Pardoes Cellnet Pages

E-mails from BT Cellnet to a victim of their third-party fraud

Cellnet Index page

Logotype of Telecom Securicor Cellular Radio Limited used here for the purposes of illustration and fair comment only

This edition 19/12/1999

This is BT Cellnet's recent e-mail correspondence with a lady from Ealing ["JMc"] from whom Cellnet took 100, even though she hadn't got a Cellnet phone. She asked for an explanation, and compensation for her expense and inconvenience, which was considerable, as the theft was directly from her bank account, and left her overdrawn.

As you can read below, BT Cellnet initially try to fob her off, then offer a pathetically disingenuous explanation of their "improved security". Finally, there's a veiled threat from Cellnet that she should be careful to get her facts straight, and the usual point-blank refusal of compensation. Sorry, who was the victim, again?

The whole sorry correspondence is a textbook example of the disgraceful and cynical way in which BT Cellnet try to turn the argument round on their fraud victims, and won't take responsibility for their deliberately fraud-prone billing system. Instead, they persist in making untrue statements about their security measures, while their innocent victim is out of pocket, and very angry.

Now that it's here on the web, it's also a textbook example of lousy PR.

The original correspondence is in this font, typo's and all. My comments are in small bold type. I've deleted my correspondent's name and e-mail address, for obvious reasons.

Click for the Cellnet Fraud index page, or the main Cellnet story page.


Initial E-mail from JMc to BT Cellnet

-----Original Message-----
From: XXXXXXXXXXXXXXXXXXXXX
Sent: 25 October 1999 10:23
To: customer-care@btcellnet.co.uk
Subject: BT Cellnet Customer Care

Name: J Mc
E-mail: XXXXXXXX@XXXXXXX.com
Company name:
Service Provider:
Details of query:

I have been de-frauded of 100 pounds by a BT Cellnet customer/user/thief.

I'd like to know what you are doing about this as I understand that it is a widespread problem, and I know other people who have suffered the same.


E-mail from BT Cellnet to JMc

-----Original Message-----
From: MARKS Harvey [SMTP:Harvey.Marks@btcellnet.co.uk]
Sent: Tuesday, October 26, 1999 7:52 AM
To: Mc, J
Subject: FW: BT Cellnet Customer Care

Dear J,

Thank you for your recent enquiry.

What you will need to do is contact your own Bank who will be able to credit the amount back to your account and will then recover the monies from ourselves.

In other words, someone else can sort it out. There's no acknowledgement of the widespread problem...

I do hope the above information answers your query, if however you require any further assistance then please do not hesitate to contact us.

...and there's no apology.

Yours Sincerely

Neil Turner
Customer Care Consultant


Second E-mail from JMc to BT Cellnet

-----Original Message-----
From: Mc, J [mailto:XXXXXXXX@XXXXXXX.com]
Sent: 26 October 1999 11:58
To: 'MARKS Harvey'
Subject: RE: BT Cellnet Customer Care

Dear Neil,

Thank you for your short reply.

My specific question was, what are YOU doing about it. I know very well that I have to wait up to 6 weeks to recover the money. I know that my bank account is 100 less than it ought to be. I know that I have to instigate proceedings with my bank in order to have my stolen money returned to me with no assistance from Cellnet.

Why was it allowed to happen in the first place when this issue has been on-going now for over a year??

Why are Cellnet allowing people to steal from me, and countless others including one other close friend (Coincidence? Or widespread problem? I know where I'd put my money, if you'll pardon the pun) and putting no measures in place to stop it happening?

And why should it be my responsibility, who after all, is just a person going about their business and trying to earn a living, to recover my own money which I did not spend and can ill afford losing for a month and a half.

That is my question.

I look forward to your response.

J Mc


Second E-mail from BT Cellnet to JMc

-----Original Message-----
From: MARKS Harvey [SMTP:Harvey.Marks@btcellnet.co.uk]
Sent: Wednesday, October 27, 1999 3:09 AM
To: Mc, J
Subject: FW: BT Cellnet Customer Care

Dear J,

Thank you for your reply.

