European and international reports/studies/position papers

1. Some years ago the ECC, the Electronic Communications Committee, published the following deliverables:

(1.1) ECC Report 086 on Consumer abuses and fraud issues relating to High Tariff services (2006)

(1.2) ECC Recommendation of 10 October 2007 on Consumer protection against abuse of High Tariff Services

More recently the ECC published (1.3) ECC Report 275 on the role of E.164 numbers in international fraud and misuse of electronic communications services (2018).

2. Also in 2018 the European Commission published a consumer market study on the functioning of m-payment for consumers in the European Union.

3. A few years before, the OECD, the Organization for Economic Development and Cooperation, published Consumer Policy Guidance on Mobile and Online Payments (2014).

This Policy Guidance was preceded by a Report on Consumer Protection in Online and Mobile Payments (OECD 2012)

4. Also in 2014, ICPEN, the International Consumer Protection and Enforcement Network, published a Report on Mobile Payments (2014).

5. CEER, the Council of European Energy Regulators, touches implicitly upon third party payments charges in its Guide on bundled products (2019)[233].

6. The EBA, the European Banking Authority, published an (unofficial) position on the exemption of the PSD2-requirements for providers of electronic communication services (2019).

7. Finally, in 2012 BEREC published its BoR (12) 55 Report on Special Rate Services, mainly focussing on price and transparency aspects (including wholesale) of voice services having a special rate.

Summary of recommendations in the documents of the literature list

1.1.- ECC Report 086 on consumer abuses and fraud issues relating to High Tariff services (2006).

The report produced by the Electronic Communications Committee (ECC) within the European Conference of Postal and Telecommunications Administrations (CEPT) includes a diagram of a reference model, examples of PRS types, consumer problems, abuses by providers, regulatory frameworks and consumer protection measures at national levels.

The consumer problems identified in the report are, among others: unexpectedly high bills due to lack of tariff awareness, unawareness of the options for call barring or problems with the solution for call barring, unauthorised calls and confusion over the use of subscriptions services. Whilst the fraud issues include billing cycle abuse and viruses in mobiles.

The purpose of the report is to provide a reasonably comprehensive list and explanation of the main consumer and fraud issues that have been experienced in relation to high tariff services, especially those on premium rate numbers, and also of the main consumer and operator protection measures that have been adopted in some countries.

The report focuses primarily on voice services and SMS, but premium rate services are also growing around MMS and mobile portals.

The report does not cover the issues of cross border access to PRS that are offered legitimately to subscribers in other countries.

A distinction is made between abuse (taking advantage of the consumer) and fraud (illegal activity).

The following is a list of the main abuses detected:

● Inadequate warning of the tariff.

● Call back messages. This approach is taken frequently for announcing that someone has won a prize or a holiday and they must call a certain number quickly to claim their prize. The number is a PRS number. The number to call back may be given as well as a tariff warning.

● Services without any normal rate complaint line. To make a complaint and seek a refund the only way to do so is to call another premium rate number.

● Unreasonable extension of the length of calls. The PRSP may organise the answering of the call so that the call duration is maximised by slow answering, putting callers on hold and making conversations unnecessarily long.

● Lack of clarity about subscription services where the subscriber is likely to think that they are buying one-off service.

● Call initiation via directory services that by-pass the normal protections such as call barring. This problem could arise where there are directory services that include information about premium rate numbers and allow calls to be connected without the caller re-dialling.

Some of the various consumer protection measures proposed in the Report are:

● Limitations in the types of services that may be offered: Various types of services may be prohibited.

● Require premium rate services to use a specific numbering range so that consumers can learn to distinguish PRS and so that call barring can be applied.

● Price warnings

● Itemised billing

● Call barring or opt-out

● Opt-in

● Pre-pay

● Removal of the right of an operator to suspend service for non-payment of the calls to PRS numbers

● Right to a refund for the first high bill

● Credit limits and warnings when specified levels are exceeded

● Faster billing

Traffic monitoring

● Delays in interconnection payments or payments to PRSPs by at least one complete retail billing cycle to provide time for abuses to be detected before the money is passed to the PRSP.

