Steve Pardoe's Cellnet Pages
"Mobile News", 26. June 2000

Logotype of Telecom Securicor Cellular Radio Limited
used here for the purposes of illustration and fair comment only

This edition 6/9/2000, new item from Computer Weekly

Cellnet are taking money from the credit card accounts of thousands of innocent people...   ...even though they haven't got a Cellnet phone!

Images and text © Mobile News, reproduced by permission. Apologies for the poor reproduction here

This substantially updated page comments on a second article in the influential fortnightly trade magazine "Mobile News" of 26. June 2000 (p26). Stuart McWilliam separately interviewed Steve Pardoe and Mr John Cross, BT Cellnet's Head of Security, for a feature article. At 3½ illustrated A3 pages, it was the largest item in the magazine: the first two pages covered this campaign, and a further page and a half gave Mr Cross a chance to respond.

Later in this page there are two questions for Mr Cross. Perhaps "Mobile News" or another channel would like to ask them of him.

Correspondence is still coming in, so please bookmark this page and call back.

You can access electronic versions of this and a previous article about our web campaign on the Mobile News website, in the archive section (search for "pardoe"); and you can see other media exposure of Cellnet's disgraceful behaviour on our Media page.

In my opinion, a number of the statements attributed to Mr Cross in the article are seriously misleading. In what follows, I am commenting on the basis that he has been faithfully quoted in the article, which is by no means a certainty, as there were some errors in the presentation of my own conversation with Stuart McWilliam on the preceding pages.

Our phone conversation (singular)

Mr Cross's description of our phone conversation is at variance with my notes of it, and indeed he tries to give the impression that we have had a number of conversations and an ongoing discussion of the issues, when in fact there has only been one conversation, during which he was careful to tell me virtually nothing I didn't know already.
  Actually, I don't need correct this, since Mr Cross does so himself. He states in the article, "We have done an awful lot to beef up the security of credit card transactions, all of which Mr Pardoe is aware of. He's been told on a number of occasions what is different now to a year ago".
  As I've said, this is rubbish, but a few paragraphs further on, Mr Cross is quoted as saying, with reference to his conversation with me, "For that reason, and many others, I was absolutely not prepared to go into detail about his case or any of the security changes that we have been making".
  Thank you for that clarification, then, Mr Cross.

The Police

Mr Cross's reference to my dealings with the Police is just plain wrong. He states, "If a police officer, representing Mr Pardoe's complaint gets in touch with us, he will get exactly the same level of cooperation as we give to any police officer who phones up with any complaint. All of this advice has been given to Mr Pardoe".
  Apart from the widespread experience of victims that "exactly the same level of cooperation" means "no cooperation at all", if Mr Cross "sees no evidence", I suggest he re-reads my letter to him of 28. January 2000, which was sent by recorded delivery and has also been downloaded from our website by BT Cellnet. In it, I described my experience with the Police, and referred him to our Police web page, which BT downloaded on 24. May (for example); and he could also talk to his lady colleague "S", in "customer services", whom I spoke to about this shortly after my conversation with him.

Commercial advantage v. security

A remarkably revealing feature of the article is Mr Cross's repeated reference to security decisions being based on commercial factors, rather than good practice or civil responsibility. For example, he says, "I have said to Mr Pardoe [he hasn't, by the way] that the only way in which we can do anything about third parties having access to the credit card process is to stop accepting credit cards. If we do that, the other networks will continue to accept the cards which will put us at a severe commercial disadvantage".

Hang on a minute, what is he saying? That John Cross, Head of Security at the largest telecomms operator in the land, can't devise a method of processing secure card transactions without putting Cellnet at "a severe commercial disadvantage"? Mr Cross chaired a conference on the subject in January, and claims in the article that "all four networks have a major initiative in progress with the banking industry led by me". When it comes to protecting the innocent cardholder, the other networks have far better security systems than he does (see the recent e-mail from a senior bank official in our correspondence page; and statements by APACS, Visa and others), so why can't he use his vaunted position to learn something from them?

"Commercial disadvantage", indeed. The thousands of victims whom his system allows to be cheated out of their hard-earned cash might wonder whether a network wholly owned by a near-monopoly landline operator making a profit of more than 100 a second needs much more "commercial advantage" at their expense. One for Oftel, I think.

Next, Mr Cross says, "Registration is a red herring. I can demonstrate that to you, but I won't because if I were to do so, it would be to the other networks' advantage". Heaven forfend that Cellnet's security matters should be "to the other networks' advantage".