I am sorry if we did not full answer your original query.

They didn't deal with it at all, and what's more, the present reply doesn't, either.

To combat the fraud problems that are being experienced we have already and are still ensuring the implementation of added security features including only allowing one credit card to be used on the system, this card has to be pre-registered with our systems by the owner to ensure the security of using the card. The cards are only allowed to be used twice within a 4 week period. There are also other system features that have been put into place to ensure that only the true owner of the phone or the card can access the systems.

Disingenuous answer. It's well known (and has been admitted by BT Cellnet in the "Daily Telegraph" article of 9. October) that the registration procedure only applies to the newer "Pay & Go" plan. BT Cellnet have deliberately not introduced measures to prevent hundreds of thousands (I believe nearly a million) owners of the older "easylife" and "U" phones from using this top-up scam to defraud innocent cardholders such as JMc, as this would be bad for business.

The reason that you need to contact your bank is so that they can be re-reimbursed through the proper channels. We would not be able to prove that people had money taken form their accounts otherwise, where as the bank will trace the payment and request the monies from ourselves.

Still no offer of compensation, just the usual mantra that the bank will sort it out.

I hope that you find this information satisfactory. Again please let me apologise for the inconvenience. Please do not hesitate to contact ourselves here at BT Cellnet again with any further enquiries in the future.

For the first time, an apology from BT Cellnet.

yours sincerely

Harvey Marks
Customer Care Consultant


Third E-mail from JMc to BT Cellnet

From: Mc, J
Sent: 27 October 1999 08:41
To: 'MARKS Harvey'
Subject: RE: BT Cellnet Customer Care

If these security systems are in place then why has my card been used?

It has most certainly not been pre-registered for use with BT Cellnet, so please explain to me how this happened.

I'd also like to know who is going to pay my 20 overdraft fee, and who is going to compensate me for the distress of spending a weekend wondering what happened to my money, the inconvenience and embarrassment of going out with friends shopping, only to find that I didn't have enough money, and the added difficulty of life without a visa card for a week. Not to mention phone calls to banks and emails to you.

I am also fully aware that my money (which has, in my view, been stolen by Cellnet, as it is now sitting in your bank account and not mine) must be regained through the proper channels.

I have my own personal 'proper channels' which include my own little rule of not letting strangers spend my money without my permission. I can prove to you quite well that money has been taken from my account - seems to me a copy of my bank statement should be enough for you to write me a cheque to the value, plus adequate compensation for reasons listed above.

Again, I look forward to hearing from you.

J


Third E-mail from BT Cellnet to JMc

-----Original Message----- From: Mitchell David [SMTP:david.mitchell@btm.bt.co.uk]
Sent: Monday, November 01, 1999 3:16 PM
To: Mc J
Cc: LEEDS CUSTOMER CARE
Subject: BT Cellnet Customer Care - mobile number unknown

Dear J,

Thank you for your recent communications which have now been forwarded to me to deal with.

Presumably, the BT Cellnet "fobbing off" manual ran out of steam at this point.

Firstly let me offer you my genuine commiserations that you have found yourself the innocent victim of fraudulent activity. I too have, in the past, been the victim of credit card fraud and I well remember the feelings of both outrage and helplessness I felt at the time it happened. It's all very well to take a sanguine view and say such experiences are a part of modern life but it doesn't take away the shock and distress that it has actually happened to you. I was anything but sanguine if I remember correctly so I do understand some of what you are feeling.

Oh, please; is that patronising, or what?

In the circumstances, I believe it is perfectly reasonable of you to demand to know of us what we are doing to prevent further occurrences of this type of fraud. This type of fraud is carried out by criminals already in possession of stolen credit/debit cards and credit/debit card information. It is indeed a fact of modern life that all industries which use credit/debit card payment schemes are subject to some risk of fraud - it's not just BT Cellnet or the pre-pay mobile phone industry. I would point out that it's in our own interests to try to combat fraud because, bear in mind, we too are victims in this scenario - while the credit/debit card company will reimburse you fully, BT Cellnet is in turn required to reimburse the credit/debit company.

