Steve Pardoe's Cellnet Fraud Story Page

Cellnet Index page
Logotype of Telecom Securicor Cellular Radio Limited used here for the purposes of illustration and fair comment only. During the life of this article, Cellnet have changed their trading name to BT Cellnet. The two may be interpreted interchangeably in what follows

Cellnet are taking money from the accounts of thousands of innocent people...   ...even though they haven't got a Cellnet phone!

This main story page was getting unwieldy, so we now offer a précis page, for a quick introduction. There are also a new media page for the Internet, TV, radio and press coverage, and one for correspondence and commentary.

You can now skip the updates and go straight to the summary of what Cellnet are doing, or read the basis of my campaign. There's also an index page as an on-ramp for new visitors.

E-mail to us   E-mail us now at cellnet@pardoes.com if this has happened to you, or if you have something to say about this!

If you'd like to contact BT Cellnet, their telephone number is (Slough) 01753 565 000, and their Head of Security is John Cross. I'll be interested to hear how you get on.


The BT Cellnet Fraud Story


BT Cellnet have a deliberately lax policy regarding credit card security. They freely admit that anyone can use anyone else's credit or debit card number to top up an "easylife" or "U" pre-pay phone, with complete impunity.

Thousands of innocent people have been defrauded, and in some cases seriously inconvenienced, as a result. Cellnet know that this is happening, but have taken a cynically commercial decision to ignore it, leaving their unfortunate victims to sort the mess out with the credit card companies and banks. Cellnet refuse point blank to offer any compensation, and despite repeated promises and disingenuous statements to the media, have still not fixed the problem. It is now beyond dispute that this policy is deliberate, and I think it's disgraceful.

How I got on the case

Cellnet charged three amounts of 50 each to my Barclaycard account, even though I had no Cellnet phone, and have never entered into any kind of contract with them. Although Barclaycard cancelled my card and refunded the money (together with a 50 gesture of goodwill), Cellnet's unhelpful and cynical response to my inquiries to them, and point-blank refusal to compensate me or to promise to stop taking money from my credit card, prompted me to look more deeply into the problem, so that something could be done about it.

Believe it or not, when I asked Cellnet what I could do to prevent this from happening again, their advice (from their "Customer Relations team", which I was told reports directly to the Managing Director) was that I should be more careful about giving people my card number. What a fatuous remark! The card number is in plain view every time you use it, and is left printed on the shop copy of every transaction slip. If this is Cellnet's considered opinion of how credit card security should operate, it explains a lot. The only way to stop people seeing the number, or using one they've already seen, is to stop using the card and close the account.

Cellnet have repeatedly tried to fob me off, presumably taking me for a simpleton.

Big mistake.

What I'm trying to achieve, and why I'm pursuing this campaign

My reason for publicising Cellnet's irresponsibly lax policy on credit card security is that both they and Barclaycard have told me that the only way I can prevent Cellnet from taking more money from my credit card account is:
- to close all my card accounts and stop using credit or debit cards at all,
or,
- to get Cellnet to change the way their system operates.

I chose the latter.

Read on for details of the problem...

I know from my own research, and this is not denied by my informants within Cellnet, that Cellnet are well aware of the fact that thousands of innocent credit or debit card holders have had money taken from their accounts by Cellnet, even though they haven't got a Cellnet phone.

What's worse, Cellnet have evidently made a high-level decision (my informant reports directly to their Managing Director) that this policy is sustainable, as (in my interpretation) their losses are an acceptable proportion of the profits they make on calls. The fact that a proportion of these losses is borne by people whose card accounts they debit without authority, and who may not even notice, is apparently something they regard as a side issue.

This has gone far enough. I can't stand by and watch a major operator such as Cellnet taking thousands (perhaps by now millions) of pounds from people like me, who have no Cellnet phone and no contract of any kind with Cellnet. I have also heard of a case where a customer did have a Cellnet phone, but was getting far more charges on his account than he was making himself. How on earth was he supposed to sort that out?

You might think that Cellnet would have an incentive to stop this practice, but a moment's thought shows two reasons why this business model suits them so well.

(1) A plausible reason: Limited Downside

Clearly, when a dispute is raised, Cellnet will eventually have to refund the card issuer, but in the meantime they've had an interest free loan, and after all, Cellnet's true marginal cost of providing call time is virtually zero (almost all their costs relate to the infrastructure) so they are losing very little real money even then. You can see this from the generous call time offers they make, for example, for filling in a marketing questionnaire.