● Requirements on dialling software used with premium rate numbers to contain a warning about the charge rate in sufficiently large print, which has to be explicitly accepted by the user.

● Barring of specific numbers

● Traffic analysis

1.2.- ECC Recommendation of 10 October 2007 on Consumer protection against abuse of High Tariff Services (2007).

Forms of misuse of PRS identified in the report are:

● cases in which the user is not aware of the tariff applied,

● cases where consumers are attracted to dial numbers where the services are not actually available or are of a low quality;

● artificial call duration lengthening by increasing waiting times,

● the use of high tariff numbers for customer care where the consumer has no alternative to reach this service;

● the use of high tariff numbers for services such as TV games with unclear call prices and procedures;

● unclear contractual conditions for providing reverse billed services.

A coherent policy approach to improve the position of the consumer should have at least the following complementary attributes:

● it strengthens the legal and financial position of the consumer;

● it prevents abuse practices via increase of consumer awareness (e.g. by increased transparency of contents and tariffs of services so that the consumer may take rational decisions) and increase of consumer control over transactions;

● it makes possible a quick response to abuses when they are observed;

● it facilitates a system for low threshold redress possibilities for consumers.

It has appeared that self-regulatory solutions not supported or accompanied by additional regulation, do not function satisfactorily in most countries in combating abuses of high tariff services.

There shall be a rapid response mechanism to suspend payments or to block access to numbers while problems and abuses are investigated. Also, that appropriate means are established to provide refunds and compensation for consumers who suffer from abuses.

1.3.- ECC Report 275 on the role of E.164 numbers in international fraud and misuse of electronic communications services (2018).

In order to tackle fraud and misuse effectively a holistic approach that takes into account the dynamic character of fraud and misuse is needed. Although the focus of the report is voice, fraud and misuse in telecom is of course not limited to voice. SMS and social media messaging are also vulnerable to fraud and misuse. The following recommendations are made:

Prohibit CLI Spoofing

"CLI Spoofing" is a technique that enables the calling party, originating network and/or transit network to manipulate the information displayed in the CLI field with the intention of deceiving the called party into thinking that the call originated from another person, entity or location. Fraudsters use CLI spoofing to take advantage of the inherent trust that end-users have in the integrity of CLI information. Normally, the CLI presented is a national geographic or mobile E.164 number with a format that the called party would be familiar with. With CLI spoofing the number displayed could be an unassigned number or one which is already assigned to another end-user.

In order to maintain integrity and trust in E.164 numbers and Calling Line Identification (CLI), validation techniques should be made periodically in order to prevent the number being used by two different end-users at the same time when the number is re-assigned to a new end user by the original provider.

Encourage real time data analytics

Operators will increasingly have to invest in solutions that facilitate intelligent real time data analyses of call detail records and signalling messages. These analyses must result in the detection of patterns of calls which are suspicious and effective action must be taken to minimise the impact on revenues and end-user welfare.

Promote information sharing and cooperation

Once an instance of fraud or misuse is detected it can be beneficial to share related information between operators and other relevant stakeholders. The information sharing includes information on specific cases (e.g. suspicious numbers), fraud and misuse methods or even the modus operandi of certain stakeholders in the value chain. The information sharing should not only take place at the national level but also at the international level (e.g. by creating a worldwide network of contacts). Easy blocking mechanism for incoming and outgoing traffic

Operators should have some discretion to create simple and quick internal procedures to block incoming and outgoing calls which are fraudulent or involve the misuse of E.164 numbers without any intervention of a court order or NRA or the competent telecommunications authority.

Establish standardised procedures for trace back calls/Test calls

For serious and large scale fraud, easy procedures should be created in order to facilitate an expeditious trace back of calls across national borders. Requirements to this effect could be included in interconnection agreements to facilitate detection of the sources of fraud.

Transparency

A central reference point for national numbering plans, which clearly identifies mobile, premium and unassigned E.164 number ranges, could create the necessary transparency to flag possible problematic calls and routes. Based on that information a list can be made of expensive number ranges which are vulnerable to fraud or misuse and which can be used as an input in the data analytics systems.