Yes, it is just BT Cellnet who have such a lax approach to credit card security. And as J. points out in her reply, BT Cellnet don't reimburse the credit/debit company: they merely (and belatedly) return the money they took. That's not reimbursement.

I do very much want to underline that BT Cellnet takes the matter of security very seriously indeed. We work with the clearing banks and credit/debit card companies to establish security systems which are designed to minimise the incidence of fraud amongst our pre-pay customers. The effectiveness of these systems is monitored on an on-going basis.

Yes, it is monitored, and both Barclaycard and APACS (the Association for Payment Clearing Services) are unhappy with BT Cellnet's arrangements. It's disingenuous of Cellnet to say (as they do below) that their procedures "have been developed in conjunction with and approved by the credit card companies themselves". That statement refers only to Cellnet's own authorisation with their own Merchant Acquirer's (bank) computer to ensure that the card used is not on a "hot" list or over its credit limit, simply to protect Cellnet. It does nothing to protect the innocent cardholder, such as J.

Since our pre-pay system was launched last year, various security enhancements have been put in place to combat pre-pay fraudulent activity. These have been based on limiting the number of cards which could be used to top up credits, the value of the top-up and the number of times people can make a top up in a given time.

Earlier this year, additional security measures were put in place and, on the advice of the credit card companies, even more robust security measures, which were designed reduce the risk of fraud to an absolute minimum, were put in place in August this year.

So why didn't they get it right earlier this year, and why is it not right after even after the August measures, since the fraud is clearly still going on?

* all new and existing BT Cellnet pre-pay customers now need to choose and register one credit/debit for use against a maximum of one pre-pay phone.

Hang on, "all new and existing BT Cellnet pre-pay customers"? I don't think so, at least as far as their "easylife" and "U" phones are concerned. All the evidence I have suggests (and BT Cellnet confirmed in the "Daily Telegraph" article of 9. October) that the registration procedure only applies to the newer "Pay & Go" plan. Hundreds of thousands of "easylife" and "U" phone users can still top them up with any card number. Cellnet could switch off their insecure top-up facility at any time, but they've made a commercial decision not to do so, as this would inconvenience users and risk losing Cellnet market share.

E-mail me To BT Cellnet : if my understanding of the position regarding your "easylife" and "U" phones, as expressed in the foregoing paragraph, is materially wrong, kindly e-mail me with evidence to the contrary, and I will correct it at once.

* customers are required to use their selected credit/debit card to top-up for a period of 30 days.

* when customers dial in to make a credit/debit card top-up they are prompted to supply the card account number, the expiry date (and another security measure which I do not wish to disclose). If a switch card is being used they are also be asked for the issue number.

The "[an]other security measure which I do not wish to disclose" was suggested by Barclaycard, among others, many months ago, and I'm not going to disclose it, either. However, it offers only a slight security improvement, as does requiring a Switch card issue number. I won't say why this is so, but those in the industry know the truth of the matter well enough.

If I can be of any further assistance please do not hesitate to contact me.

Yours sincerely

David J Mitchell
BTCellnet Prepay Customer Care

Important: Please remember to include both your mobile phone number as well as an alternative daytime contact number in any communication


Fourth E-mail from JMc to BT Cellnet

From: Mc, J
Sent: 01 November 1999 15:55
To: 'Mitchell David'
Subject: RE: BT Cellnet Customer Care - mobile number unknown
Dear David,

Thank you for your reply.

I must point out that I am not particularly shocked, as this has happened to countless others, and am more inconvenienced and angry than distressed.

I realise that you are now putting security measures in place to avoid this happening, but the fact remains that there are countless thousands of telephones in use (and those phones are ones only supplied by BT Cellnet) which require no security checks whatsoever against cards used to top them up.

The criminals are in possesion of nothing more than my card number and expiry date. This information is on every receipt I get for a card transaction, and sits in every till I have ever made a purchase at. I am offended by your implication that I have been careless about card security - I have been nothing of the sort. The only entity being lax with security in respect of bank cards is BT Cellnet. I am clearly wasting my time in avoiding people seeing my pin number and other security measures when BT Cellnet are being so dismissive of my personal financial security.