This trifling loss is vastly outweighed by the profit they make on the calls which are properly paid for by their customers (or are paid for by other people who don't both notice and successfully challenge the fraudulent items on their credit card or bank account statements). It's a nice revenue stream for Cellnet : their absolute worst case downside is that they get an interest free loan, before eventually having to refund the money.

Can you imagine what would happen in society if the heaviest penalty for theft was a belated return of the stolen goods?

(2) The real reason: Marketing Edge

Here are some facts. Even more than in most markets, the profitability of a cellular telecomms business depends heavily on market share. Let's compare it to the airline business, another capital intensive enterprise. If an airline wishes to gain, say, 50% market share on a particular route, it will eventually need a fleet of aircraft capable of carrying 50% of the traffic. There's no point in investing for 100% capacity, as that would never be used. The airline will try very hard to fill its planes, at which point it will have achieved that 50% target.

The cellular telephone market is rather different. In order to have any credible presence in the market, every operator must install an infrastructure (the aerial masts, transmitters, central switching computers, and so on) covering the whole country (or, as most claim, 98% or so of the population, which is not quite the same thing). This is effectively catering for 100% market share, and has to be installed irrespective of the market share they eventually hope to achieve. It's analogous to an airline investing in a fleet of planes sufficient to carry all the passengers who could ever use a particular route, which would obviously be uneconomic.

To earn a return on this potential 100% market infrastructure, the cellular operator will be desperate to achieve rapid and dominant penetration of the market.

Here's some speculation. Supposing a dominant and very rich telecomms supplier, who also had a cellular operation, decided to press really hard to get ahead of the competition, and achieve an equally dominant cellular market share to earn a return on all that capital invested in the infrastructure. It would be tempting to subsidise the cellular operation by offering extremely low call rates, so low that your less wealthy competitors couldn't match them. Of course, you couldn't do this, because the regulators would step in and slap you down for anti-competitive, predatory pricing. Fair enough.

However, supposing, just supposing, mind, you found a way to offer free calls by operating an insecure credit-card billing system, disguising the fact behind a smokescreen of so-called "fraudulent usage", you'd rapidly achieve a huge market share, as the word spread that users could get free calls by joining your network. You'd leave your competition in the dust!

You might even come across such a scheme by accident. If you did, you might, just might, be tempted to leave it in place for as long as possible, while you built market share, at the expense of your more fastidious competitors, and of course at the expense of the innocent people who were defrauded. That might not bother you too much, as the banks sort that sort of thing out, and everyone knows that credit card fraud is a fact of life. You'd probably make a series of public statements about this, and make promises that you were improving security, while keeping a weather-eye on the regulators, to make sure you kept your cellular licence.

Of course, this is pure speculation, and it's inconceivable that any self-respecting telecommunications company with a large investment in a cellular operator would knowingly stoop to such a practice.

Back to reality.

A strong strand of Cellnet's (and, to be fair, other pre-pay mobile operators') marketing for pre-pay phones is that there is no contract and no billing, and so they appeal particularly to users who, for one reason or another, can't get credit and/or don't want to reveal their home addresses. These customers often don't have credit cards either, so they are precisely the kinds of people who, from reason (1), would suit Cellnet down to the ground.

Other cellular operators have the good sense and civil responsibility to make additional checks on people pre-paying by credit card: the user has to fill in a form, and then only the specified card number(s) can be used. Cellnet took the easy option: no checks at all, no protection for the legitimate card holder.

Back to top

Credit Card Security: a primer

One's credit or debit card number and expiry date are readily available in plain view to anyone with whom one makes a credit card transaction, and are printed on the shop copy of the receipt. That's why virtually every time you use your card, it has to be backed up by your signature, your PIN or your name and address: just knowing the number is not enough. Except, that is, in Cellnet's case. All you need to top up a Cellnet pre-pay phone is a card number and its expiry date, as it says in their literature, so it doesn't take a genius to realise how easy it is to use such information fraudulently.

Cellnet's Culpability

It's arguable that Cellnet are a party to theft or fraud, by laying their system open to abuse, and doing nothing about it even after it has been brought to their attention, by (they admitted to me) over a hundred direct complainants to Cellnet, and countless others whose complaints had been dealt with by the credit card companies and banks. (This was back in February 1999, the number will be orders of magnitude higher by now).