Raising awareness

End-users need to be aware and take a critical look when calls, SMS and social media messages are received. Initiatives to raise awareness and educate end-users as to the dangers of fraud and misuse and how to deal with such communications need to be implemented. Simple reporting mechanisms for reporting fraud and misuse to the national police and/or competent authority should be implemented.

2.- The European Commission published a consumer market study on the functioning of m-payment for consumers in the European Union (2017).

Based on the findings, policy recommendations are made for three core findings:

Mandatory information to be provided by merchants or service providers

While the Consumer Rights Directive (CRD) pre-contractual information requirements necessitate that retailers or service providers must provide consumers with contact information, the right to withdraw, legal guarantees, and more, our findings show that this information is often difficult or impossible for m-payment consumers to find. It is very likely that the use of mobile devices with (relatively) small screens may account for at least part of this problem. The amount of information that can be presented on the screen is limited and information may be presented elsewhere at the cost of lower accessibility.

Two recommendations are made to solve this information problem. First, icons with a clear meaning (e.g. trader information, product information and legal information) and an embedded link could help refer consumers to further information if they desire. Icons would have to be agreed upon within the business sector and consumers would have to be educated about their meaning.

Second, mandatory information can also be provided in a confirmation e-mail after the transaction. The confirmation e-mail may contain more extensive information regarding customers’ right to withdraw and other relevant consumer rights. While this is not the same as pre-contractual information, consumers that do not agree with this information may use their right to withdraw.

Insufficient information about the m-payment service

It is important for customers of an m-payment service to obtain all relevant pre-contractual information and identification data. The identity of the payment service provider should always be transparent. When problems arise during an m-payment transaction (e.g., unauthorized payments, hacked transaction, etc.), customers may easily find themselves in a triangular relationship between the trader/service provider, the m-payment service provider and the bank. This is a complex situation and may make it difficult for consumers to make use of their chargeback rights. Hence, the identification of all involved parties and the most important terms and conditions must always be available. Guidance should be provided to the players in this relationship, especially merchants, service providers and payment service providers, on how they should ensure transparency.

Transaction security and data security

Consumers’ concerns regarding identity theft, data abuse, and transaction hacking are among the most important barriers to the development of m-payment services. While the consumer regulations reviewed in this study do not cover these concerns, this is a consumer risk worth taking into consideration. One possible solution to increase consumers’ security is to introduce a chargeback system that works similar for all m-payment mechanisms. In addition, quality cues and/or the results of security audits of m-payment services may be communicated to consumers.

3.- OECD Consumer Policy Guidance on Mobile and Online Payments (2014).

The guidance concerns mobile and online payments made by consumers for products

(including goods and services) acquired via e-commerce. It includes payments made via the Internet and those made using mobile devices, including, but not limited to, SMS and MMS payments as well as proximity-based payments made via mobile devices, such as those using near-field communication technology (NFC) at a point of sale.

Guidance on payments contained in the guidelines further provides that consumers should be provided with easy-to-use, secure payment mechanisms and with information on the level of security such mechanisms afford. It adds that limitations of liability for unauthorised or fraudulent use of payment systems and chargeback mechanisms offer powerful tools to enhance consumer confidence and their development and use should be encouraged in the context of electronic commerce. In addition, the guidelines provide a set of basic principles on fair business, advertising and marketing practices, information disclosure, confirmation process, and dispute resolution and redress.

The committee concluded that it would be beneficial to provide further guidance on a selected number of issues in seven areas: a) information on the terms, conditions, and costs of transactions; b) privacy; c) security; d) confirmation process; e) children; f) varying levels of consumer protection among payment providers and payments vehicles; g) protection against fraudulent and misleading commercial practices; and h) dispute resolution and redress.

4.- ICPEN, the International Consumer Protection and Enforcement Network, published a Report on Mobile Payments (2014).

ICPEN is a network of governmental consumer protection authorities from over 50 countries. For the purposes of its report, “mobile payment” is defined as any sort of payment for goods or digital/regular services initiated, transmitted, or confirmed via a mobile phone or device, billed by a mobile network operator, card company/bank, or other.