This kind of fraud is not representative of 'modern life'. You are referring to the kind of fraud where a bag or purse is stolen, the card used illegally, signatures forged, personal details accessed from other documents to back up purchases. The people who are topping up BT Cellnet phones with my card do not even know my name!!! And I was not aware that my card was being used illegally until AFTER the event!! There is no other company in the UK who allow this lack of security. No signature, no name, no mother's maiden name, no branch name, no house number, no postcode, no birthdate. If you had asked any of these questions, my money would not have been stolen, adn your criminals caught.

Another point you seem to overlook is that the money was stolen (by Cellnet) not from a credit card, which gives you a months grace to pay back the money, and which you may even choose not to pay back until the money is recovered from yourselves, but came from my debit card and thus from my bank account. I am, in the truest sense of the word, 100 poorer than I should be. As you will see from my previous email I am expecting Cellnet to pay my overdraft charges, incurred purely due to the theft of my money from my bank account by BT Cellnet. 20 please.

The only loss BT Cellnet incur is airtime. This costs you next to nothing. You do not re-imburse banks, you pay back what you stole. Please don't imagine for a minute that I am naive enough to believe that 50 airtime on a mobile phone costs you 50. I'm not that stupid, unfortunately for you.

By the way, I'm not giving you my mobile phone number. I use vodafone, I don't see why you need to know that. I don't want to be called 'on an alternative daytime number' as I am working and have been inconvenienced more than enough, and wasted plenty of my time already, on this whole sorry issue.

Now, can we please end this protracted waffle with you telling me how and when you are going to re-imburse me, pay my overdraft charge and compensate me.

Yours

J Mc

ps. Please don't take this personally. This email is directed at whoever it was at Cellnet who instigated this ridiculous system. You're just in the firing line I'm afraid.


Fourth E-mail from BT Cellnet to JMc

-----Original Message-----
From: Mitchell David [SMTP:david.mitchell@btm.bt.co.uk]
Sent: Monday, November 01, 1999 4:56 PM
To: Mc, J
Subject: BT Cellnet Customer Care - mobile number unknown

Dear J,

Don't worry, I don't take anything you say personally. I also want make clear that there was no implication, intended or otherwise, that you had been careless in the use of your credit card. As I said in my reply, I see you as the innocent victim of this crime. I have never entertained any notion that you bear any responsibility whatsoever, whether directly or indirectly, for the fraudulent transactions. I am genuinely sympathetic to your situation and I thought I had gone some way to convey that to you.

Reasonable enough, but in the very next paragraph...

However, regardless of the sympathy I feel for you, I must very strongly object to your repeated assertion that BT Cellnet has stolen the money from you. I am prepared to make allowances for the fact that you are upset at having been the victim of crime but I must ask you to be please take more care when making such accusations and insist that you make more of an effort to get your facts straight.

...the mighty BT Cellnet starts to get heavy with J.

Get her facts straight? Well, let's see. My Oxford English Dictionary defines "steal" as "take (property etc) without right or permission...". It seems to me that debiting someone's bank account without their permission might reasonably be described as stealing, in common parlance, even if not in a strictly legal reading. Mitchell's denial of this, with its implied threat, is just malicious, wrong-headed intimidation by Cellnet, and it's disgusting.

They put their lawyers onto me, too, but soon backed off when they realised that what I was saying was entirely true. You can't (successfully) be sued for libel if what you say is the truth, but BT Cellnet clearly belong to the school of thought which believes that might is right.

In other words, it's OK for BT Cellnet to take J.'s money from her bank account, without authority or compensation, but it's not OK for her to say that they have stolen it. And we thought Stalinism was out of fashion!

Let me remind you.

* BT Cellnet did not steal this money. This money was stolen from you by a criminal with details of your credit/debit card.

No, let me remind him.

