant of this problem. Note the circumstances of this error: customers are not complaining about the specific issue, Telstra is being paid the amounts it has billed, and the error stemmed from flawed data supplied by other telcos. This is how the error was described:

International carriers send data files to Telstra via a data clearing house for billing, and sometimes the carriers cut long data sessions into segments. The data files passed from the carriers have an indicator for when a data file relates to a part data session or a full data session.

It is understood that some carriers left the indicator for a part data session blank and that was interpreted by Telstra as a full data session, resulting in the data session fee being applied multiple times for a single data session.

Another crucial lesson here is that many of the self-appointed pontiffs of ‘revenue risk management’ would never have found this error, hence contributing to the widespread delusion that revenue risks only relate to frauds and accidental undercharging. Why would the Gadi Solotorevskys of this world have missed this error? Firstly, and most importantly, it does not matter what software you use or how much data you crunch. This kind of error will only be discovered by a human brain… and we all know how the software-worshipers feel about telcos paying good wages to skilled and knowledgeable people who can think outside of the box. Their goal is to put everybody in a box, and then to get rid of everybody, because they’ve progressively automated the box. But the truth is that there are many errors that will never be discovered by simply crunching more and more data, over and over again. Second, software developers like Solotorevsky have a prejudice against audits. They market their tools as an alternative to audits. They say that audits are not ‘proactive’ enough. Rubbish. There is no good reason to present a false choice between software or audit. It is better to have both. Audits demand an open mind. Audits should, on a recurring basis, scrutinize even those areas that have already received a superficial ‘all clear’ from other checks and controls. Audits can reveal all sorts of flaws, including flaws in how people behave and think and flaws in how automated systems work. They even reveal flaws and limitations to the systems purchased to do automated checking and gaps in the controls implemented by the company’s control gurus. A real risk manager loves a good auditor, because a good auditor has the time, skills and opportunity to really examine everything that may go wrong. Good auditors deliver the ultimate validation of whether risk management has succeeded in its task, and they serve as the ultimate guardians that stop real problems from continuing indefinitely.

Nothing trumps smart, dedicated people with the humility to really check that everything works as it should. And sadly, when these guys do their work, they usually get criticized for not doing it sooner, instead of being thanked for doing it well. They get squeezed on all sides: by their doubting bosses who see no benefit in checking for errors and who expect miracles whilst paying the bare minimum, by consumer protection gobsh*tes, by ineffectual regulators, and by avaricious VC-backed tech firms that pretend software is a substitute for human intelligence. Telstra deserve credit, as they take on the hard task of refunding their customers. Six years is a long time, but better late than never. If we listened to some people, then there would be plenty of errors that remain undetected, but would be allowed to go on harming telco businesses, or harming telco customers.

Eric Priezkalns
Eric Priezkalns
Eric is a recognized expert on communications risk and assurance. He was Director of Risk Management for Qatar Telecom and has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and others.   Eric was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He was a founding member of Qatar's National Committee for Internet Safety and the first leader of the TM Forum's Enterprise Risk Management team. Eric currently sits on the committee of the Risk & Assurance Group, and is an editorial advisor to Black Swan. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.   Commsrisk is edited by Eric. Look here for more about Eric's history as editor.