To survey the market for mobile payments the Working Group issued a questionnaire, during the spring of 2012, consisting of five sections: (1) Market Analysis; (2) Consumer

Challenges; (3) Consumer Protection – Policy and Law; (4) Enforcement; and (5) Industry Initiatives.

In many responding countries, mobile payments relating to premium SMS services present the most problems for consumers. In particular, unclear and insufficient information can lead consumers to pay for services they thought were free, or to subscribe to services with recurring charges that they thought were only one-off charge services. In addition, consumers are often faced with fraudulent or unauthorized charges on their mobile carrier bills, a practice often referred to as “cramming.” Some ICPEN respondents see stronger authentication and authorization procedures as a solution to address this type of problem as long as implementation of such schemes is weighed against the usability of the payment service.

In some countries, mobile payments charged on the mobile phone bill are considered as credit card transactions, with consumers therefore enjoying the same level of protection when purchasing with their mobile phone or with their credit card. However, consumers often have less protection when paying with mobile payments in comparison to traditional means of payment that are regulated by specific laws or regulations, such as debit or credit cards.

The types of protections consumer authorities have recommended include: adequate authentication and authorization procedures for consumer transactions such as double opt-in procedure with a Personal Identification Number (PIN)-code or similar security procedure; limitations on consumers’ total liability when using mobile payment mechanisms service; and limitations on consumers’ liability for unauthorized charges or costs incurred after the theft or loss of a mobile device or SIM card.

Consumers need to know who is responsible for what and whom to turn to if things go wrong. To solve this problem, some ICPEN authorities have proposed that mobile operators should bear the same kind of responsibility as the issuers of credit cards, which would include responsibility for price information and charge backs, and other penalties imposed on the consumer. In addition, many countries have alternative dispute resolution systems (“ADR”) that can resolve the matter, but it may be unclear in some circumstances which ADR has the jurisdiction.

Some ICPEN authorities reported that unclear billing information from mobile network operators regarding mobile payments was problematic. A bill from a mobile operator will typically state “premium rate services” and a sum, but both the vendor of the service and the time of purchase are usually not included. This can make it difficult for consumers to fight unauthorized charges on their bill or prepaid credit.

The practice of “mobile carrier billing,” which offers service providers the ability to charge payments directly to a mobile phone bill, has been increasing in the United States and in other jurisdictions as a growing number of third-parties enter into agreements with carriers to place charges on mobile bills.

Concurrently, the mobile carrier billing platform raises a unique challenge for authorities with regard to the third-parties’ practice of placing fraudulent or unauthorized charges on consumers' mobile carrier bills (known as "cramming"). Some ICPEN respondents suggested strategies to ensure that cramming does not occur; these include: (1) permitting consumers to block all third-party charges on their mobile phone bills (including the ability to block third-party charges on individual accounts operated by minors in the household); (2) requiring mobile carriers to establish clear and consistent processes for consumers to dispute suspicious charges and obtain reimbursement; and (3) requiring mobile carriers to standardize and prominently highlight billing descriptions of third-party charges in a format that makes it clear why the consumer is being billed for a third-party charge, the provider or merchant that placed the charge, and the good or service provided.

5.- Guide on bundled products (2019).

CEER, the Council of European Energy Regulators, touches implicitly upon third party payments charges in its Guide on bundled products (2019)

The Guide says, among others: ‘Where bundling of products includes an essential service (such as energy, water or communications), consumers must be clearly protected from disconnections or risks associated with other elements of a bundled contract, according to legal safeguards in place for that essential service. If the consumer breaks the conditions of the bundled contract (e.g. does not pay the part of the bill that corresponds to an additional service), their essential service should be maintained although the consumer loses the benefits and conditions of the bundled contract.’ (p. 22)

Besides this particular statement, the Guide also gives the following more general guidance on contractual matters in a bundled products context:

Ensure transparency of different elements of bundled products

Consumers buy bundles of multiple products for their intended efficiency in terms of cost and services. Price, services, quality and contractual transparency on the different elements of the bundled products are vitally important. As well as the terms and conditions of the different elements of the bundled product, companies should ensure that no arbitrary allocation of the price to individual elements of the bundle takes place.