This is typical of the disgracefully disingenuous nonsense with which BT Cellnet try to fob off their victims (and the media). As J. perceptively remarks in her response, the fraudster "stole" only airtime from BT Cellnet, but Cellnet debited real money from her account. It was Cellnet's computer taking money from her bank's computer, without any authority from J. The fraudster only had access (through his phone) to the Cellnet computer, and if Cellnet are lax enough to pass the authority to debit her account straight through to her bank, then that's clearly Cellnet's system at fault. If J. hadn't noticed the money going out of her account and complained, Cellnet would simply have kept it (in fact, at the time of writing, they still haven't refunded it, or her bank charges).

What authority did Cellnet have to take J.'s money? a phone contract with her? her signature? her name and address? No, none of these : they just took it, because it suits them to run their business this way, and they are still, unbelievably, refusing to admit that it's their fault, or to compensate her.

* The details of your card were not obtained from BT Cellnet. All details of credit/debit cards used on the BT Cellnet prepay system are secure.

Of course, in order to protect themselves. It's a pity that Cellnet deliberately don't offer the same security to their fraud victims.

* BT Cellnet, along with you, is a victim of this crime. I do not expect you or anyone else to have any sympathy for us and I freely acknowledge that we can bear the loss of 100 far better than any individual. Nevertheless, this fraud costs us too.

Crocodile tears. Lost airtime costs them almost nothing. See above, or J's response, or refer elsewhere on our website for the true explanation of this argument, and how well it suits BT Cellnet to gain market share this way, with an interest-free loan thrown in for good measure (and a gift, even, if victims don't notice).

* The security aspects of the system employed by BT Cellnet to permit customers to add credit to their phones using a debit/credit card have been developed in conjunction with and approved by the credit card companies themselves.

Again, see above: BT Cellnet's card security only protects themselves, and deliberately leaves third parties open to fraud.

In the circumstances, I'm afraid that I am quite unable to consider compensating you for your loss as you demand.

In what "circumstances", exactly?

In the circumstances which BT Cellnet have deliberately introduced, and (even after widespread criticism), continue to operate, which expose innocent parties to having money taken from their bank and card accounts by BT Cellnet. "In the circumstances", BT Cellnet don't give a damn about their victims, and as far as they are concerned, J. is just a nuisance they'd rather not hear from again.

Yours sincerely

David J Mitchell
BTCellnet Prepay Customer Care

Important: Please remember to include both your mobile phone number as well as an alternative daytime contact number in any communication


Fifth E-mail from JMc to BT Cellnet

Mc, J
To: Mitchell David
Subject: RE: BT Cellnet Customer Care - mobile number unknown
Dear David,

The facts, to my mind's eye, are very straight indeed. Until Cellnet, who have been aware of this problem for the last year at the very least, do something to save thousands of people like myself the inconvenience of having DEBIT and credit cards used against their consent, I shall consider the money stolen by BT Cellnet. If your company truly believed that a system which required a card number and expiry date was adequate proof of correct and legal use of a bank card, then I am very surprised. If they did not realise that there would be unscrupulous people who would take advantage of this, then I am even more surprised at their rosy view of the world.

Cellnet end up paying for airtime. That's all. It costs you less to pay for this than it does to stop all the phones which are still able to use this archaic top-up system, or to advise those customers that they need to either register cards or stop using them altogether.

As long as BT Cellnet are aware that this fraud-friendly system is in place and are doing nothing to control it or admit responsibility FOR THEIR OWN END, I shall consider my money stolen by BT Cellnet. If you look up 'BT Cellnet pre-pay mobile phone fraud' on the Internet you will find plenty of people throwing the same accusations at Cellnet. Don't worry about me putting my foot in it, I'll take that chance.

I'm sure you won't compensate me. If you did that, you'd have to compensate everybody, and that really might cost you, when you look at the numbers of people involved. I am quite curious however, as to what circumstances you are referring to... the circumstance of BT Cellnet being a forgotten victim of this fraud - or my making an unholy fuss about it???

Regards
J Mc


The original correspondence is in this font. My comments are in small bold type.

Click for top of page, the Cellnet Fraud index page, or the main Cellnet story page.


Website
©
Cellnet Home page E-mail to us if you have something to say about this!
[Cellnet fraud index page] [Site directory] [Home page] [E-mail us]