@MI5 wrote:
Here, for your delectation, is the reply to my email (names removed to protect the guilty)....
Dear Mr .........,
Thank you for sending through the concerns expressed by some of our customers’ on the forum.
We take the protection of our customers’ very seriously. For all premium online services there’s a two-step process which involves two customer confirmations – one click/tap to confirm the price and a second to confirm the charge to the mobile. We check every service we use to make sure it meets industry standards. For charity donations or TV competitions the process involves sending a text or calling in after seeing an advert. We are constantly reviewing customer feedback and regularly update the payment flow to ensure that customers are getting the best experience, we then take appropriate action with our partners if things go wrong.
I hope this helps to explain our process and the reasoning behind it.
If there is a specific service you have a concern about please get back in touch with us.
Kind regards,
This answer is extremely misleading. It is true that entering in to a 'Payforit' subscription is supposed to be
(at least) a two step process. The problem is that there are exploits which can be embedded in web pages which can spoof these steps, effectively clicking the relevant links in the background. This often happens when a user closes a popup. Checking that a service is compliant is not enough, as this check will only look at pages directly related to the "service". These exploits can be embedded in any web page making them near impossible to detect. Stopping these scams therefore requires technical solution such as that proposed, rather than better enforcement.
O2 need to consider how the system is really working, not how it works in theory! The Payforit system which leaks consumers phone numbers to third parties is know to be fundamentally flawed and highly vulnerable to abuse. Two factor authorisation will defeat the exploits currently being used by these scam companies.
It is utterly negligent of O2 to bury their heads in the sand and pretend that nothing is wrong here. They claim that they "check every service we use to make sure it meets industry standards". Does this check include a review of customer experiences? How can they ignore the evidence on Trustpiot that these companies are systematically defauding consumers? What checks have they actually done on the services provided by Lasevia Ltd?
Consumers need to start taking legal action against O2 when they are scammed by companies like Lasevia and SB7 Mobile. A few successful Small Claims actions against O2 (citing their negligence in allowing this to happen) might evoke change of attitude.
There is so much evidence that certain companies are deliberately and shamelessly using the vulnerabilities of Payforit that I believe O2 to be negligent in law.
Paul