This should be done in an understandable manner without overloading the consumer with information. All contracting parties that are directly involved with the supply of the good or service should be identified.

Keep it simple

Consumers need easy to understand, easy to compare and consistent information.

For contractual clarity and simplicity for consumers. Align duration of elements in bundled contracts.

a. The parties involved in the bundle should (to the greatest extent possible) seek to align the duration of the elements of the bundled contracts with the duration of the essential contract. Otherwise, with different contract durations, contractual lock-in can be implicit as consumers may be confused about when a component of the bundle ends. Irrespective of the duration of the contract, which may be limited by sectorial legislation, conditions and procedures for contract termination should not act as a disincentive to changing service provider.

b. Where component durations are not aligned, the durations should be transparently communicated before signing the contract and before the expiry date (and potential renewal) of the relevant components.

c. Similarly, the parties involved in the bundle should seek to align the conditions for termination of the different elements of the bundle.

d. The contractual renewal of the provision of optional or additional services should be subject to prior notification and separate from the essential element and sent in a timely manner to the consumer without the consumer’s consent. The consumer should be able to terminate the contract with the provider at no cost (except the charges for receiving the service during the notice period).

Apply clear liability principles where there are multiple parties/contracts involved in the bundled product

In some cases, the consumer may have to sign more than one contract when securing bundled products brokered by a company. In the case of multiple contracts for bundled products, it should be made clear (at all times) to the consumer who is liable for each or all parts of the bundle in case of any problems.

In cases where a single contract is concluded but where the provider indicates that for part of the services, it acts only as an agent or broker, the provider should ensure the consumer is aware of who is liable towards the consumer for any problem arising with any part of the bundle at the outset of the contract.

The consumer should not be obliged to interact with different parties for the different elements of the bundled product – instead there should be one company that acts as a “primary contact point” for the full bundle.

Have a single summary statement and/or single portal for consumers to find the different bills associated with their bundles

On billing, a single-bill for a bundled product makes life easier for consumers. Where this is not possible, a single summary statement and/or a single portal will help consumers to find the different bills associated with their bundle. The provider(s) who sends the statement and the bill(s) should comply with consumer protection legislation. What is important is that the customer should be able to check the bill(s) against the accepted offer as set out in the contract. The bill(s) should also be in line with the Principle of transparency, containing all essential information presented in a clear, understandable manner, and consistent manner that can be traced back to the contract and the offer.

Make clear the choice of payment methods for bundled-only products

It should be clear in advance of signing the contract whom the customer pays and what payment method(s) may be used (see Principle 1 on transparency, regarding how much consumers are expected to pay).

Signpost the responsible (in-house or external) complaint handler

It is vital that consumers know who to contact (who is the case/complaint handler of the bundled product) when something goes wrong or when seeking advice or in the case of an emergency.

Principles for regulators overseeing and regulating sectors with bundled products:

Bundled products which cut across several sectors raise jurisdictional challenges between the authorities responsible for enforcing consumer rights. Cross-authority cooperation and coordination is key, as is close monitoring of the deployment of these products, to ensure consumers’ rights are correctly enforced. CEER recommends that, where bundled products exist, the following Principles be applied by public authorities charged with overseeing market developments and with managing complaint resolution processes for bundled goods and services:

A. Clarify and educate companies on the rules and obligations applicable to bundles in general consumer law and in sectoral rules.

B. Monitor

C. Cooperate across sectors with relevant authorities

6.- The EBA, the European Banking Authority, published a position on the exemption of the PSD2-requirements for providers of electronic communication services (2019).

On 6 September 2019, the EBA issued an (unofficial) position on ‘The Implementation of the electronic communications exclusion in the voiced-based premium rate services market’ addressing the question (Ref. 2018_4181) of whether the Payment Services Directive 2015/2366/EU (PSD2) applies to “intermediaries” (as premium rate operators or transit operators) implied in the delivery of the services and contents as well as in the invoicing/cashing as the network operator. In particular, if the exclusion set out in its Article 3(l) ‘cascades’ to include the whole value chain and therefore, all the providers of electronic communications networks or services involved in payment transactions should not have to register as payment institutions or agents for these operations.