What's more, this is another contradictory remark. Computer Weekly magazine of 12. August 1999 carried a piece of BT Cellnet PR, as follows:

"BT Cellnet is to insist that all new purchasers of its pay-as-you-go phones will have to supply their name, address, and the details of the credit card they will use to buy new units for their phone. Stolen credit cards or numbers have been widely used to buy BT Cellnet minutes".

So, er, BT Cellnet's policy on registration is...?

Mr Cross goes on, "What we have behind the scenes... as good as it gets". [...] "I have explained to Mr Pardoe [he hasn't, by the way] that we check and test every procedure we adopt and we do not adopt it until we are totally satisfied". Well, if Mr Cross is "totally satisfied" by his present system, he's easily pleased.

I'm disappointed that Mr Cross has given such a misleading impression of his (one) dealing with me, in order to fudge the issues and denigrate my campaign by implying that it's out of date, and irrelevant to the true situation. He could have made his points without resorting to that. However, I'm not going to walk away from this.

"The only thing necessary for the triumph of evil is for good men to do nothing".
- Edmund Burke

Mr Cross also states in the article that I use "emotive terms" (and that this is something being considered by BT Cellnet's "legal and regulatory people"). He says he'd like me to remove these terms from our web site; so, as a gesture of my good faith, I've done so (except where they are used in existing correspondence, since I can't rewrite history). I don't need to exaggerate to win my argument, and I'm sorry if my language has been intemperate.

I have consistently invited Mr Cross and BT Cellnet to refute any specific statement made on this site which they consider to be materially incorrect, but neither they, nor anyone else in the industry, has done so. The BBC and other media have carried out their own research, including the purchase and top-up of Cellnet phones, and interviewing other fraud victims, to test the validity of my claims, and have corroborated them in broadcasts and the press.

The invitation remains : show me what is wrong, and I will gladly change it, because, unlike Cellnet, I don't need to rely on disingenuous PR to support my argument. It's up to Cellnet to solve their fraud problem and act honourably, not to shoot the messenger because they are embarrassed by bad publicity. In the meantime, the 6,250 named readers of "Mobile News" in the UK mobile communications industry can make up their own minds about whom they believe.

Here are two very simple questions for Mr Cross. Perhaps "Mobile News" or another channel would like to ask them of him.

Q1. "Nearly 18 months after I drew Cellnet's and (then) the media's attention to the matter, is it, or is it not, still possible to top up a Cellnet pre-pay mobile phone, at least once, by simply keying in the numbers on a credit or debit card, without the authority of the card owner, without talking to an operator, without giving a name or address, without using a password or a PIN, and without even having had possession of the card?"

[Hint : A1. Yes, it is still possible. This fundamental loophole in BT Cellnet's security remains open, as BBC1's "Hard Cash" and "Watchdog", and other programmes and publications, have proved for themselves].

Q2. "What would happen if millions of Cellnet pre-pay phone customers took advantage of this loophole, and simply used their own card details to top up their phones, but then...?" [I won't elaborate here: if Editors wish to, please e-mail me. I shan't promote, and can't condone, the next step; but I've discussed it with Barclaycard, and it will definitely work. I'm sure it must be Mr Cross's worst nightmare].

[Hint : A2. Cellnet have no authority from the card owner to debit these cards, so the banks, and in turn BT Cellnet, would be forced to refund every single transaction. Cellnet's revenue stream would dry up, and they would be out of the mobile business. One presumes that Mr Cross has brought this to the BT Main Board's attention].

Scary thought, why on earth would BT Cellnet risk that?

It's simple enough. BT Cellnet are prepared to run this frightening commercial risk because they have a parent richer than Croesus, and believe they have a Divine right to whatever market share they can grab. A number of correspondents have remarked on BT Cellnet's breathtaking arrogance, and the nauseating manner in which they flaunt what Oftel refer to as their "market power", now that the moderating influence of Securicor has been bought out. I think it's time they saw which way the wind's blowing.

If you're a Cellnet victim, or have read the article and would like to comment on it, or on my discussion of it, please e-mail me. I can't promise to reply in detail to every one (we get hundreds), but all will be acknowledged.

E-mail us

Click to read in detail the background to all this in our main Cellnet fraud story page, return to the Cellnet index page, or go to the top of this page.

Cellnet Index page Home page E-mail to us if you have something to say about this!
[Cellnet fraud index page] [Site directory] [Home page] [E-mail us]