Steve Pardoe's Cellnet Pages
Telephone conversation with Mr John Cross, BT Cellnet's Head of Security

Logotype of Telecom Securicor Cellular Radio Limited
used here for the purposes of illustration and fair comment only

Cellnet Index page

Cellnet are taking money from the credit card accounts of thousands of innocent people...   ...even though they haven't got a Cellnet phone!


This page covers a telephone conversation on Thursday 16. December 1999 between Steve Pardoe and John Cross, BT Cellnet's Head of Security, on (Slough) 01753 565 000. It followed Mr Cross's appearance on a BBC TV programme the previous evening, and Cellnet's unauthorised debit of 30 from the Company Barclaycard account of one of my colleagues on 18. November (that makes two of us, out of a staff of 26).

My colleague took the matter up with Barclaycard, who sent him in circles from one department to another ; fortunately, he's better informed than the typical victim of Cellnet's third party fraud, so he also rang Cellnet. They said that security had now been improved, but when asked to explain how registration of credit cards took place to improve security, the Cellnet person at first said he didn't know, and then resorted to saying, "All I can say is what I have been told to say in relation to the specific problem you have had".

Since I'm the Managing Director of the company from whose account Cellnet took these funds, I felt justified in telephoning Mr Cross directly, to ask him to comment on the security implication of this fraud, and to ask what steps were being taken to stamp it out, and whether Cellnet would offer any compensation or apology.

What follows is my summary of the conversation.

To his credit, Mr Cross took my call immediately and was very polite, but unfortunately he said he wasn't prepared to give me any information, since, as he put it, he didn't know who I was. I asked what difference it made who I was: my company was a victim of their fraud, and I wanted to get to the bottom of it, and in particular to find out what they were doing about it. I pointed out that Cellnet had made repeated statements about improved security to the media, but had done nothing about it, as demonstrated by the fact that 30 had been taken from one of our card accounts as recently as 18. November.

Mr Cross said that it was not correct to say that they had done nothing about improving security, but he refused point blank to say what had been done. He said that their policy was to refer all such enquiries to the banks, claiming that this was what the banks themselves required. He stated more than once that the relationship was between the customer [presumably meaning Cellnet's fraud victim, who is probably not a Cellnet customer] and the "customer's" bank [that is, the card issuer] and that Cellnet would not get involved.

I asked whether they would get involved to the extent of helping to identify the user of the phone that had been topped up, and he said that this would be a matter for the bank and the Police, falling back on not knowing the facts of the individual case and whom he was talking to. I asked whether Cellnet could in practice identify which phone was being used, and the identity of the user, but he wouldn't comment on this, beyond saying that since Cellnet don't know who has the phone, they can't identify the user. When I tried to get Mr Cross to clarify their registration procedure, the basis of Cellnet's claims to have improved security, he refused to discuss it at all, and said that he'd like to end the conversation.

I pressed the point about the Police, and Mr Cross said that Cellnet would cooperate with the Police if a victim asked the Police to prosecute, and the Police then logged the crime and investigated it [my words].

[In fact, I know from correspondence that the Police are unwilling to try to detect these crimes, as the location of the crime isn't clear, and (as has been reported to me) there is technically no fraud if the offence is against a machine (Cellnet's or the bank's computer) rather than a person. I find this attitude incomprehensible, and I shall now pursue this matter with our local Police here in Northwich, to test the extent to which they will act and Cellnet will cooperate. I don't expect a rapid outcome].

21/12/1999: as Mr Cross suggested, I have now contacted the Police. You can see what happened here.

I asked Mr Cross whether Cellnet were prepared to apologise to or compensate me, as one of their victims, and he again stated categorically that this is a matter for the banks. He repeated that he was not prepared to discuss it with me, as he didn't know my identity. At this point, I asked him whether he was aware of my website at www.pardoes.com. He said he was now, and I invited him to visit it, and told him that my report of this conversation would be on the server by the same time the next day. I also asked him to respond by e-mail if he had any comments to make, which invitation I extend to you here, Mr Cross:

E-mail us cellnet@pardoes.com

I look forward to hearing from you. If there is anything in the foregoing to which you can reasonably take exception, I shall be delighted to correct it at the earliest opportunity.


Website
©
Cellnet Home page E-mail to us if you have something to say about this!
[Cellnet fraud index page] [Site directory] [Home page] [E-mail us]