As a background, the document explains that the electronic communications exclusion (ECE) of Article 3(l) PSD2 excludes from the scope of this Directive the payment transactions by a provider of electronic communications networks or services where these are provided in addition to electronic communications services provided to a subscriber.Also, that the ECE is limited to the purchase of digital content, voice based services, electronic tickets or charitable giving charged to the subscriber’s bill where these are provided in addition to electronic communications services, and with value limits of 50€ per single payment transaction and 300€ cumulative value for an individual subscriber per month.

The EBA position is that for the application of Article 3(l) PSD2, the electronic communications operator must provide the payment services in addition to the electronic communications services it provides to its subscriber. This implies that there is a direct contractual arrangement between the electronic communications operator and the subscriber for the provision of the electronic communication services and that the payment service is an additional service to these services. Therefore, in EBA opinion, Article 3(l) PSD2 does not apply to cases where the digital content provider or the provider of services (‘intermediary’) does not have a direct contractual relationship with the payer for the provision of electronic communications services.
7.- BEREC Report on Special Rate Services (2012).

The BEREC Report on Special Rate Services discusses transparency problems and high level of prices, in relation to voice services with a special rate (not only PRS but also freephone services and shared cost numbers).

In general, the Report is written from an economical perspective, more specifically the perspective of price regulation, with a focus on the discussion of wholesale problems (Section 3) and wholesale or SMP remedies (Section 6).

BEREC concludes that Special Rate Service (SRS) voice calling to service providers at least in some countries have problems of (a) low transparency and (b) relatively high prices. This leads to several negative effects like – beside the high prices itself – reduction of demand, increased risk of fraud and loss of service diversity.

The Report points out problems can be, and often are already, addressed through transparency measures like pre call tariff announcements. However, the transparency measures do not always solve all the identified competition problems. Following this, the Report identifies a number of regulatory wholesale approaches that can be used - possibly alongside pure transparency (consumer protection) measures - to address these problems if they occur.

Figure 1 - Schematic representation voice premium rate call 7

Figure 2 - Schematic representation direct carrier billing 7

Figure 3 - Distribution amount of complaints  10

Figure 4 - Amount of times issues were rated major 11

Figure 5 - Source of definitions regarding premium rate services and direct carrier billing. 12

Figure 6 – Entities with responsibilities regarding premium rate services and direct carrier billing  13

Figure 7 – NRAs responsibilities regarding companies. 14

Figure 8 – Information collected by NRAs by type of company. 16

Figure 9 - Information and transparency measures and tools. 18

Figure 10 - Obligation to provide in an acceptance process. 19

Figure 11 - Obligation to include information in the detailed billing. 20

Figure 12 - Available services PRS.. 21

Figure 13 - Available services DCB.. 21

Figure 14 - Blocking facilities as default settings. 23

Figure 15 - Blocking facilities on request 24

Figure 16 - Blocking facility for specific, individual numbers/DCB services. 24

Figure 17 - Blocking facility for specific number ranges. 24

Figure 18 - How to request blocking. 25

Figure 19 - Threshold amount obligation. 25

Figure 20 - Consequences of reaching threshold amount 26

Figure 21 - Alert service for anomalous traffic. 27

Figure 22 - Spend reminders. 27

Figure 23 - User consent in PRS.. 28

Figure 24 - Type of consent 29

Figure 25 - Avoid unintended charges via malware. 29

Figure 26 - Confirmation of unsubscribing available. 30

Figure 27 - Cancellation period to withdraw from subscription services. 30

Figure 28 - Ways to deactivate subscription services. 32

Figure 29 - Guaranteed minimum service. 32

Figure 30 - Responsible party to refund 33

Figure 31 - Conditions to determine refund. 34

Figure 32 - Where to file complaints. 35

Figure 33 - Supervisory actions NRA.. 36

Have you any specific observations in respect to the general overview of major issues as set out in section 3 of the report and split as follows:

1(a) Complaints and Enquiries in respect to Third Party Payments?

1(b) The presence and sources of definitions for PRS an DCB?

1(c) Responsibilities regarding PRS Calls, SMS and DCB?