Here's a pretty fair analogy of what Cellnet are doing in practice.

Supposing some well-known lock manufacturer decided to advertise and sell master keys that could open any lock, and people who bought these went round stealing from other people's houses. Could the lock manufacturer reasonably claim not to be a party to the theft? I don't think so.

When I confronted Cellnet with the accusation that they had stolen my money, they were quick to point out (it had obviously come up before) that it was the fraudulent phone user, not Cellnet, who had done so. I disagree. The fraudulent phone user has obtained call time from Cellnet, but Cellnet have taken real money from me. It's up to me to notice this on my statement, and convince my card issuer or bank to credit me, or I have lost the money.

Cellnet really hate being accused of stealing, by the way. They tried to bully one of my many e-mail correspondents out of using the word. Well, my Oxford English Dictionary defines "steal" as "take (property etc) without right or permission, esp. in secret with the intention of not returning it". Debiting someone's bank account without authority might reasonably be described as stealing, in common parlance, even if not in a strictly legal reading, as unless the victim notices the debit and succeeds in getting a refund from their bank, Cellnet obviously won't return the money. Cellnet's denial of this, not to mention their refusal to compensate the victim for collateral costs, just isn't good enough.

I asked whether Cellnet could at least identify which phone had been topped up with my card, so that I could perhaps identify the culprit or where he worked, such as in a shop, and make sure I didn't do business there again. After all, it could be someone local, and even someone well known to me. Cellnet said they couldn't do that, as even internally the data were not stored in such a way that the transaction could be traced back to a particular card/phone combination if it subsequently turned out to be fraudulent.

Q  Perhaps that's just an innocent oversight by Cellnet in their system?

Very unlikely. This kind of computerised credit card processing and bank authorisation software is written by only a handful of companies 1, who work to detailed and thorough specifications. They have to, for the system to work reliably : if there were any loose ends, or so-called "exceptions" had been overlooked, the program would be constantly crashing. No, you can take it that when the Cellnet system specification was drawn up, they made a conscious decision to allow any card to be used, without any verification other than the bank authorisation, and without any internal audit trail. It's known as cost/benefit analysis.

1  I've recently learned that a company in Hampshire who manufacture cellular telephone routing and billing systems declined to bid for Cellnet's business, though I don't know the precise reason.

Q  So why doesn't the bank authorisation prevent fraud?

Because at the time of the transaction, the card itself is valid, and the bank will authorise any payment against it, up to its credit limit. If it's on a hotlist (reported as stolen, for example) the bank's computer will reject the transaction there and then, but a valid card (such as one that the fraudster has just seen being used to buy something else) will go through.

It's only later, perhaps a month or more later, when (and if) the legitimate credit card holder spots the spurious item on his statement, that it can be challenged and eventually identified as a fraudulent transaction, and steps can be taken to refund the card holder. By then it's far too late to identify the phone that was topped up, so it can't be turned off.

Q  Didn't I read in the paper that Cellnet say they can prevent such phones from making calls?

They are being disingenuous. Of course they can turn off a phone, if they know its telephone number, for example if its credit runs out or it's reported stolen. However, they can't turn off a phone if they can't link its telephone number to a particular card transaction, as Cellnet admit is the case. The fraudulent phone user simply gets away with it, and since call time costs Cellnet hardly anything, they don't really care.

Q  OK, Cellnet's system is wide open, but surely this can happen with mail order, and so on?

Credit card fraud is common, but what makes the Cellnet model so safe for the fraudulent user is that neither I nor the Police can trace him, not even through Cellnet. This is in marked contrast to most forms of credit card fraud: in almost all other cases the fraudster must face his victim (in a shop, for example) and sign a slip; give a name and delivery address (telephone/mail order); or have the card with him (magnetic stripe reader in petrol pump, ticket machine and so on). If using the card in an ATM, a PIN is required. Cellnet have, uniquely as far as I know 2, chosen to set up a credit card operation in which none of these safeguards applies.

2   I learned from Barclaycard's Mail Order Fraud Manager ("DU") that there is another example of this practice in the industry, but for obvious reasons I'm not going to identify it.

If I spotted a spurious account item in favour of a shop or restaurant that had ripped me off, I'd know that one of their employees had probably done it, and what's more I'd know not to shop or eat there again. In the present case, however, the money is taken by Cellnet, but neither I nor they have any idea who the perpetrator was. I can't simply stop using Cellnet, as I don't use them anyway, so there is no such sanction open to me, and hence no incentive for Cellnet to tighten up their system. They can't lose me as a customer if I'm not already a customer.

