Steve Pardoe's Cellnet Précis Page

Minor update 24. March 2002

Main Cellnet Index page
Logotype of Telecom Securicor Cellular Radio Limited used here for the purposes of illustration and fair comment only. During the life of this campaign, Cellnet have changed their trading name to BT Cellnet. The two may be interpreted interchangeably in what follows.

BT Cellnet deliberately allow anyone to use anyone else's debit or credit card numbers to top up a pre-pay phone, with complete impunity. Cellnet simply take the money from the victim's bank or credit card account, without their authority, and with absolutely no identity check.

As a result, BT Cellnet have been making unauthorised debits from thousands of people's bank and credit card accounts, then cynically fobbing off their victims, and refusing point blank to compensate them for their loss and inconvenience. They also refuse to cooperate with victims, or the Police, in tracing the fraudulent phone user, leaving people exposed to repeated theft. Cellnet prefer instead to protect their dishonest customer. This page provides a summary of the appalling story (click if you really want to read all the detailed history and analysis), and links to more detailed pages.

E-mail us Please e-mail us at cellnet@pardoes.com if this has happened to you, or if you have something to say about this!


BT Cellnet have a disgracefully lax policy regarding credit card security. They deliberately set up their pre-pay systems in such a way that anyone can use anyone else's debit or credit card number to top up a "Pay & Go", "easylife" or "U" phone, with complete impunity. Cellnet then take the money from people's bank and credit card accounts, without any kind of authorisation from their victims. The problem was pointed out as long ago as January 1999, but Cellnet cynically decided to keep it going, despite frequent promises to the media that they would fix it. Cellnet happily accept a gift, or at least an interest free loan, belatedly returning the money only if victims notice the fraudulent debit, and are persistent enough to persuade their bank or credit card company to take action.

Cellnet's Head of Security, John Cross, appeared on BBC1's "Watchdog" programme on 17. February 2000 at the instigation of this website. He claimed to have improved Cellnet's credit card security, and to be cooperating with the police in tackling the fraudster, but the evidence is entirely to the contrary. Steve Pardoe was interviewed for Watchdog way back on 11. March 1999.

The mechanism by which Cellnet take this money is described in detail in our main story page, and has not been challenged. All that's needed to top up a Cellnet pre-pay phone are someone's credit or debit card numbers, and its expiry date. This information is in plain view to anyone with whom one makes a card transaction, and most of it is printed on the shop copy of the receipt, which of course stays in the till for the shop assistant to read at leisure. It's also given over the phone during mail order processing.

The card numbers are not secret, which is why virtually every time you use your card, it has to be backed up by your signature (in a shop), your PIN (at an ATM), or a delivery address (mail order); or at the very least, the card itself has to be presented (ticket machine). Just knowing the numbers is never enough, except, that is, in Cellnet's case. They admit that they deliberately made their system insecure, which might be excusable, were it not for the fact that they have refused to change it !

Cellnet could switch off their credit card top-up facility at any time, but they've made a commercial decision not to do so, as this would inconvenience users and risk losing market share.

It's interesting to contrast this cavalier attitude to security with Cellnet's Draconian reaction when they found that a very small proportion of their "Pay & Go" phones were being "chipped" to allow free calls to be made. They immediately cut off calls to India and Pakistan, then stopped all international calls; and later, it seems, they cut off calls to other mobile networks and premium rate numbers as well.

This serves to illustrate the arbitrary, unilateral and retrospective manner in which BT choose to change their services, and short-change the public, when it suits them; but choose not to do so when they themselves are not the victims. You will see other examples of BT Cellnet's appalling behaviour referred to on this website, and on that of the BBC and elsewhere. It's time they were brought to book.

My campaign

I got on the case after Cellnet (as they then were) took three amounts of 50 each from my Barclaycard in January 1999, charged because someone had used my card number to top up a Cellnet pre-pay mobile phone. Although Barclaycard eventually refunded me, Cellnet were unhelpful, obstructive and untruthful, and refused to apologise or compensate me, or give me any assurance that they wouldn't do it again. They refused to trace the phone or the fraudulent user. They told me that however much I complained, I would "get nothing out of Cellnet". That, at least, was true.

Understandably annoyed, I decided to investigate how the fraud had happened, by researching through the Internet, and talking to Cellnet employees, and to experts in the computer, banking and communications industries. What I discovered appalled me. I started this Web campaign in February 1999, and it has been extraordinarily successful in alerting the media. Within a few months I had appeared in, contributed to, or prompted several TV and radio programmes, and many articles in newspapers and in "Which?" magazine. BT Cellnet's shenanigans became the "consumer story of choice".

Our ISP server log records hundreds of hits each week (well over a thousand on occasion) and provides fascinating reading. Cellnet are frequent visitors to this site, downloading material (including personal items and pictures of my family, which is a little unnerving). They put their City lawyers, Lovell White Durrant, and their PR firm onto us as well, but none has yet seen fit to challenge the content of my campaign pages.

