Steve Pardoe's Cellnet Pages
Letter to OFTEL (February 1999)

Logotype of Telecom Securicor Cellular Radio Limited
used here for the purposes of illustration and fair comment only

Cellnet index page

Cellnet are taking money from the credit card accounts of thousands of innocent people...   ...even though they haven't got a Cellnet phone!


This is a copy (re-formatted for the Web) of my e-mail letter sent to Mr Steve Clark at OFTEL - Consumer Representation Section [crs.oftel@gtnet.gov.uk] today; it starts with his reply to my previous message.

[It's "redacted", in this web release, to avoid making things too easy for the fraudster. Depending on Oftel's response, later releases of this page may include the details of how ridiculously easy it is (even easier than I thought, using exactly the same standards of honesty as Cellnet seem comfortable with) to get free calls for life, at Cellnet's expense]


Dear Mr Clark,
Thank you for your message.
You wrote:

-----Original Message-----
From: OFTEL - Consumer Representation Section
To: Steve Pardoe
Date: 23 February 1999 13:55
Subject: Re: Cellnet : irresponsible policy on credit card security

>Thank you for your e-mail, we will send you a full reply as soon as
>possible.

I think you need to move much more swiftly on this one! After further telephone and face to face contact with Cellnet personnel, correspondence with Barclaycard's Mail Order Fraud manager, and speaking to my expert personal contacts in the telecomms and banking systems industry, I find that Cellnet's business model is even more irresponsible and cynical than I had thought.

I warned you about this problem on 23/2/1999, but all I have had back is your brief acknowledgement. I have decided to go public, so I have informed The Independent Newspaper (where I have an editorial contact) and the BBC, and I have published details of the issue on the Internet newsgroups, and on my website at http://www.pardoes.com/everyone/cellnet1.htm

A copy of this present e-mail to Oftel will be posted on my website this afternoon, and advised to the media shortly afterwards. Oftel are going to look very silly if they are the last to react, when they were among the first to be informed. Since in order to to get my point across to you this letter necessarily shows how easy it is to perpetrate this kind of fraud, with complete anonymity and impunity, you may wish to acknowledge this letter and tell me what you are going to do about it, by e-mail or telephone, before 13:00 today Friday 26/02/1999.

In fact, I suggest you pick up the phone and call me on [phone number deleted] or preferably [phone number deleted] (mobile) as soon as you reach this paragraph.

I shall be on business abroad next week, by which time the information will be in the public domain. That will eventually be catastrophic for Cellnet, but they, like you, had their chance, twice.

Further background to the problem follows, with my respectful suggestions for what Oftel should do about it.

Regards,

Steve Pardoe
www.pardoes.com
[Address & phone numbers deleted]

Cellnet have charged three amounts of 50 each to my Barclaycard account, even though I have no Cellnet phone, and have never entered into any kind of contract with them. While Barclaycard have now cancelled my card and say that they will refund the money (together with a 50 gesture of goodwill), Cellnet's unhelpful and cynical response to my inquiries to them and point-blank refusal to compensate me have prompted me to look more deeply into the problem, so that something can be done about it.

I have full details on file of my conversations and correspondence with Barclaycard and Cellnet. I should point out that apart from having an Orange phone and a BT line at home, I have no connection with any other telecomms company.

I now know from my own research, and this is not denied by my informants within Cellnet, that Cellnet are well aware of the fact that thousands of innocent credit card holders have had money taken from their accounts by Cellnet, even though they haven't got a Cellnet phone.

What's worse, Cellnet have evidently made a high-level decision (one of my informants told me that he reports directly to their Managing Director) that this policy is sustainable, as (in my interpretation) their losses are an acceptable proportion of the profits they make on calls. The fact that a proportion of these losses is borne by people whose card accounts they debit without authority, and who may not even notice, is apparently something they regard as a side issue.

This has gone far enough. I can't stand by and watch a major operator such as Cellnet taking thousands (perhaps by now millions) of pounds from people like me, who have no Cellnet phone and no contract of any kind with Cellnet. I have also heard of a case where a customer did have a Cellnet phone, but was getting far more charges on his account than he was making himself. How on earth was he supposed to sort that out?

You might think that Cellnet would have an incentive to stop this practice, but a moment's thought shows two reasons why this business model suits them so well.

(1) A plausible reason: Limited Downside

Clearly, when a dispute is raised, Cellnet will eventually have to refund the card issuer, but in the meantime they've had an interest free loan, and after all, Cellnet's true marginal cost of providing call time is virtually zero (almost all their costs relate to the infrastructure) so they are losing very little real money even then. You can see this from the generous call time offers they make, for example, for filling in a marketing questionnaire.