In Cellnet's lax model, the fraudster doesn't even need to have seen his victim, or the card, he just needs to find the card number and expiry date, for example on a till receipt. They've just made it too easy. No wonder it's called "easylife": it's an easy life for Cellnet, and it's an easy life for the fraudster.

However, this is a disastrous combination for the legitimate card holder, of which Cellnet are well aware, but have cynically decided is in their own best interests. Thousands of legitimate card users are being inconvenienced by having to spot and challenge the fraudulent amounts and, as in my case, change their card account, with all the paperwork that that can entail. Those who don't spot the items are being permanently defrauded. This is clearly something Cellnet have designed into their business model, and are content to see happen.

I see this as a failure of Cellnet's Duty of Care to the public.

Q  Is it really so bad to have to change your card?

The cost and inconvenience in changing your credit card can be considerable. For example, many people have "continuous authority" payments set up on their accounts, to pay for things like insurance, car breakdown cover, and subscriptions. All these payees would have to be written to, to transfer the authority to the new card account, and it would be more than an irritation to find out at the roadside that one had been missed, and one's breakdown insurance had run out.

If your debit card (Switch, Delta) number is used fraudulently ("compromised", in the industry jargon) you don't even get the option not to pay that item on your monthly bill, as the money disappears out of your bank account immediately. You have to argue the transaction with your bank, and in the meantime you are out of pocket. I'm not sure whether the same consumer protection applies to debit cards as it does to credit cards, as they may well fall outside the very comprehensive consumer credit legislation which applies to the latter.

I have had several e-mails from victims whose bank accounts were taken overdrawn by unauthorised debits from Cellnet. This incurred overdraft charges, which neither the bank nor Cellnet would refund. In one case, a lady's weekend was ruined because she couldn't withdraw any cash to go shopping with friends (and to rub salt into the wound, her bank charged her 20 for the letter they wrote to tell her so). It's no joke, but Cellnet are completely unrepentant.

Q  But at least with your new card, you'd be safe?

If only. Since Cellnet won't be applying any protection to your new card details either, there's every chance that the same or another fraudster will do the same again. For all you know, your very first transaction with the new card may be with the person who's been ripping you off on the old one. This is precisely why it's so irresponsible for Cellnet not to identify their pre-pay phone users, by forcing them to register before they can pay over the air by simply keying in any old credit card number.

Q  What should happen to Cellnet?

Oftel should revoke Cellnet's Licence immediately in respect of these pre-pay mobiles, until they can demonstrate that they have put improved security measures in place for the protection of the general public. If this means that their pre-pay phones can no longer be topped up so easily, Cellnet will just have to compensate their customers for the inconvenience.

Cellnet should also refund double value to all the innocent parties whose accounts they have taken money from, and compensate them fully for any additional inconvenience as a result of, say, having to change their credit card accounts and set up new continuous authorities. Just a straight refund (i.e. belated return of the stolen goods) is not enough.

Q  Finally, why should we believe what you are saying?

Cellnet have never denied that what I say about the way their system works is true, though they have given some answers which are, at best, disingenuous, when questioned by me and the media. I have personally watched a brand new Cellnet phone being topped up, using only a card number and expiry date, without any security check whatever. I have carried out extensive research through the Internet's search engines and the user groups, and posted articles there, and have had a great deal of e-mail on the subject.

All the evidence I have found supports my argument. I have found no-one who disagrees with the accuracy of the points I am making. What's more, both Cellnet and their lawyers, Lovell White Durrant, have repeatedly visited these pages, and neither has seen fit to challenge their content.

I have full details on file of my conversations and correspondence with Barclaycard and Cellnet, and this can be published on the Web at a moment's notice. Apart from having an Orange phone and a BT line at home, I have no connection with any other telecomms company.

This is not a vendetta. I'm no longer even interested in compensation. I just want to stop Cellnet taking any more money from me, and from thousands of other people who don't even have a Cellnet phone.

Steve Pardoe (originally published 26/02/1999 and updated)
www.pardoes.com

Back to top


Website
©
Cellnet Home page E-mail to us if you have something to say about this!
[Cellnet fraud index page] [Site directory] [Home page] [E-mail us]