I have been scrupulous in researching the subject objectively, reporting only what I can substantiate, and commenting in a reasonable and fair manner. They may not like it, but if I simply expose the truth of what BT Cellnet are doing, it's a matter for them to change it. They shouldn't try to solve their PR problem by shooting the messenger.

Apart from thousands of personal visitors, the site has been popular with many "interested parties" in the printed and broadcast media, other UK and overseas cellular operators, Government departments and regulators, academic and financial institutions, and of course the credit card companies.

This PR disaster arises simply because Cellnet repeatedly took money from me without authority, and then refused point blank to compensate me, apologise, or promise not to do it again.

Bad call.

The campaign continued and the web site developed as I uncovered more information on the Internet user groups and as a result of e-mail correspondence. I'd like to thank those who have taken the trouble to write, and copied me with their own correspondence with Cellnet. This shows truly disgraceful behaviour by Cellnet in their cynical and dishonest treatment of their victims, many of whom, through absolutely no fault of their own, are defrauded and seriously inconvenienced. Cellnet remain completely unrepentant, and continue to fob off their victims and the media alike with disingenuous (and in many cases deliberately untruthful) PR. They refuse point blank to offer compensation, despite the fact that the damage to the innocent parties is entirely and deliberately caused by Cellnet. This is just plain shoddy.

I have carried my campaign to the regulators Oftel and the Office of Fair Trading and they, too, have fobbed me off. I know from industry insiders that APACS (the Association for Payment Clearing Services) and Barclaycard are very unhappy about the way in which Cellnet's Merchant Acquirer (who I believe are HSBC, formerly Midland Bank) have permitted Cellnet to bypass the normal industry safeguards for the consumer.

Cellnet fall back on a specious argument that their authorisation procedures have been agreed by the banks. This is disingenuous, because the authorisation they are referring to is that between Cellnet and their Merchant Acquirer, and is purely there to protect Cellnet against cards which are over their credit limit or on a hot list. It follows from the likely origin of card numbers fraudulently used that the cards themselves will be perfectly valid, it's just that the use of the card number to top up the fraudster's phone is not authorised. Cellnet don't actually care about that, since their Merchant Acquirer accepts the transaction, and Cellnet get the money.

Cellnet rely on this confusion over authorisation, and a public perception that credit card fraud is an inevitable fact of life, to fob off their victims, and, even more reprehensibly, to fob off the media. I have been disappointed by a tendency for some of the media to reproduce Cellnet's disingenuous PR uncritically as a substitute for investigative journalism.

Cellnet claim to be able to trace and turn off a phone which has been topped up fraudulently, and assist the Police in tracing the user, another PR spin widely swallowed by the media. You'll see from my own letter to and conversations with Cellnet's Head of Security and the Police that, in practice, this is simply not the case. Cellnet won't do anything unless they are told the telephone number of the phone used to perpetrate the fraud, something which only they and the fraudster know. Cellnet won't supply this information to the victim to assist a prosecution.

This attitude may seem illogical, but Cellnet don't actually want to turn off the illegally used phones, because that would lose market share, which is more important to them than a little lost revenue. Their cosy relationship with the fraudsters seriously obstructs justice, and denies the victim the chance to avoid repetition of the loss, since he can't identify the location of the theft and shop elsewhere.

What should happen to Cellnet?

Oftel and the Office of Fair Trading should review the case and should, in my view, revoke Cellnet's Licence until they can demonstrate that they really have put improved security measures in place for the protection of the general public (as opposed to more broken promises). If this means that their pre-pay phones can no longer be topped up so easily, Cellnet will just have to compensate their customers for the inconvenience.

Cellnet should also be forced to refund double value to all the innocent parties whose accounts they have taken money from, and compensate them fully for any additional inconvenience as a result of, say, having to change their credit card accounts, set up new continuous authorities, or pay overdraft charges. A belated and grudging refund of the money they've taken is not nearly enough.

Why should you believe what I am saying?

Cellnet have never denied that what I say about the way their system works is true, though they have given answers which are, at best, disingenuous, when questioned by me and the media. I have personally watched a brand new Cellnet phone being topped up, using only a card number and expiry date, without any security check whatever. I have carried out extensive research, and received an enormous amount of supportive e-mail, and copies of victims' correspondence with Cellnet.

Absolutely all the evidence I have found supports my argument. Over the three years or more that this site has been live, no-one has ever disputed the accuracy of the points I am making, apart from a couple of very minor differences of interpretation, which I've gladly clarified. Apart from having an Orange phone and a BT line at home, I have no connection with any other telecomms company.

This is not a vendetta. I'm no longer even interested in compensation. I just want to stop Cellnet taking any more money from thousands of people who don't even have a Cellnet phone ; confess their guilt ; and mend their ways.

Steve Pardoe
www.pardoes.com
December 1999, and minor updates since

Back to top


Website
©
Cellnet Home page E-mail to us if you have something to say about this!
[Cellnet fraud index page] [Site directory] [Home page] [E-mail us]