This trifling loss is vastly outweighed by the profit they make on the calls which are properly paid for (or are paid for by other people who don't both notice and successfully challenge the fraudulent items on their credit card statements). It's a nice revenue stream for Cellnet : their absolute worst case downside is they get an interest free loan, before eventually having to refund the money. Can you imagine what would happen in society if the worst case penalty for all forms of credit card theft was a belated return of the stolen goods?

(2) The real reason: Marketing Edge

A strong strand of Cellnet's (and, to be fair, other pre-pay mobile operators') marketing for pre-pay phones is that there is no contract and no billing, and so they appeal particularly to users who, for one reason or another, can't get credit and don't want to reveal their home addresses. These customers often don't have credit cards either, for obvious reasons, so they are precisely the kinds of people who [Section deleted here to avoid causing unnecessary offence].

Credit Card Security

One's credit card number and expiry date are readily available in plain view to anyone with whom one makes a credit card transaction. It doesn't take a genius to realise how easy it then is to use this information to top up a Cellnet pre-pay phone. Suppose you...

[Section deleted here to avoid making things too easy for the fraudster]

...Bingo! free calls for ever.

The real weakness, which Cellnet admit to but are apparently happy with, is that...

[Section deleted here to avoid making things too easy for the fraudster]

As it becomes widely known that it's so easy to defraud innocent parties by using a Cellnet phone, sales will soar, and so long as Cellnet are getting an acceptable percentage of the net legitimate revenues, why should Cellnet care?

Cellnet's Culpability

I think it may even be arguable that Cellnet have been a party to theft or fraud, by laying their system open to abuse, and doing nothing about it even after it had been brought to their attention, by (they admitted to me) over a hundred direct complainants to Cellnet, and countless others whose complaints had been dealt with by the credit card companies. When I confronted Cellnet with this accusation, they were quick to point out (it had obviously come up before) that it was the fraudulent phone user, not Cellnet, who had stolen my money. I disagree. The fraudulent phone user has stolen air time from Cellnet, but Cellnet have stolen money from me. It's up to me to notice this on my statement and convince my card issuer to credit me, or I have lost the money.

Why it's so dangerous

Credit card fraud is common, but what makes the Cellnet model so safe for the fraudulent user is that neither I nor the Police can trace him, not even through Cellnet. This is in marked contrast to most forms of credit card fraud: in almost all other cases the fraudster must face his victim (in a shop, for example), give an address (telephone/mail order) or have the card with him (magnetic stripe reader in petrol pump, ticket machine and so on). Cellnet have, uniquely as far as I know, set up an irresponsibly lax credit card operation in which none of these safeguards applies, and are using it to run a business deliberately marketed at people who wish to remain anonymous and/or are bad credit risks.

This is a disastrous combination for the legitimate card holder, of which Cellnet are well aware but have cynically decided is in their own best interest as a business model. The fact that thousands of legitimate card users are being at the very least inconvenienced (by having to spot and challenge the fraudulent amounts and, as in my case, change their card account with all the paperwork that that can entail) and in many cases are permanently defrauded, is apparently something they are comfortable to permit to happen. I see this as a failure of Cellnet's Duty of Care to the public.

Action this day

Do something, Oftel! Cellnet's Licence should be revoked immediately in respect of these pre-pay mobiles, until they can demonstrate that they have put improved security measures in place for the protection of the general public. If this means that their pre-pay phones can no longer be topped up, Cellnet will just have to repurchase them all, and compensate their customers for the inconvenience. Cellnet should also refund double value to all the innocent parties whose accounts they have taken money from. Finally, since Cellnet are, by continuing to operate such a scheme after its weakness has been brought to their attention, arguably accessories to fraud, a criminal prosecution of Cellnet should be considered.

Failing that?

If Oftel won't act, the public can. The punishment should fit the crime. I therefore think it would, in principle, serve Cellnet right if...

[Section deleted here to avoid making things too easy for the fraudster]

...forcing Cellnet to refund them, time after time, as a direct consequence of their lax security.

Barclaycard's Mail Order Fraud Manager has told me that...

[Section deleted here to avoid making things too easy for the fraudster]

...I can't condone such action, which is clearly immoral and illegal, but it is absolutely foolproof, and there is unlikely to be any comeback on the card holder. If enough people do this, Cellnet will be out of the pre-pay business.

You can believe me

I have full details on file of my conversations and correspondence with Barclaycard and Cellnet. Apart from having an Orange phone and a BT line at home, I have no connection with any other telecomms company.

S.J. Pardoe 26/02/1999
www.pardoes.com

[END]

Back to main Cellnet page


Website
©
Cellnet Home page E-mail to us if you have something to say about this!
[Cellnet fraud index page] [Site directory] [Home page] [E-mail us]